From cd999b41f922cfbc71aae6c375f0971b9f29996c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 18:59:48 +1100 Subject: [PATCH 001/218] config --- inc/config.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/config.php b/inc/config.php index 0fce2593..529fd6eb 100644 --- a/inc/config.php +++ b/inc/config.php @@ -98,6 +98,9 @@ define('POST_URL', ROOT . 'post.php', true); define('FILE_INDEX', 'index.html', true); define('FILE_PAGE', '%d.html', true); + + // Multi-board (%s is board abbreviation) + define('BOARD_PATH', '%s', true); // Automatically convert things like "..." to Unicode characters ("…") define('AUTO_UNICODE', true, true); From 27cc4af33a526ca56f9bd648e20c5669b4775139 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:12:35 +1100 Subject: [PATCH 002/218] boards --- inc/config.php | 6 ++++-- inc/functions.php | 8 +++++--- post.php | 5 ++++- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 529fd6eb..eeab72de 100644 --- a/inc/config.php +++ b/inc/config.php @@ -70,7 +70,6 @@ define('ALLOW_ZIP', false, true); define('ZIP_IMAGE', 'src/zip.png', true); - /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( @@ -88,7 +87,7 @@ define('DIR_RES', 'res/', true); // The root directory, including the trailing slash, for Tinyboard. - // examples: '/', '/board/', '/chan/' + // examples: '/', 'http://boards.chan.org/', '/chan/' define('ROOT', '/', true); // If for some reason the folders and static HTML index files aren't in the current working direcotry, @@ -101,6 +100,9 @@ // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s', true); + + // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) + define('BOARD_ABBREVIATION', '/%s/', true); // Automatically convert things like "..." to Unicode characters ("…") define('AUTO_UNICODE', true, true); diff --git a/inc/functions.php b/inc/functions.php index 4e03a531..ff568e30 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -25,10 +25,11 @@ } function post($post, $OP) { - global $sql; + global $sql, $board; if($OP) { mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $board['id'], $post['subject'], $post['email'], $post['name'], @@ -51,7 +52,8 @@ return mysql_insert_id($sql); } else { mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + $board['id'], $post['thread'], $post['subject'], $post['email'], diff --git a/post.php b/post.php index cbd6da59..3e4e6934 100644 --- a/post.php +++ b/post.php @@ -8,10 +8,13 @@ require 'inc/config.php'; require 'inc/user.php'; + // For example, we're on /b/ $board = Array( - 'url' => '/b/', + 'id' => 1, + 'uri' => 'b', 'name' => 'Beta', 'title' => 'In development.'); + $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); $body = ''; From 6f5966e38031557ca8b37905b594ed6541cb8a65 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:14:00 +1100 Subject: [PATCH 003/218] config comments --- inc/config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/config.php b/inc/config.php index eeab72de..83af50f8 100644 --- a/inc/config.php +++ b/inc/config.php @@ -102,6 +102,7 @@ define('BOARD_PATH', '%s', true); // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) + // BOARD_ABBREVIATION - BOARD_TITLE define('BOARD_ABBREVIATION', '/%s/', true); // Automatically convert things like "..." to Unicode characters ("…") From 4dc13a3a92f711900a61335256f97f465a5067dd Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:21:06 +1100 Subject: [PATCH 004/218] Fixed bug causing templates to fail after a chdir() --- inc/config.php | 4 +++- inc/template.php | 2 +- post.php | 6 +++++- test.php | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index 83af50f8..dbb9bbd6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -85,7 +85,9 @@ define('DIR_IMG', 'src/', true); define('DIR_THUMB', 'thumb/', true); define('DIR_RES', 'res/', true); - + + define('DIR_TEMPLATE', getcwd() . '/templates', true); + // The root directory, including the trailing slash, for Tinyboard. // examples: '/', 'http://boards.chan.org/', '/chan/' define('ROOT', '/', true); diff --git a/inc/template.php b/inc/template.php index 95fa2ff7..ff65c0c3 100644 --- a/inc/template.php +++ b/inc/template.php @@ -8,7 +8,7 @@ // Standard configuration // // Folder where the template files are kept - $templateDir = './templates'; + $templateDir = DIR_TEMPLATE; // // Enable global things like %gentime, etc. $templateGlobals = true; diff --git a/post.php b/post.php index 3e4e6934..4458164c 100644 --- a/post.php +++ b/post.php @@ -1,11 +1,11 @@ 'b', 'name' => 'Beta', 'title' => 'In development.'); + $board['dir'] = sprintf(BOARD_PATH, $board['uri']); $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); + if(!file_exists($board['dir'])) mkdir($board['dir'], 0777); + chdir($board['dir']); + $body = ''; // Fix for magic quotes diff --git a/test.php b/test.php index 06249c38..3e50443a 100644 --- a/test.php +++ b/test.php @@ -3,10 +3,10 @@ require 'inc/functions.php'; require 'inc/display.php'; - require 'inc/template.php'; if (file_exists('inc/instance-config.php')) { require 'inc/instance-config.php'; } + require 'inc/template.php'; require 'inc/config.php'; require 'inc/user.php'; From c3178f7ab468afbe478ad0415b75ed3914f2742c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:22:23 +1100 Subject: [PATCH 005/218] comment --- inc/config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/config.php b/inc/config.php index dbb9bbd6..ca687da6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -86,6 +86,7 @@ define('DIR_THUMB', 'thumb/', true); define('DIR_RES', 'res/', true); + // Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown. define('DIR_TEMPLATE', getcwd() . '/templates', true); // The root directory, including the trailing slash, for Tinyboard. From f4ccafe1db765703c00ba7859836903247b6a4a7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:25:50 +1100 Subject: [PATCH 006/218] Minor bug with posts not containing files --- post.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/post.php b/post.php index 4458164c..ca8132ba 100644 --- a/post.php +++ b/post.php @@ -188,8 +188,10 @@ } // Remove DIR_* before inserting them into the database. - $post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); - $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); + if($post['has_file']) { + $post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); + $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); + } // Todo: Validate some more, remove messy code, allow more specific configuration From 60886aa0d3ccdc7770bae184b2f8a370c5be7f9e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:26:31 +1100 Subject: [PATCH 007/218] minor bug --- post.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.php b/post.php index ca8132ba..b3842604 100644 --- a/post.php +++ b/post.php @@ -201,7 +201,7 @@ $id = post($post, $OP); - if($post['zip']) { + if($post['has_file'] && $post['zip']) { // Open ZIP $zip = zip_open($post['zip']); // Read files From 5719bcc2f05cc6ea12ab69d464d55de00121a395 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:31:52 +1100 Subject: [PATCH 008/218] chmod directories to 777 by default --- inc/config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index ca687da6..4f9617d5 100644 --- a/inc/config.php +++ b/inc/config.php @@ -131,8 +131,8 @@ chdir(ROOT_FILE); } if(!defined('IS_INSTALLATION')) { - if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); - if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); - if(!file_exists(DIR_RES)) @mkdir(DIR_RES) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); + if(!file_exists(DIR_RES)) @mkdir(DIR_RES, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); } ?> \ No newline at end of file From a1039adb5024138c19aad411068c309d1b4a25d9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:36:36 +1100 Subject: [PATCH 009/218] INDEX_FILE in config.php --- inc/config.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 4f9617d5..e6fd6d21 100644 --- a/inc/config.php +++ b/inc/config.php @@ -101,8 +101,10 @@ define('FILE_INDEX', 'index.html', true); define('FILE_PAGE', '%d.html', true); + define('INDEX_FILE', 'index.html', true); + // Multi-board (%s is board abbreviation) - define('BOARD_PATH', '%s', true); + define('BOARD_PATH', '%s/', true); // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) // BOARD_ABBREVIATION - BOARD_TITLE From 25bc80d9abeb0c7b67ed5856eee7fd532d3310e5 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:37:06 +1100 Subject: [PATCH 010/218] Disregard. --- inc/config.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index e6fd6d21..109e99e9 100644 --- a/inc/config.php +++ b/inc/config.php @@ -101,8 +101,6 @@ define('FILE_INDEX', 'index.html', true); define('FILE_PAGE', '%d.html', true); - define('INDEX_FILE', 'index.html', true); - // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s/', true); From 36b9b07156f217eda468b1370162c497b97f07ff Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:55:51 +1100 Subject: [PATCH 011/218] Page number display fix. --- templates/index.html | 2 +- templates/thread.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/index.html b/templates/index.html index bc946db1..1f459483 100644 --- a/templates/index.html +++ b/templates/index.html @@ -68,7 +68,7 @@
{body} Pages: {pages: - {pages[num]} + [{pages[num]}]{!%last? } }

Copyright © 2010 OmegaSDG

diff --git a/templates/thread.html b/templates/thread.html index bd1fca57..2fb7a487 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -11,7 +11,7 @@

{board[url]} - {board[name]}

{board[title]}
- +
From ec5b31455767f33b2b89604f21978ddb04d0c558 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:57:16 +1100 Subject: [PATCH 012/218] Commented out no-longer-needed code --- inc/config.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 109e99e9..bb130bc4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -125,14 +125,33 @@ define('ALWAYS_NOKO', false, true); - define('URL_MATCH', '/^' . (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . '(' . preg_quote(ROOT, '/') . '|' . preg_quote(ROOT, '/') . '' . preg_quote(FILE_INDEX, '/') . '|' . preg_quote(ROOT, '/') . '' . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/', true); + define('URL_MATCH', '/^' . + (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . + '(' . + preg_quote(ROOT, '/') . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + '|' . + preg_quote(ROOT, '/') . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + preg_quote(FILE_INDEX, '/') . + '|' . + preg_quote(ROOT, '/') . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . + ')$/', true); + var_dump(URL_MATCH); if(ROOT_FILE) { chdir(ROOT_FILE); } + + /* + Multi-board support removes any use for this. + if(!defined('IS_INSTALLATION')) { if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); if(!file_exists(DIR_RES)) @mkdir(DIR_RES, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); } + */ ?> \ No newline at end of file From e9e854829bd8b171169e9fe30a1fed98611a7f83 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:57:32 +1100 Subject: [PATCH 013/218] Multi-board support. --- inc/functions.php | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index ff568e30..aac390fc 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -85,15 +85,21 @@ $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); sql_open(); - $query = mysql_query('SELECT * FROM `posts` WHERE `thread` IS NULL ORDER BY `bump` DESC LIMIT ' . $offset . ',' . THREADS_PER_PAGE, $sql) or error(mysql_error($sql)); + $query = mysql_query(sprintf( + "SELECT * FROM `posts` WHERE `thread` IS NULL AND `board` = '%d' ORDER BY `bump` DESC LIMIT %d,%d", + $board['id'], + $offset, + THREADS_PER_PAGE + ), $sql) or error(mysql_error($sql)); + if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = mysql_fetch_array($query)) { $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename']); $newposts = mysql_query(sprintf( "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", - $th['id'], - THREADS_PREVIEW + $th['id'], + THREADS_PREVIEW ), $sql) or error(mysql_error($sql)); if(mysql_num_rows($newposts) == THREADS_PREVIEW) { $count_query = mysql_query(sprintf( @@ -120,7 +126,7 @@ } function buildIndex() { - global $sql; + global $sql, $board; sql_open(); $res = mysql_query("SELECT COUNT(`id`) as `num` FROM `posts` WHERE `thread` IS NULL", $sql) or error(mysql_error($sql)); @@ -129,7 +135,7 @@ $pages = Array(); for($x=0;$x<$count && $x $x+1, 'link' => $x==0 ? ROOT . FILE_INDEX : ROOT . sprintf(FILE_PAGE, $x+1)); + $pages[] = Array('num' => $x+1, 'link' => $x==0 ? ROOT . $board['dir'] . FILE_INDEX : ROOT . sprintf(FILE_PAGE, $x+1)); } mysql_free_result($res); @@ -138,12 +144,12 @@ $page = 1; while($page <= MAX_PAGES && $content = index($page)) { - $filename = $page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page); + $filename = $board['dir'] . ($page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page)); if(file_exists($filename)) $md5 = md5_file($filename); $content['pages'] = $pages; @file_put_contents($filename, Element('index.html', $content)) or error("Couldn't write to file."); - + if(isset($md5) && $md5 == md5_file($filename)) { break; } @@ -187,7 +193,7 @@ $result = mysql_query(sprintf("SELECT `thread`,`id` FROM `posts` WHERE `id` = '%d'", $cite), $sql); if($post = mysql_fetch_array($result)) { - $replacement = '>>' . $cite . ''; + $replacement = '>>' . $cite . ''; } else { $replacement = ">>{$cite}"; } @@ -276,7 +282,7 @@ } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'])); } - @file_put_contents(DIR_RES . $id . '.html', Element('thread.html', Array('button'=>BUTTON_REPLY, 'board'=>$board, 'body'=>$thread->build(), 'post_url' => POST_URL, 'index' => ROOT, 'id' => $id))) or error("Couldn't write to file."); + @file_put_contents($board['dir'] . DIR_RES . $id . '.html', Element('thread.html', Array('button'=>BUTTON_REPLY, 'board'=>$board, 'body'=>$thread->build(), 'post_url' => POST_URL, 'index' => ROOT, 'id' => $id))) or error("Couldn't write to file."); } mysql_free_result($query); } From 4f6160f2421add6d3d708185e87a679d43a8bd79 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:57:42 +1100 Subject: [PATCH 014/218] Multi-board support. --- post.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/post.php b/post.php index b3842604..64df1d45 100644 --- a/post.php +++ b/post.php @@ -18,7 +18,9 @@ $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); if(!file_exists($board['dir'])) mkdir($board['dir'], 0777); - chdir($board['dir']); + if(!file_exists($board['dir'] . DIR_IMG)) mkdir($board['dir'] . DIR_IMG, 0777); + if(!file_exists($board['dir'] . DIR_THUMB)) mkdir($board['dir'] . DIR_THUMB, 0777); + if(!file_exists($board['dir'] . DIR_RES)) mkdir($board['dir'] . DIR_RES, 0777); $body = ''; @@ -105,8 +107,8 @@ if($post['has_file']) { $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); $post['file_id'] = rand(0, 1000000000); - $post['file'] = DIR_IMG . $post['file_id'] . '.' . $post['extension']; - $post['thumb'] = DIR_THUMB . $post['file_id'] . '.png'; + $post['file'] = $board['dir'] . DIR_IMG . $post['file_id'] . '.' . $post['extension']; + $post['thumb'] = $board['dir'] . DIR_THUMB . $post['file_id'] . '.png'; $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); } @@ -125,7 +127,7 @@ // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; // Move the uploaded file - if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + if(!move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); if($post['zip']) { // Validate ZIP file @@ -189,8 +191,8 @@ // Remove DIR_* before inserting them into the database. if($post['has_file']) { - $post['file'] = substr_replace($post['file'], '', 0, strlen(DIR_IMG)); - $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen(DIR_THUMB)); + $post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . DIR_IMG)); + $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); } // Todo: Validate some more, remove messy code, allow more specific configuration @@ -225,8 +227,8 @@ 'filename' => $filename ); - $dump_post['file'] = DIR_IMG . $dump_post['file_id'] . '.' . $extension; - $dump_post['thumb'] = DIR_THUMB . $dump_post['file_id'] . '.png'; + $dump_post['file'] = $board['dir'] . DIR_IMG . $dump_post['file_id'] . '.' . $extension; + $dump_post['thumb'] = $board['dir'] . DIR_THUMB . $dump_post['file_id'] . '.png'; // Extract the image from the ZIP $fp = fopen($dump_post['file'], 'w+'); @@ -280,8 +282,8 @@ $dump_post['thumbheight'] = $thumb['height']; // Remove DIR_* before inserting them into the database. - $dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen(DIR_IMG)); - $dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen(DIR_THUMB)); + $dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen($board['dir'] . DIR_IMG)); + $dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); // Create the post post($dump_post, false); @@ -311,9 +313,9 @@ sql_close(); if(ALWAYS_NOKO || $noko) { - header('Location: ' . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); + header('Location: ' . ROOT . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); } else { - header('Location: ' . ROOT . FILE_INDEX, true, 302); + header('Location: ' . ROOT . $board['dir'] . FILE_INDEX, true, 302); } exit; From aab95da24def6a3d4579b1551c74d817f79ec10c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 19:59:35 +1100 Subject: [PATCH 015/218] Multi-board support. --- inc/display.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/inc/display.php b/inc/display.php index 6156e6cf..35110cd6 100644 --- a/inc/display.php +++ b/inc/display.php @@ -20,13 +20,14 @@ } function error($message) { + global $board; die(Element('page.html', Array( 'index'=>ROOT, 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"
" . "

$message

" . - "

Go back.

" . + "

Go back.

" . "
" ))); } @@ -51,6 +52,8 @@ $this->filename = $filename; } public function build($index=false) { + global $board; + $built = '
' . '

'; @@ -75,14 +78,14 @@ $built .= ' No.' . + ' href="' . ROOT . $board['dir'] . DIR_RES . $this->thread . '.html' . '#' . $this->id . '">No.' . // JavaScript cite ''.$this->id.'' . '

'; // File info if(!empty($this->file)) { - $built .= '

File: ' . $this->file . ' (' . + $built .= '

File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -95,7 +98,7 @@ // Filename $built .= ', ' . $this->filename . ')

' . // Thumbnail - ''; + ''; } // Body @@ -132,7 +135,9 @@ public function build($index=false) { - $built = '

File: ' . $this->file . ' (' . + global $board; + + $built = '

File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -145,7 +150,7 @@ // Filename $built .= ', ' . $this->filename . ')

' . // Thumbnail - ''; + ''; $built .= '

'; @@ -170,11 +175,11 @@ $built .= ' No.' . + ' href="' . ROOT . $board['dir'] . DIR_RES . $this->id . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . // [Reply] - ($index ? '[Reply]' : '') . + ($index ? '[Reply]' : '') . '

'; // Body From ab5429dfc4b39f4528a5636f7af90810d7e3f87b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:00:48 +1100 Subject: [PATCH 016/218] Bug fix for page links --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index aac390fc..a78065b0 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -135,7 +135,7 @@ $pages = Array(); for($x=0;$x<$count && $x $x+1, 'link' => $x==0 ? ROOT . $board['dir'] . FILE_INDEX : ROOT . sprintf(FILE_PAGE, $x+1)); + $pages[] = Array('num' => $x+1, 'link' => $x==0 ? ROOT . $board['dir'] . FILE_INDEX : ROOT . $board['dir'] . sprintf(FILE_PAGE, $x+1)); } mysql_free_result($res); From 342d1d2f6ba6ca85e78f4bef006a3aeea3ddf4aa Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:05:20 +1100 Subject: [PATCH 017/218] Removed debug code I accidentally commited. --- inc/config.php | 1 - 1 file changed, 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index bb130bc4..bc0f726a 100644 --- a/inc/config.php +++ b/inc/config.php @@ -139,7 +139,6 @@ str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/', true); - var_dump(URL_MATCH); if(ROOT_FILE) { chdir(ROOT_FILE); From 0e8fb7c898cdec3f77bae2e54af9a4f382cb2120 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:11:22 +1100 Subject: [PATCH 018/218] Added a hidden "board" input --- templates/thread.html | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/thread.html b/templates/thread.html index 2fb7a487..d78ca3f1 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -14,6 +14,7 @@ +
'; } From c21cdbea1575d2c28d6227dbb02515a6a16b5779 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 17:10:33 +1100 Subject: [PATCH 108/218] Added sticky.gif --- static/sticky.gif | Bin 0 -> 961 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 static/sticky.gif diff --git a/static/sticky.gif b/static/sticky.gif new file mode 100644 index 0000000000000000000000000000000000000000..da4ec3a3dbe9e0cf707a0d171626dde1498fba22 GIT binary patch literal 961 zcmZ?wbhEHb6k-r!XlGzhwwWpCIET@HF>~m0hRBr+aqEQrmr8jrmIzwGkg%R1WfNom zE{@bKe7V~h3U;%U>{l+^W1g|WsCFwu)gh;>Ey-oun43?tPrS-7^B&`z`y3Om3a@^t z*mgpz^MqB)A+zZh%+@@z-T5M|b$4#-X0O&mKE1~yyN`G;zva8@QSk1U@jITT%sZPq z^?3gLGYPAYrf$DjxBppN$G-m6`&P`|ws-Ho{)q=#7hh;ud1cA+iwn2k-@fkX#tp~z z?7p&e&x37e_Dni`cEYKv6HeUhz4U(h$!E(>y;ybr#o8-x7u@~0=fsQCyY?K|fBx** zLl@57zkKcHt-BWwpL=)p+Or$?-W+}M?cTe`k4_$bcKzy`hvy$Y`1IiQmuDY-e0=fh z|NnOkqhQ2@fZ|UUW(J061|5)(L3x6KV;;kH4jGRP3l28B+Rd3zbRl7yqMJ^Pz@-Ta zVoE^?83ziMB#MaXhLtc(bYgAeWnUQ5k+A3p6StU23P+*AF;Qt|A&VIW4a{Ad?AcFV zI4){vW@m2-32|aP#LLeuCczL?c$$NeMam*U;DKwXt`eI@1Ovmt{#70YCngjyG<2`> nFN+X-ao9an&3I0T>I|3TllC&N{IGzrB4MgptFSl^2ZJ>Ln-S-o literal 0 HcmV?d00001 From 68b98df6cd353f963170bb8fbbe649dbf3277f8f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 17:11:41 +1100 Subject: [PATCH 109/218] Changed sticky from base64 to an image --- inc/config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index d8831302..b936da29 100644 --- a/inc/config.php +++ b/inc/config.php @@ -106,6 +106,7 @@ define('DIR_IMG', 'src/', true); define('DIR_THUMB', 'thumb/', true); define('DIR_RES', 'res/', true); + define('DIR_STATIC', 'static/', true); // Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown. define('DIR_TEMPLATE', getcwd() . '/templates', true); @@ -132,7 +133,7 @@ // Static images // These can be URLs OR base64 (data URI scheme) - define('IMAGE_STICKY', 'data:image/gif;base64,R0lGODlhEgASAIcAACM8mR5BnAFPowNVpwBZqQBerhNPpRpLoxhSqABgrwBksgFvughltA5ttwBwuwR0vyN2vDdosDJ9tQB6wkJqtGN2tgODyweR1QCZ3gGc3wiR1ROr6SGGyCqJyDqEwjaX0Das4j256GaFu22Fs0qFwkyNx1mLxEun2k264lO76V+45WSezW2Vx2+fzGCrxWW30X6/5oaIvo+rvqidtr29vo+RwIWj0ISp1KSn0aG337euxbGwxry71KW84LbMvJLLzZDK1ZDI2Y3S76fJ5qbK6KrP6K3U7aDd8bzI6Mu6vMC/z83NwtDO39PW2drd0cPO7tXW5tje7MXk9t7u4+LJw+bX1ezhz+Hg8uDr9Obw+PHo6v//7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAMAAFsALAAAAAASABIAAAieALcIHEiwoMGDRT6ckHLQYJYhRixcENKQIBYiUmBowHCkYRQWLVZ0AJFCBYYNB6FUiGCixAILFjRkCHEwxhUbAxI4mHCAA4opB2vk6EGigIMHB4JUVEIBwg0PCxYYAFJxywgBBBo4YBDgRVUtIgYoWAAAwY+qSHDIkHAAgIuqT3ZYEejDR1UmM5xUJZhEx5K9A6nwoAF4YJUmhRMXDAgAOw==', true); + define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true); /* Mod stuff From 139514402da1c12f877548087a67ab0bac2458b5 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 20:05:26 +1100 Subject: [PATCH 110/218] Only show "delete file" link on posts with files --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index 5dbccc8f..a5bfcf7b 100644 --- a/inc/display.php +++ b/inc/display.php @@ -94,7 +94,7 @@ $built .= ' ' . MOD_LINK_BANDELETE . ''; // Delete file (keep post) - if($mod['type'] >= MOD_DELETEFILE) + if(!empty($this->file) && $mod['type'] >= MOD_DELETEFILE) $built .= ' ' . MOD_LINK_DELETEFILE . ''; $built .= ''; From 574256a01a3250d3fef4bb1f4c41b7da8c7bf9f9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 01:18:03 +1100 Subject: [PATCH 111/218] Use PDO for databases --- inc/config.php | 14 ++- inc/database.php | 39 ++++++ inc/functions.php | 263 ++++++++++++++++++---------------------- inc/instance-config.php | 21 ++-- inc/mod.php | 37 +++--- mod.php | 20 +-- post.php | 15 +-- 7 files changed, 208 insertions(+), 201 deletions(-) create mode 100644 inc/database.php diff --git a/inc/config.php b/inc/config.php index b936da29..4d1b6d78 100644 --- a/inc/config.php +++ b/inc/config.php @@ -10,10 +10,16 @@ */ // Database stuff - define('MY_SERVER', 'localhost', true); - define('MY_USER', '', true); - define('MY_PASSWORD', '', true); - define('MY_DATABASE', '', true); + + // "mysql", "mysqli", "pgsql", "mssql" + define('DB_TYPE', 'mysql', true); + // Hostname or IP address + define('DB_SERVER', 'localhost', true); + // Login + define('DB_USER', '', true); + define('DB_PASSWORD', '', true); + // TinyBoard database + define('DB_DATABASE', '', true); // The name of the session cookie (PHP's $_SESSION) define('SESS_COOKIE', 'imgboard', true); diff --git a/inc/database.php b/inc/database.php new file mode 100644 index 00000000..0d93c3c7 --- /dev/null +++ b/inc/database.php @@ -0,0 +1,39 @@ +prepare($query); + } + + function query($query) { + global $pdo; + return $pdo->query($query); + } + + function db_error($PDOStatement=null) { + global $pdo; + if(isset($PDOStatement)) { + $err = $PDOStatement->errorInfo(); + return $err[2]; + } else { + $err = $pdo->errorInfo(); + return $err[2]; + } + } +?> \ No newline at end of file diff --git a/inc/functions.php b/inc/functions.php index fd87de43..aadc8525 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -7,22 +7,6 @@ return str_replace(array_keys($replaces), array_values($replaces), $str); } - - function sql_open() { - global $sql; - $sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD) or error('Database error.'); - @mysql_select_db(MY_DATABASE, $sql) or error('Database error.'); - } - function sql_close() { - global $sql; - @mysql_close($sql); - } - - function mysql_safe_array(&$array) { - foreach($array as &$item) { - $item = mysql_real_escape_string($item); - } - } function setupBoard($array) { global $board; @@ -45,94 +29,91 @@ function openBoard($uri) { global $sql; sql_open(); - $boards_res = mysql_query(sprintf( - "SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", - mysql_real_escape_string($uri) - ), $sql) or error(mysql_error($sql)); - if($_board = mysql_fetch_array($boards_res)) { - setupBoard($_board); + $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); + $query->bindValue(':uri', $uri); + $query->execute() or error(db_error($query)); + + if($board = $query->fetch()) { + setupBoard($board); return true; } else return false; } function listBoards() { - global $sql; - sql_open(); - $boards_res = mysql_query("SELECT * FROM `boards`", $sql) or error(mysql_error($sql)); - - $boards = Array(); - while($_board = mysql_fetch_array($boards_res)) { - $boards[] = $_board; - } + $query = query("SELECT * FROM `boards`") or error(db_error()); + $boards = $query->fetchAll(); return $boards; } function threadExists($id) { - global $sql, $board; - $thread_res = mysql_query(sprintf( - "SELECT 1 FROM `posts_%s` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1", - mysql_real_escape_string($board['uri']), - $id - ), $sql) or error(mysql_error($sql)); + global $board; - if(mysql_num_rows($thread_res) > 0) { + $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindParam(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if($query->rowCount()) { return true; } else return false; } function post($post, $OP) { - global $sql, $board; + global $pdo, $board; + + $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky)", $board['uri'])); + + // Basic stuff + $query->bindValue(':subject', $post['subject']); + $query->bindValue(':email', $post['email']); + $query->bindValue(':name', $post['name']); + $query->bindValue(':trip', $post['trip']); + $query->bindValue(':body', $post['body']); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':password', $post['password']); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':sticky', 0, PDO::PARAM_INT); + if($OP) { - mysql_query( - sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", - mysql_real_escape_string($board['uri']), - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['thumb'], - $post['thumbwidth'], - $post['thumbheight'], - $post['file'], - $post['width'], - $post['height'], - $post['filesize'], - $post['filename'], - $post['filehash'], - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); - return mysql_insert_id($sql); + // No parent thread, image + $query->bindValue(':thread', null, PDO::PARAM_NULL); } else { - mysql_query( - sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", - mysql_real_escape_string($board['uri']), - $post['thread'], - $post['subject'], - $post['email'], - $post['name'], - $post['trip'], - $post['body'], - time(), - time(), - $post['has_file']?$post['thumb']:null, - $post['has_file']?$post['thumbwidth']:null, - $post['has_file']?$post['thumbheight']:null, - $post['has_file']?$post['file']:null, - $post['has_file']?$post['width']:null, - $post['has_file']?$post['height']:null, - $post['has_file']?$post['filesize']:null, - $post['has_file']?$post['filename']:null, - $post['has_file']?$post['filehash']:null, - $post['password'], - mysql_real_escape_string($_SERVER['REMOTE_ADDR']) - ), $sql) or error(mysql_error($sql)); - return mysql_insert_id($sql); + $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT); } + + if($post['has_file']) { + $query->bindValue(':thumb', $post['thumb']); + $query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT); + $query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT); + $query->bindValue(':file', $post['file']); + $query->bindValue(':width', $post['width'], PDO::PARAM_INT); + $query->bindValue(':height', $post['height'], PDO::PARAM_INT); + $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); + $query->bindValue(':filename', $post['filesize']); + $query->bindValue(':filehash', $post['filesize']); + } else { + $query->bindValue(':thumb', null, PDO::PARAM_NULL); + $query->bindValue(':thumbwidth', null, PDO::PARAM_NULL); + $query->bindValue(':thumbheight', null, PDO::PARAM_NULL); + $query->bindValue(':file', null, PDO::PARAM_NULL); + $query->bindValue(':width', null, PDO::PARAM_NULL); + $query->bindValue(':height', null, PDO::PARAM_NULL); + $query->bindValue(':filesize', null, PDO::PARAM_NULL); + $query->bindValue(':filename', null, PDO::PARAM_NULL); + $query->bindValue(':filehash', null, PDO::PARAM_NULL); + } + + $query->execute() or error(db_error($query)); + + return $pdo->lastInsertId(); + } + + function bumpThread($id) { + global $board; + $query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); } function index($page, $mod=false) { @@ -142,57 +123,52 @@ $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); sql_open(); - $query = mysql_query(sprintf( - "SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT %d,%d", - mysql_real_escape_string($board['uri']), - $offset, - THREADS_PER_PAGE - ), $sql) or error(mysql_error($sql)); - - if(mysql_num_rows($query) < 1 && $page > 1) return false; - while($th = mysql_fetch_array($query)) { + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri'])); + $query->bindValue(1, $offset, PDO::PARAM_INT); + $query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowcount() < 1 && $page > 1) return false; + while($th = $query->fetch()) { $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); - $newposts = mysql_query(sprintf( - "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", - mysql_real_escape_string($board['uri']), - $th['id'], - THREADS_PREVIEW - ), $sql) or error(mysql_error($sql)); - if(mysql_num_rows($newposts) == THREADS_PREVIEW) { - $count_query = mysql_query(sprintf( - "SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = '%s'", - mysql_real_escape_string($board['uri']), - $th['id'] - ), $sql) or error(mysql_error($sql)); - $count = mysql_fetch_array($count_query); + $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); + $posts->bindValue(1, $th['id']); + $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT); + $posts->execute() or error(db_error($posts)); + + if($posts->rowCount() == THREADS_PREVIEW) { + $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri'])); + $count->bindValue(1, $th['id']); + $count->execute() or error(db_error($count)); + + $count = $count->fetch(); $omitted = $count['num'] - THREADS_PREVIEW; $thread->omitted = $omitted; - mysql_free_result($count_query); unset($count); unset($omitted); } - while($po = mysql_fetch_array($newposts)) { + + while($po = $posts->fetch()) { $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); } - mysql_free_result($newposts); $thread->posts = array_reverse($thread->posts); $body .= $thread->build(true); } - mysql_free_result($query); + return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT); } function getPages($mod=false) { global $sql, $board; - $res = mysql_query(sprintf( - "SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", - mysql_real_escape_string($board['uri']) - ), $sql) or error(mysql_error($sql)); - $arr = mysql_fetch_array($res); - $count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE); + // Count threads + $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); + + $count = current($query->fetch()); + $count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE); $pages = Array(); for($x=0;$x<$count && $xbindValue(':id', $cite); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { $replacement = '>>' . $cite . ''; } else { $replacement = ">>{$cite}"; } - mysql_free_result($result); // Find the position of the cite $position = strpos($body, $cites[0][$index]); @@ -337,39 +310,39 @@ } function buildThread($id, $return=false, $mod=false) { - global $sql, $board; + global $board; $id = round($id); - $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", - mysql_real_escape_string($board['uri']), - $id, - $id - ), $sql) or error(mysql_error($sql)); - - while($post = mysql_fetch_array($query)) { + $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + while($post = $query->fetch()) { if(!isset($thread)) { $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); } } - $body = Element('thread.html', Array( - 'button'=>BUTTON_REPLY, - 'board'=>$board, - 'body'=>$thread->build(), - 'post_url' => POST_URL, - 'index' => ROOT, - 'id' => $id, - 'mod' => $mod, - 'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) - )); + + // Check if any posts were found + if(!isset($thread)) error(ERROR_NONEXISTANT); + + $body = Element('thread.html', Array( + 'button'=>BUTTON_REPLY, + 'board'=>$board, + 'body'=>$thread->build(), + 'post_url' => POST_URL, + 'index' => ROOT, + 'id' => $id, + 'mod' => $mod, + 'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) + )); if($return) return $body; else @file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file."); - mysql_free_result($query); } function generate_tripcode ( $name, $length = 10 ) { diff --git a/inc/instance-config.php b/inc/instance-config.php index 408e9b85..88178f2c 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -7,17 +7,18 @@ * * You can copy values from config.php (defaults) and paste them here. */ - - - /* + + + // Database stuff - define('MY_SERVER', '127.0.0.1'); - define('MY_USER', ''); - define('MY_PASSWORD', ''); - define('MY_DATABASE', ''); - + define('DB_TYPE', 'mysql'); + define('DB_SERVER', 'localhost'); + define('DB_USER', ''); + define('DB_PASSWORD', ''); + define('DB_DATABASE', ''); + define('ROOT', '/'); - + // define('FOO', 'bar'); - */ + ?> \ No newline at end of file diff --git a/inc/mod.php b/inc/mod.php index b5e773f5..65675dff 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -17,13 +17,12 @@ $password = sha1($password); } - $res = mysql_query(sprintf( - "SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - mysql_real_escape_string($username), - $password - ), $sql) or error(mysql_error($sql)); + $query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1"); + $query->bindValue(':username', $username); + $query->bindValue(':password', $password); + $query->execute(); - if($user = mysql_fetch_array($res)) { + if($user = $query->fetch()) { return $mod = Array( 'id' => $user['id'], 'type' => $user['type'], @@ -142,22 +141,19 @@ // Delete a post (reply or thread) function deletePost($id) { - global $board, $sql; + global $board; // Select post and replies (if thread) in one query - $post_res = mysql_query(sprintf( - "SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", - mysql_real_escape_string($board['uri']), - $id, - $id - ), $sql) or error(mysql_error($sql)); - - if(mysql_num_rows($post_res) < 1) { + $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { error(ERROR_INVALIDPOST); } // Delete posts and maybe replies - while($post = mysql_fetch_array($post_res)) { + while($post = $query->fetch()) { if(!$post['thread']) { // Delete thread HTML page @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); @@ -172,11 +168,8 @@ } } - mysql_query(sprintf( - "DELETE FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", - mysql_real_escape_string($board['uri']), - $id, - $id - ), $sql) or error(mysql_error($sql)); + $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); } ?> \ No newline at end of file diff --git a/mod.php b/mod.php index fec65c02..0fdc0f5a 100644 --- a/mod.php +++ b/mod.php @@ -6,6 +6,7 @@ } require 'inc/config.php'; require 'inc/template.php'; + require 'inc/database.php'; require 'inc/user.php'; require 'inc/mod.php'; @@ -175,20 +176,21 @@ if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf(ERROR_INVALIDFIELD, 'URI')); - mysql_query(sprintf( - "INSERT INTO `boards` VALUES (NULL, '%s', '%s', " . - (empty($b['subtitle']) ? 'NULL' : "'%s'" ) . - ")", - mysql_real_escape_string($b['uri']), - mysql_real_escape_string($b['title']), - mysql_real_escape_string($b['subtitle']) - ), $sql) or error(mysql_error($sql)); + $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); + $query->bindValue(':uri', $b['uri']); + $query->bindValue(':title', $b['title']); + if(!empty($b['subtitle'])) { + $query->bindValue(':subtitle', $b['subtitle']); + } else { + $query->bindValue(':subtitle', null, PDO::PARAM_NULL); + } + $query->execute() or error(db_error($query)); // Open the board openBoard($b['uri']) or error("Couldn't open board after creation."); // Create the posts table - mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql)); + query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error()); // Build the board buildIndex(); diff --git a/post.php b/post.php index 0b0e0a64..fccf3f16 100644 --- a/post.php +++ b/post.php @@ -6,6 +6,7 @@ } require 'inc/config.php'; require 'inc/template.php'; + require 'inc/database.php'; require 'inc/user.php'; // Fix for magic quotes @@ -191,9 +192,6 @@ // Todo: Validate some more, remove messy code, allow more specific configuration - // MySQLify - mysql_safe_array($post); - $id = post($post, $OP); if($post['has_file'] && $post['zip']) { @@ -295,12 +293,7 @@ buildThread(($OP?$id:$post['thread'])); if(!$OP) { - mysql_query( - sprintf("UPDATE `posts_%s` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", - mysql_real_escape_string($board['uri']), - time(), - $post['thread'] - ), $sql) or error(mysql_error($sql)); + bumpThread($post['thread']); } buildIndex(); @@ -318,8 +311,8 @@ sql_open(); // Build all boards - $boards_res = mysql_query('SELECT * FROM `boards`', $sql) or error(mysql_error($sql)); - while($_board = mysql_fetch_array($boards_res)) { + $boards = listBoards(); + foreach($boards as &$_board) { setupBoard($_board); buildIndex(); } From 6be386aca140721fe9d3ba9a8a7f8c5f53ebe6a4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 01:32:12 +1100 Subject: [PATCH 112/218] Extened error message on database failure --- inc/database.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/inc/database.php b/inc/database.php index 0d93c3c7..8ffc9f84 100644 --- a/inc/database.php +++ b/inc/database.php @@ -7,7 +7,14 @@ try { return $pdo = new PDO(DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE, DB_USER, DB_PASSWORD); } catch(PDOException $e) { - error('Database error.'); + $message = $e->getMessage(); + + // Remove any sensitive information + $message = str_replace(DB_USER, 'hidden', $message); + $message = str_replace(DB_PASSWORD, 'hidden', $message); + + // Print error + error('Database error: ' . $message); } } From 0b76cd535f21ea8746bbb41ef4103c14c85726fe Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 01:43:56 +1100 Subject: [PATCH 113/218] Fixed config --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 4d1b6d78..2e605b0b 100644 --- a/inc/config.php +++ b/inc/config.php @@ -11,7 +11,7 @@ // Database stuff - // "mysql", "mysqli", "pgsql", "mssql" + // "mysql", "pgsql", etc define('DB_TYPE', 'mysql', true); // Hostname or IP address define('DB_SERVER', 'localhost', true); From ebed5b55dbc29d90b071373aae9c73fa929d0cac Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 02:12:32 +1100 Subject: [PATCH 114/218] Fixed hiding passwords --- mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 0fdc0f5a..c23afb1f 100644 --- a/mod.php +++ b/mod.php @@ -100,7 +100,7 @@ $data = ''; foreach($constants as $name => $value) { - if(MOD_NEVER_REAL_PASSWORD && $name == 'MY_PASSWORD') + if(MOD_NEVER_REAL_PASSWORD && $name == 'DB_PASSWORD') $value = 'hidden'; else { // For some reason PHP is only giving me the first defined value (the default), so use constant() From 796a5445601c187bb7fa867d9c5b152ac8fd9797 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 02:24:27 +1100 Subject: [PATCH 115/218] Added DB_DSN --- inc/config.php | 5 ++++- inc/database.php | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 2e605b0b..60c8d5c2 100644 --- a/inc/config.php +++ b/inc/config.php @@ -11,7 +11,8 @@ // Database stuff - // "mysql", "pgsql", etc + // SQL driver ("mysql", "pgsql", "sqlite", "dblib", etc) + // http://www.php.net/manual/en/pdo.drivers.php define('DB_TYPE', 'mysql', true); // Hostname or IP address define('DB_SERVER', 'localhost', true); @@ -20,6 +21,8 @@ define('DB_PASSWORD', '', true); // TinyBoard database define('DB_DATABASE', '', true); + // Anything more to add to the DSN string (eg. port=xxx;foo=bar) + define('DB_DSN', '', true); // The name of the session cookie (PHP's $_SESSION) define('SESS_COOKIE', 'imgboard', true); diff --git a/inc/database.php b/inc/database.php index 8ffc9f84..e9780640 100644 --- a/inc/database.php +++ b/inc/database.php @@ -4,8 +4,11 @@ global $pdo; if($pdo) return true; + $dsn = DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE; + if(!empty($dsn)) + $dsn .= ';' . DB_DSN; try { - return $pdo = new PDO(DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE, DB_USER, DB_PASSWORD); + return $pdo = new PDO($dsn, DB_USER, DB_PASSWORD); } catch(PDOException $e) { $message = $e->getMessage(); From 9d5482874a6d3520486d8c12534bf8b71c8a243e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 02:52:06 +1100 Subject: [PATCH 116/218] Compressed URL_MATCH --- inc/config.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index 60c8d5c2..b83ce5e0 100644 --- a/inc/config.php +++ b/inc/config.php @@ -220,16 +220,13 @@ define('ALWAYS_NOKO', false, true); define('URL_MATCH', '/^' . - (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . + (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . preg_quote(ROOT, '/') . '(' . - preg_quote(ROOT, '/') . str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . '|' . - preg_quote(ROOT, '/') . str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . preg_quote(FILE_INDEX, '/') . '|' . - preg_quote(ROOT, '/') . str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . ')$/', true); From 7e978cebd95261c1c5d8f76fe0e3228486eef215 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 03:01:46 +1100 Subject: [PATCH 117/218] Added a comment --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index b83ce5e0..4f5bc92b 100644 --- a/inc/config.php +++ b/inc/config.php @@ -39,7 +39,7 @@ // How long should the cookies last (in seconds) define('COOKIE_EXPIRE', 15778463, true); //6 months - + // Make this something long and random for security define('SALT', 'wefaw98YHEWUFuo', true); // How many seconds before you can post, after the first visit From 53b32ce8a5460f6d75685b38b62d84a80fdb7f8a Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 03:15:12 +1100 Subject: [PATCH 118/218] Added "empty" text in the config page --- mod.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index c23afb1f..6bce948f 100644 --- a/mod.php +++ b/mod.php @@ -108,7 +108,10 @@ if(gettype($value) == 'boolean') { $value = $value ? 'On' : 'Off'; } elseif(gettype($value) == 'string') { - $value = '' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . ''; + if(empty($value)) + $value = 'empty'; + else + $value = '' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . ''; } elseif(gettype($value) == 'integer') { // Show permissions in a cleaner way if(preg_match('/^MOD_/', $name) && $name != 'MOD_JANITOR' && $name != 'MOD_MOD' && $name != 'MOD_ADMIN') { From 323fe4e61c722d2c6954f3b21ecd83ba8a22bda9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 04:12:37 +1100 Subject: [PATCH 119/218] URL_MATCH when ROOT is a full URL --- inc/config.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/inc/config.php b/inc/config.php index 4f5bc92b..24d522c7 100644 --- a/inc/config.php +++ b/inc/config.php @@ -220,16 +220,19 @@ define('ALWAYS_NOKO', false, true); define('URL_MATCH', '/^' . - (@$_SERVER['HTTPS']?'https':'http').':\/\/'.$_SERVER['HTTP_HOST'] . preg_quote(ROOT, '/') . - '(' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . - '|' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . - preg_quote(FILE_INDEX, '/') . - '|' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . - str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . - ')$/', true); + (preg_match(URL_REGEX, ROOT) ? '' : + (@$_SERVER['HTTPS']?'https':'http') . + ':\/\/'.$_SERVER['HTTP_HOST']) . + preg_quote(ROOT, '/') . + '(' . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + '|' . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + preg_quote(FILE_INDEX, '/') . + '|' . + str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . + ')$/i', true); if(ROOT_FILE) { chdir(ROOT_FILE); From aa88e0984ef850e17141a4ff9ff291654716f201 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 18 Dec 2010 15:07:07 +1100 Subject: [PATCH 120/218] Replaced bindParam() with bindValue() --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index aadc8525..b8d33f5b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -50,7 +50,7 @@ global $board; $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); - $query->bindParam(':id', $id, PDO::PARAM_INT); + $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if($query->rowCount()) { From 472e12e405df15733ae8364337636b4fa68b2dad Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 20:45:18 +1100 Subject: [PATCH 121/218] Fixed filename in image posting --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index b8d33f5b..1deb26fb 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -89,7 +89,7 @@ $query->bindValue(':width', $post['width'], PDO::PARAM_INT); $query->bindValue(':height', $post['height'], PDO::PARAM_INT); $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); - $query->bindValue(':filename', $post['filesize']); + $query->bindValue(':filename', $post['filename']); $query->bindValue(':filehash', $post['filesize']); } else { $query->bindValue(':thumb', null, PDO::PARAM_NULL); From 1fa0f64038d74cbcfba35d79e6bc0d2ea8146359 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 21:42:22 +1100 Subject: [PATCH 122/218] Rebuild threads after a post is deleted --- inc/mod.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/inc/mod.php b/inc/mod.php index 65675dff..dd16a1a6 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -139,6 +139,19 @@ ''; } + // Remove file from post + function deleteFile($id) { + global $board; + + $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error(ERROR_INVALIDPOST); + } + } + // Delete a post (reply or thread) function deletePost($id) { global $board; @@ -157,6 +170,9 @@ if(!$post['thread']) { // Delete thread HTML page @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); + } elseif($query->rowCount() == 1) { + // Rebuild thread + $rebuild = $post['thread']; } if($post['thumb']) { // Delete thumbnail @@ -171,5 +187,9 @@ $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); + + if(isset($rebuild)) { + buildThread($rebuild); + } } ?> \ No newline at end of file From 583a6a58d99504177b3c27e698a9644bdba0cf9d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 21:44:11 +1100 Subject: [PATCH 123/218] Remove files --- inc/mod.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/inc/mod.php b/inc/mod.php index dd16a1a6..a2ee93ce 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -143,13 +143,23 @@ function deleteFile($id) { global $board; - $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL", $board['uri'])); + $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { error(ERROR_INVALIDPOST); } + + $post = $query->fetch(); + + // Delete thumbnail + @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + + // Delete file + @unlink($board['dir'] . DIR_IMG . $post['file']); + + } // Delete a post (reply or thread) From 2179b03980fbb21f5f0723367438fecff1324acb Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 21:46:50 +1100 Subject: [PATCH 124/218] Fixed filehash when uploading images --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 1deb26fb..2ba34827 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -90,7 +90,7 @@ $query->bindValue(':height', $post['height'], PDO::PARAM_INT); $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); $query->bindValue(':filename', $post['filename']); - $query->bindValue(':filehash', $post['filesize']); + $query->bindValue(':filehash', $post['filehash']); } else { $query->bindValue(':thumb', null, PDO::PARAM_NULL); $query->bindValue(':thumbwidth', null, PDO::PARAM_NULL); From e4016687321770054d134f13f3275fc0523588e8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 22:12:31 +1100 Subject: [PATCH 125/218] Fixed major security bug and image deleting --- inc/config.php | 6 ++++++ inc/display.php | 50 +++++++++++++++++++++++------------------------ inc/functions.php | 8 ++++---- inc/mod.php | 5 +++++ mod.php | 26 ++++++++++++++++++++++-- 5 files changed, 64 insertions(+), 31 deletions(-) diff --git a/inc/config.php b/inc/config.php index 24d522c7..79f4bf1e 100644 --- a/inc/config.php +++ b/inc/config.php @@ -99,6 +99,8 @@ */ define('ALLOW_ZIP', false, true); define('ZIP_IMAGE', 'static/zip.png', true); + + define('DELETED_IMAGE', 'static/deleted.png', true); /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) @@ -131,6 +133,7 @@ define('POST_URL', ROOT . 'post.php', true); define('FILE_INDEX', 'index.html', true); define('FILE_PAGE', '%d.html', true); + define('FILE_MOD', 'mod.php', true); // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s/', true); @@ -232,6 +235,9 @@ '|' . str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . + '|' . + preg_quote(FILE_MOD, '/') . + '\?\/.+' . ')$/i', true); if(ROOT_FILE) { diff --git a/inc/display.php b/inc/display.php index a5bfcf7b..32eb9cb2 100644 --- a/inc/display.php +++ b/inc/display.php @@ -49,7 +49,7 @@ } class Post { - public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { + public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT, $mod=false) { $this->id = $id; $this->thread = $thread; $this->subject = utf8tohtml($subject); @@ -68,34 +68,33 @@ $this->filename = $filename; $this->ip = $ip; $this->root = $root; + $this->mod = $mod; } public function postControls() { - global $mod; - $built = ''; - if($mod) { + if($this->mod) { // Mod controls (on posts) $built .= ''; // Delete - if($mod['type'] >= MOD_DELETE) + if($this->mod['type'] >= MOD_DELETE) $built .= ' ' . MOD_LINK_DELETE . ''; // Delete all posts by IP - if($mod['type'] >= MOD_DELETEBYIP) + if($this->mod['type'] >= MOD_DELETEBYIP) $built .= ' ' . MOD_LINK_DELETEBYIP . ''; // Ban - if($mod['type'] >= MOD_BAN) + if($this->mod['type'] >= MOD_BAN) $built .= ' ' . MOD_LINK_BAN . ''; // Ban & Delete - if($mod['type'] >= MOD_BANDELETE) + if($this->mod['type'] >= MOD_BANDELETE) $built .= ' ' . MOD_LINK_BANDELETE . ''; // Delete file (keep post) - if(!empty($this->file) && $mod['type'] >= MOD_DELETEFILE) - $built .= ' ' . MOD_LINK_DELETEFILE . ''; + if(!empty($this->file) && $this->mod['type'] >= MOD_DELETEFILE) + $built .= ' ' . MOD_LINK_DELETEFILE . ''; $built .= ''; } @@ -103,7 +102,7 @@ } public function build($index=false) { - global $board, $mod; + global $board; $built = '
' . '

'; @@ -120,7 +119,7 @@ . (!empty($this->trip) ? ' '.$this->trip.'':''); // IP Address - if($mod && $mod['type'] >= MOD_SHOW_IP) { + if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) { $built .= ' [' . $this->ip . ']'; } @@ -140,7 +139,7 @@ '

'; // File info - if(!empty($this->file)) { + if(!empty($this->file) && $this->file != 'deleted') { $built .= '

File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . @@ -156,6 +155,8 @@ // Thumbnail ''; + } elseif($this->file == 'deleted') { + $built .= ''; } $built .= $this->postControls(); @@ -169,7 +170,7 @@ class Thread { public $omitted = 0; - public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT) { + public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT, $mod=false) { $this->id = $id; $this->subject = utf8tohtml($subject); $this->email = $email; @@ -190,36 +191,35 @@ $this->ip = $ip; $this->sticky = $sticky; $this->root = $root; + $this->mod = $mod; } public function add(Post $post) { $this->posts[] = $post; } - public function postControls() { - global $mod; - + public function postControls() { $built = ''; - if($mod) { + if($this->mod) { // Mod controls (on posts) $built .= ''; // Delete - if($mod['type'] >= MOD_DELETE) + if($this->mod['type'] >= MOD_DELETE) $built .= ' ' . MOD_LINK_DELETE . ''; // Delete all posts by IP - if($mod['type'] >= MOD_DELETEBYIP) + if($this->mod['type'] >= MOD_DELETEBYIP) $built .= ' ' . MOD_LINK_DELETEBYIP . ''; // Ban - if($mod['type'] >= MOD_BAN) + if($this->mod['type'] >= MOD_BAN) $built .= ' ' . MOD_LINK_BAN . ''; // Ban & Delete - if($mod['type'] >= MOD_BANDELETE) + if($this->mod['type'] >= MOD_BANDELETE) $built .= ' ' . MOD_LINK_BANDELETE . ''; // Delete file (keep post) - if($mod['type'] >= MOD_STICKY) + if($this->mod['type'] >= MOD_STICKY) if($this->sticky) $built .= ' ' . MOD_LINK_DESTICKY . ''; else @@ -231,7 +231,7 @@ } public function build($index=false) { - global $board, $mod; + global $board; $built = '

File: ' . $this->file . ' (' . // Filesize @@ -262,7 +262,7 @@ . (!empty($this->trip) ? ' '.$this->trip.'':''); // IP Address - if($mod && $mod['type'] >= MOD_SHOW_IP) { + if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) { $built .= ' [' . $this->ip . ']'; } diff --git a/inc/functions.php b/inc/functions.php index 2ba34827..36ee9807 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -131,7 +131,7 @@ if($query->rowcount() < 1 && $page > 1) return false; while($th = $query->fetch()) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT, $mod); $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); $posts->bindValue(1, $th['id']); @@ -151,7 +151,7 @@ } while($po = $posts->fetch()) { - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); + $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT, $mod)); } $thread->posts = array_reverse($thread->posts); @@ -319,9 +319,9 @@ while($post = $query->fetch()) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT, $mod); } else { - $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); + $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod)); } } diff --git a/inc/mod.php b/inc/mod.php index a2ee93ce..c73b72f0 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -159,7 +159,12 @@ // Delete file @unlink($board['dir'] . DIR_IMG . $post['file']); + // Update database + $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = 'deleted' WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + buildThread($post['thread']); } // Delete a post (reply or thread) diff --git a/mod.php b/mod.php index 6bce948f..be9268a0 100644 --- a/mod.php +++ b/mod.php @@ -219,7 +219,7 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], true)) { + if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], $mod)) { error(ERROR_404); } $page['pages'] = getPages(true); @@ -235,9 +235,31 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $page = buildThread($thread, true, true); + $page = buildThread($thread, true, $mod); echo $page; + } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_DELETEFILE) error(ERROR_NOACCESS); + // Delete file from post + + $boardName = $matches[1]; + $post = $matches[2]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + // Delete post + deleteFile($post); + // Rebuild board + buildIndex(); + + + // Redirect + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); // Delete post From 463835bc36f61108bdb235c587653e2f104b54d7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 22:14:42 +1100 Subject: [PATCH 126/218] Added deleted.png --- static/deleted.png | Bin 0 -> 3756 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 static/deleted.png diff --git a/static/deleted.png b/static/deleted.png new file mode 100644 index 0000000000000000000000000000000000000000..269090ec04cc56299e5bc2c92f9b788d92a9a4ce GIT binary patch literal 3756 zcmaJ^c|4SR`yPx*#!mJ$h9i|RGnmHC7{*N2aI%+S27_6e8BDU1vc#BEvV}yJ64@e( zniip~p|l{KB$Dzfk$&U6r}O^)czd7E=Xt)%=en-@{@(ZX$M;Ehb+(rjR}}{U0Fnf} zt(#!X61)atAi*~qU}z>7RM>W2Yg$`G&t0COu2gBTP}Wu}nD@(7$v|1@oOn_&uvM@L8NM;q$XnIUkbiHXUUhJgW0fPk@%(bz-|jK5*&;s36mSAA!pFN0!F=yG(+D!8t?*9I21kI?_*|lhgl( zQmOx-S!_4*fAamW!Yq$t3^Lq}%%Vp!g9MEW*4hfiFvT*-L^hr2L8nLjtfFfuolR$j z(isq}I||}Sp^@m(tiRAsPNoDJi%p~jkqNdIPyt_`LLr&j86XWYXq*WWWwIZMv_lx9 zZ459dJ3Ew(4GL+z-{>dTmL3#ICDYhHxupMaF~8()8G*_WM7AX}DN$q+j!CCN{yMNJ z<=45Of2sF3m-OpgjDN|63zC6vwe|nC`RA6vJ6qF#Oe z5^OOZoM#LE;f@~Tiibt`>u)~dJOXN~@%#3S;pFN2k}kD=AKG6@`PQd%JzwodL6Ob3 zuI)PL)pN+g^{R?Xi*|opLcL3QhxMf%Fl+r?2xB{I!oq+Uj6~wp)yNN)H!Lg+i<{o6 z2P}9$lzLr2EJZEQ6W;s2U%1%c@&h{59y*umpW4TC#CD>m5k#z+CIFxrjy=w z&pSc5Zzcb9Db;`v3Eu!GY>4=VWhHbS&&;hFB(@R6{)qdEf*`RI~rH4Wy zk(aujZ*0WQ=W5wYP50?UXhvijgz6b8B8K(Ogg_s=d3kvyy6S2hnZ2Hw>84%B#>U3l zp0|w~iK|Y3e)8M7B|ZTAy??q-JA!52=M}6Tuvrlv91=q8ybRXqJS+xExk0yaJnQWv zeqzGS&FxMyIV?=voKsq`d~|z74CWof7_yYU8=__CZX)ES+>v@k6Md2xVa~@lZO;Eb zaqRP@kEg#~^-IbfKb*qj@zy1}eIYW5x3Z-sHlKKM^{SDb-rh30@RKW95>sBo_mzY5 zoIqeBkO=6EX1a11}s_D0@QR$*%b-rH)kKfffOsY=>D?w!WFUzfe zq$c}LUgu}e&aTI^h>xzKwMJb7L+}527pMBLic_!X+cM*`?@^H#z)stwjKJ5{*6s$8 z(ln~%qh7UXF5n-wgd;o-3f0uqxRo}peUDc@+CfxG4m;SeBn6y_0iym@C!B9wU?Qj! zHBn2_DDGD7&8Q%=T25D?PzE~s3P2|;O|#Fs@W_{y5kxAHVv(jR+h?bvVxFLJpT#UI zE3;PB6OYDXu??HoU!4j|1;|5^Izpsp|NPSusIc>n_m*gL5h_sGQ<>ZT^nGiWAD(B( zEiZ@8O|;8@LNuQ`w9zUlVZGZxQiuy|7vGOQWC2<90-^Ar=~LHl=x%E-0Mi?#fzRBLqRK5+#wTRTO0UdUl<@cDPp`Zr=#o-I9364A&(c+rSn`zCIx4G#}{#O(lZ z-I0?R&CoT*4w&iM@trdhr>~+LqI81+*cw{fj7sIbl8}-lvnm(tA$&wzQ||AZV=p8f zv|~j_Laj1B4tJWTuZ_k&@!beYd7>_a!1-8IMXM@UezXcIB7QYmH@(!eqw9x$?B@#I z+E6ridTePz=%L?>dw{fq@;8Hv3~ka@Ljh@e78W}j5B6oT+1BxphH~eDfcuI^+(k_C zOYDWywwI4fu#nU0lZojHyov)}e(DM{dR-Yr&GjOBcWbiqD_rnohPUGO7kEqY)QYp9 z484-e@0;Aqxhx! z9`p{htAvJmcU4WSOGVXDU}L0m;jH4|;|O!0<%W#hp#b9Wth)<_j7jpq`#rXj2VBfM z;CZtB(B)}Xy&(iuJsKFBv-ayVaPZ2hiI?tv8lBPHq^Yv4AC4zCy(D4GeCL5&3Z@0=y7I(;K#(vi&yEY#iA zc|_Le_KblUr=ls<`GQ%nlH*Z!=;VG~`)dvku;y>%x)=TzC9t?BhYmE|TwLV7{-QQt zv5S9LwGmubIV1uEBf`%RNkWc}EVPMAqt0&0NTw<(GiArz%Gc)mBlBJR`ThOdIv|xaMa(gC4YBx5lT@IRCoF{UDjqEIoV3c70gb znnRPQZGGnYyOeD%ykp%)4ezBy^6^rlxlxjOHGoKh5c6F2<}7z@my8!k^}0I0y5-$F z${b&%1P^YLHHT8go78-RqRz1Mp(UTqet;$L-mq8??-A!wqJUyk~`)m2lN0##tDS_f~0mu2?_78V?dJh(F6 z6MINslA0xs2-74uUtD)7O}ksOXIk`m)0;Q0%Nw8Ff}ebTU(eH##rlhx!(iO5V@+p* z_lY*#j?53^aO@JazNiA{Ud;K6_^e-ko7&!9er|ZqH(^7lbyqz1PBM43VN&zUBXp&I z4o@-WwWL_*56km#=;#p}Poh@tsqy1k7o~Tk$V%rxGhCjlz{x zpI^I%RQ^6C;#D3unEXuZ)bz#KO#`f-UHK{+7_eF_U=@Imim#oX*F-V z%l*oz;1Syvp3jlU@Cqwr_u$Cftz8K~v&x}l5woH^P-Tz)C(FRh=Vz%fNdi5Kb`3UV2= zS<+==diT{^=LYUFs=Qm&8X+{03AYg&VIM4daE1EuX^7^DYv%&+VeU28irp#(9(|lb zT(JD`ITrIM%U>j}IFDzD+P!XZJ$ut0G>U7@ zhfl&!1?{L?*z7%ieSX2^<;ttFp4xc~Ur3}7@cKc&F6Tordn)G?OfxegcAZLb$ap49 zyMc31{3NZBYPNLK9<79ZQ|W*}8EG$`%3A5MUbgU;*(B{n{SmD^iW@WzUR33V>r7i- zZt22a*|poVW{ln0)0n8~#7$K=vhmoAmo0luuXtJQa&3jHEN$!$z{?CxGDJ&c!}1!; zWYpd?+S$>l+>^hg+TMF);HnU;^vNfc3yXS%MiP>o7^l;&{wcw=vCj00q_Tmb8js1< z#SXY% Date: Sat, 1 Jan 2011 22:18:58 +1100 Subject: [PATCH 127/218] When removing an already-removed image, make it a no-post post. --- inc/mod.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index c73b72f0..1058cca8 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -153,14 +153,22 @@ $post = $query->fetch(); - // Delete thumbnail - @unlink($board['dir'] . DIR_THUMB . $post['thumb']); - - // Delete file - @unlink($board['dir'] . DIR_IMG . $post['file']); - + $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id OR `thread` = :id", $board['uri'])); + if($post['file'] == 'deleted') { + // Already deleted; remove file fully + $query->bindValue(':file', null, PDO::PARAM_NULL); + } else { + // Delete thumbnail + @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + + // Delete file + @unlink($board['dir'] . DIR_IMG . $post['file']); + + // Set file to 'deleted' + $query->bindValue(':file', 'deleted', PDO::PARAM_INT); + } // Update database - $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = 'deleted' WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); From 45e8727fef45dfa2e37c4e734909f4291c119be8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 1 Jan 2011 22:58:13 +1100 Subject: [PATCH 128/218] Added bans table --- install.sql | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/install.sql b/install.sql index 051b596b..9df580a0 100644 --- a/install.sql +++ b/install.sql @@ -98,3 +98,17 @@ CREATE TABLE IF NOT EXISTS `mods` ( INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES (1, 'admin', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 2); + + +-- -------------------------------------------------------- + +-- +-- Table structure for table `bans` +-- + +CREATE TABLE IF NOT EXISTS `bans` ( + `ip` varchar( 15 ) NOT NULL , + `mod` int NOT NULL COMMENT 'which mod made the ban', + `expires` int NOT NULL, + `reason` text NULL +) ENGINE = InnoDB; From 5190e9a45698e72eaa58a2138baa370460fc4e13 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 00:03:12 +1100 Subject: [PATCH 129/218] `expires` can be NULL --- install.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sql b/install.sql index 9df580a0..c7ab4870 100644 --- a/install.sql +++ b/install.sql @@ -109,6 +109,6 @@ INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES CREATE TABLE IF NOT EXISTS `bans` ( `ip` varchar( 15 ) NOT NULL , `mod` int NOT NULL COMMENT 'which mod made the ban', - `expires` int NOT NULL, + `expires` int NULL, `reason` text NULL ) ENGINE = InnoDB; From ca7faa835ea8ed5004c66f81b4fb9cecc639bb5d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 00:27:30 +1100 Subject: [PATCH 130/218] Basic ban-adding --- inc/mod.php | 45 +++++++++++++++++++++---- mod.php | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 6 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index 1058cca8..4670dc8d 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -111,24 +111,57 @@ return $body; } + function form_newBan($ip=null, $reason='', $continue=false) { + return '

New ban' . + '' . + ($continue ? '' : '') . + '
From 9d5674fbfc88a5cdb7911fac0daeb29e2fcedf4b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:24:09 +1100 Subject: [PATCH 019/218] setupBoard() function --- inc/functions.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index a78065b0..230de3ef 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -23,7 +23,25 @@ $item = mysql_real_escape_string($item); } } - + + function setupBoard($array) { + global $board; + + $board = Array( + 'id' => $array['id'], + 'uri' => $array['uri'], + 'name' => $array['title'], + 'title' => $array['subtitle']); + + $board['dir'] = sprintf(BOARD_PATH, $board['uri']); + $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); + + if(!file_exists($board['dir'])) mkdir($board['dir'], 0777); + if(!file_exists($board['dir'] . DIR_IMG)) @mkdir($board['dir'] . DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Check permissions.", true); + if(!file_exists($board['dir'] . DIR_THUMB)) @mkdir($board['dir'] . DIR_THUMB, 0777) or error("Couldn't create " . DIR_THUMB . ". Check permissions.", true); + if(!file_exists($board['dir'] . DIR_RES)) @mkdir($board['dir'] . DIR_RES, 0777) or error("Couldn't create " . DIR_RES . ". Check permissions.", true); + } + function post($post, $OP) { global $sql, $board; if($OP) { From 739bccd1bf5b2f3a681f4ff6e33d4a4018da22e5 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:26:55 +1100 Subject: [PATCH 020/218] Made the subtitle optional in templates. --- templates/index.html | 3 ++- templates/thread.html | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/index.html b/templates/index.html index 1f459483..58529230 100644 --- a/templates/index.html +++ b/templates/index.html @@ -10,7 +10,8 @@

{board[url]} - {board[name]}

-
{board[title]}
+
{board[title]?{board[title]}}
+ diff --git a/templates/thread.html b/templates/thread.html index d78ca3f1..f0f271b7 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -10,7 +10,8 @@

{board[url]} - {board[name]}

-
{board[title]}
+
{board[title]?{board[title]}}
+ From 341100d5a66f7bd0d0b39ee5afc809f6c2deb59d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:38:24 +1100 Subject: [PATCH 021/218] Optional subtitle in static pages. --- templates/index.html | 1 + templates/page.html | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/index.html b/templates/index.html index 58529230..048a3dd9 100644 --- a/templates/index.html +++ b/templates/index.html @@ -13,6 +13,7 @@
{board[title]?{board[title]}}
+
'; } - $body = '
Configuration' . $data . '
'; + $body = '
Configuration
diff --git a/templates/page.html b/templates/page.html index d9968b1e..f47fbca4 100644 --- a/templates/page.html +++ b/templates/page.html @@ -8,7 +8,7 @@

{title}

- {subtitle?
{subtitle}
} +
{subtitle?{subtitle}}
{body}

Copyright © 2010 OmegaSDG

From d80cca13c0447b0d5dce11ad8981e705fe8d797d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:38:36 +1100 Subject: [PATCH 022/218] More board functions --- inc/functions.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/inc/functions.php b/inc/functions.php index 230de3ef..9436e4b6 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -42,6 +42,14 @@ if(!file_exists($board['dir'] . DIR_RES)) @mkdir($board['dir'] . DIR_RES, 0777) or error("Couldn't create " . DIR_RES . ". Check permissions.", true); } + function openBoard($uri) { + $boards_res = mysql_query(sprintf("SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri)), $sql) or error(mysql_error($sql)); + if($_board = mysql_fetch_array($boards_res)) { + setupBoard($_board); + return true; + } else return false; + } + function post($post, $OP) { global $sql, $board; if($OP) { From 58b25f319c7370372065fe883ed41654d31f550c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:40:37 +1100 Subject: [PATCH 023/218] Multi-board support. --- post.php | 47 +++++++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/post.php b/post.php index 64df1d45..251c54b4 100644 --- a/post.php +++ b/post.php @@ -8,20 +8,6 @@ require 'inc/template.php'; require 'inc/user.php'; - // For example, we're on /b/ - $board = Array( - 'id' => 1, - 'uri' => 'b', - 'name' => 'Beta', - 'title' => 'In development.'); - $board['dir'] = sprintf(BOARD_PATH, $board['uri']); - $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); - - if(!file_exists($board['dir'])) mkdir($board['dir'], 0777); - if(!file_exists($board['dir'] . DIR_IMG)) mkdir($board['dir'] . DIR_IMG, 0777); - if(!file_exists($board['dir'] . DIR_THUMB)) mkdir($board['dir'] . DIR_THUMB, 0777); - if(!file_exists($board['dir'] . DIR_RES)) mkdir($board['dir'] . DIR_RES, 0777); - $body = ''; // Fix for magic quotes @@ -40,6 +26,7 @@ !isset($_POST['email']) || !isset($_POST['subject']) || !isset($_POST['body']) || + !isset($_POST['board']) || !isset($_POST['password']) ) error(ERROR_BOT); @@ -59,8 +46,6 @@ if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); } - - // TODO: Since we're now using static HTML files, we can't give them cookies on their first page view // Find another anti-spam method. @@ -95,6 +80,8 @@ 'maxsz'=>commaize(MAX_FILESIZE)))); } + if(!openBoard($post['board'])) error(ERROR_NOBOARD); + $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; $post['trip'] = (isset($trip[1])?$trip[1]:''); @@ -320,11 +307,31 @@ exit; } else { - if(!file_exists(FILE_INDEX)) { - buildIndex(); + if(!file_exists(HAS_INSTALLED)) { + sql_open(); + + // Build all boards + $boards_res = mysql_query('SELECT * FROM `boards`', $sql) or error(mysql_error($sql)); + while($_board = mysql_fetch_array($boards_res)) { + setupBoard($_board); + buildIndex(); + } + + sql_close(); + touch(HAS_INSTALLED, 0777); + + die(Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Success', + 'body'=>"
" . + "

Tinyboard is now installed!

" . + "
" + ))); + } else { + // They opened post.php in their browser manually. + // Possible TODO: Redirect back to homepage. + error(ERROR_NOPOST); } - - header('Location: ' . ROOT . FILE_INDEX, true, 302); } ?> From 6f4c28f699369b87ed88f5676a08b69c8efb1cf2 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:40:54 +1100 Subject: [PATCH 024/218] A bunch of new variables --- inc/config.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index bc0f726a..107f1cbc 100644 --- a/inc/config.php +++ b/inc/config.php @@ -48,10 +48,12 @@ define('ERROR_NOIMAGE', 'You must upload an image.', true); define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); define('ERROR_FILEEXT', 'Unsupported image format.', true); + define('ERROR_NOBOARD', 'Invalid board!', true); + define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERR_INVALIDIMG','Invalid image.', true); - define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); - define('ERR_MAXSIZE', 'The file was too big.', true); - define('ERR_INVALIDZIP', 'Invalid archive!', true); + define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); + define('ERR_MAXSIZE', 'The file was too big.', true); + define('ERR_INVALIDZIP','Invalid archive!', true); // For resizing, max values define('THUMB_WIDTH', 200, true); @@ -104,6 +106,10 @@ // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s/', true); + // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. + // This keeps the script from querying the database and causing strain when not needed. + define('HAS_INSTALLED', '.installed', true); + // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) // BOARD_ABBREVIATION - BOARD_TITLE define('BOARD_ABBREVIATION', '/%s/', true); @@ -116,7 +122,7 @@ define('MARKUP_URLS', true, true); // Complex regular expression to catch URLs define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); - + // Allowed file extensions $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); From d3526e020ad977c04387f4df964ec707307557f2 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:41:57 +1100 Subject: [PATCH 025/218] Bug fix. --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index 35110cd6..1ce1e609 100644 --- a/inc/display.php +++ b/inc/display.php @@ -27,7 +27,7 @@ 'subtitle'=>'An error has occured.', 'body'=>"
" . "

$message

" . - "

Go back.

" . + (isset($board) ? "

Go back.

" : ''). "
" ))); } From 38ac7187fdccf4a672a3c69763035660df53e6f8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:44:53 +1100 Subject: [PATCH 026/218] Bug fix. Multiple boards now work. --- inc/functions.php | 1 + post.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 9436e4b6..21be6294 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -43,6 +43,7 @@ } function openBoard($uri) { + global $sql; $boards_res = mysql_query(sprintf("SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri)), $sql) or error(mysql_error($sql)); if($_board = mysql_fetch_array($boards_res)) { setupBoard($_board); diff --git a/post.php b/post.php index 251c54b4..fcaf3bf5 100644 --- a/post.php +++ b/post.php @@ -70,6 +70,7 @@ $post['password'] = $_POST['password']; $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); + $post['board'] = $_POST['board']; if($post['has_file']) { $size = $_FILES['file']['size']; @@ -80,6 +81,7 @@ 'maxsz'=>commaize(MAX_FILESIZE)))); } + sql_open(); if(!openBoard($post['board'])) error(ERROR_NOBOARD); $trip = generate_tripcode($post['name']); @@ -185,7 +187,6 @@ // Todo: Validate some more, remove messy code, allow more specific configuration // MySQLify - sql_open(); mysql_safe_array($post); $id = post($post, $OP); From fc00840004352471bdbbb1a3105bc55d913119ef Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:47:36 +1100 Subject: [PATCH 027/218] Supress PHP errors when moving upload files. --- post.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.php b/post.php index fcaf3bf5..d5cb9d13 100644 --- a/post.php +++ b/post.php @@ -116,7 +116,7 @@ // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; // Move the uploaded file - if(!move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); if($post['zip']) { // Validate ZIP file From 0d5a7b7bd70dd054e7ed9eb149bcd9bcfde5a398 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:50:06 +1100 Subject: [PATCH 028/218] SQL dump. --- install.sql | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/install.sql b/install.sql index 5f704277..c517bdfc 100644 --- a/install.sql +++ b/install.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: 127.0.0.1:3306 --- Generation Time: Nov 02, 2010 at 10:06 PM +-- Generation Time: Nov 30, 2010 at 08:48 PM -- Server version: 5.1.48 -- PHP Version: 5.3.2 @@ -21,12 +21,36 @@ SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; -- -------------------------------------------------------- +-- +-- Table structure for table `boards` +-- + +CREATE TABLE IF NOT EXISTS `boards` ( + `id` smallint(6) NOT NULL AUTO_INCREMENT, + `uri` varchar(8) NOT NULL, + `title` varchar(20) NOT NULL, + `subtitle` varchar(40) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `uri` (`uri`), + UNIQUE KEY `id` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; + +-- +-- Dumping data for table `boards` +-- + +INSERT INTO `boards` (`id`, `uri`, `title`, `subtitle`) VALUES +(1, 'b', 'Beta', 'In development.'); + +-- -------------------------------------------------------- + -- -- Table structure for table `posts` -- CREATE TABLE IF NOT EXISTS `posts` ( `id` int(11) NOT NULL AUTO_INCREMENT, + `board` smallint(6) NOT NULL, `thread` int(11) DEFAULT NULL, `subject` varchar(40) NOT NULL, `email` varchar(30) NOT NULL, From 1e3b6f9b69a91e291dd4809fcac9c2645e332acf Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 20:54:05 +1100 Subject: [PATCH 029/218] Added a notice saying it hasn't 'been patched to work with multiple boards yet.' --- test.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test.php b/test.php index 3e50443a..cda60b0c 100644 --- a/test.php +++ b/test.php @@ -6,8 +6,8 @@ if (file_exists('inc/instance-config.php')) { require 'inc/instance-config.php'; } - require 'inc/template.php'; require 'inc/config.php'; + require 'inc/template.php'; require 'inc/user.php'; function image($type) { @@ -104,5 +104,7 @@ $body .= '

Everything seems okay.

'; } + $body .= '

Disregard me. I haven\'t been patched to work with multiple boards yet.

'; + die(Element('page.html', Array('index' => ROOT, 'title'=>'Tinyboard', 'subtitle'=>'Installation', 'body'=>$body))); ?> \ No newline at end of file From 79f0656ca20c4833d4000d1613da4d753bf2bc2e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 22:59:24 +1100 Subject: [PATCH 030/218] Completing transition to multi-board support. --- inc/functions.php | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 21be6294..c4fd77dd 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -124,14 +124,16 @@ $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename']); $newposts = mysql_query(sprintf( - "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", + "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts` WHERE `board` = '%d' AND `thread` = '%s' ORDER BY `time` DESC LIMIT %d", + $board['id'], $th['id'], THREADS_PREVIEW ), $sql) or error(mysql_error($sql)); if(mysql_num_rows($newposts) == THREADS_PREVIEW) { $count_query = mysql_query(sprintf( - "SELECT COUNT(`id`) as `num` FROM `posts` WHERE `thread` = '%s'", - $th['id'] + "SELECT COUNT(`id`) as `num` FROM `posts` WHERE `board` = '%d' AND `thread` = '%s'", + $board['id'], + $th['id'] ), $sql) or error(mysql_error($sql)); $count = mysql_fetch_array($count_query); $omitted = $count['num'] - THREADS_PREVIEW; @@ -156,7 +158,10 @@ global $sql, $board; sql_open(); - $res = mysql_query("SELECT COUNT(`id`) as `num` FROM `posts` WHERE `thread` IS NULL", $sql) or error(mysql_error($sql)); + $res = mysql_query(sprintf( + "SELECT COUNT(`id`) as `num` FROM `posts` WHERE `board` = '%d' AND `thread` IS NULL", + $board['id'] + ), $sql) or error(mysql_error($sql)); $arr = mysql_fetch_array($res); $count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE); @@ -218,7 +223,11 @@ strlen($cites[3][$index]), ); - $result = mysql_query(sprintf("SELECT `thread`,`id` FROM `posts` WHERE `id` = '%d'", $cite), $sql); + $result = mysql_query(sprintf( + "SELECT `thread`,`id` FROM `posts` WHERE `board` = '%d' AND `id` = '%d' LIMIT 1", + $board['id'], + $cite + ), $sql) or error(mysql_error($sql)); if($post = mysql_fetch_array($result)) { $replacement = '>>' . $cite . ''; } else { @@ -298,9 +307,10 @@ $id = round($id); $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename` FROM `posts` WHERE (`thread` IS NULL AND `id` = '%s') OR `thread` = '%s' ORDER BY `thread`,`time`", - $id, - $id + "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename` FROM `posts` WHERE `board` = '%d' AND ((`thread` IS NULL AND `id` = '%s') OR `thread` = '%s') ORDER BY `thread`,`time`", + $board['id'], + $id, + $id ), $sql) or error(mysql_error($sql)); while($post = mysql_fetch_array($query)) { From b41a4a6ac7392175064c56dcc4d16cab66f541ab Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 23:12:54 +1100 Subject: [PATCH 031/218] Check if thread exists before posting. --- inc/config.php | 1 + inc/functions.php | 18 +++++++++++++++++- post.php | 2 ++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 107f1cbc..f7ab10d6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -49,6 +49,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); define('ERROR_FILEEXT', 'Unsupported image format.', true); define('ERROR_NOBOARD', 'Invalid board!', true); + define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); diff --git a/inc/functions.php b/inc/functions.php index c4fd77dd..453f5146 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -44,13 +44,29 @@ function openBoard($uri) { global $sql; - $boards_res = mysql_query(sprintf("SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri)), $sql) or error(mysql_error($sql)); + $boards_res = mysql_query(sprintf( + "SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", + mysql_real_escape_string($uri) + ), $sql) or error(mysql_error($sql)); + if($_board = mysql_fetch_array($boards_res)) { setupBoard($_board); return true; } else return false; } + function threadExists($id) { + global $sql; + $thread_res = mysql_query(sprintf( + "SELECT 1 FROM `posts` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1", + $id + ), $sql) or error(mysql_error($sql)); + + if(mysql_num_rows($thread_res) > 0) { + return true; + } else return false; + } + function post($post, $OP) { global $sql, $board; if($OP) { diff --git a/post.php b/post.php index d5cb9d13..bdc4819f 100644 --- a/post.php +++ b/post.php @@ -83,6 +83,8 @@ sql_open(); if(!openBoard($post['board'])) error(ERROR_NOBOARD); + if(!$OP && !threadExists($post['thread'])) + error(ERROR_NONEXISTANT); $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; From 210563045dabebec3ef8a4f1c3823293659fdc8d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 23:15:05 +1100 Subject: [PATCH 032/218] Close SQL connection on error. --- inc/display.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inc/display.php b/inc/display.php index 1ce1e609..c910e26c 100644 --- a/inc/display.php +++ b/inc/display.php @@ -21,6 +21,8 @@ function error($message) { global $board; + + if(function_exists('sql_close')) sql_close(); die(Element('page.html', Array( 'index'=>ROOT, 'title'=>'Error', From aefa20a3a4d28b0f0c284722dbc4d0eb144358b7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 23:17:26 +1100 Subject: [PATCH 033/218] Get board information earlier so errors can be properly displayed with a link back to the index. --- post.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/post.php b/post.php index bdc4819f..cadee9ed 100644 --- a/post.php +++ b/post.php @@ -30,7 +30,7 @@ !isset($_POST['password']) ) error(ERROR_BOT); - $post = Array(); + $post = Array('board' => $_POST['board']); if(isset($_POST['thread'])) { $OP = false; @@ -57,6 +57,17 @@ if(time()-$user['appeared']commaize(MAX_FILESIZE)))); } - sql_open(); - if(!openBoard($post['board'])) error(ERROR_NOBOARD); - if(!$OP && !threadExists($post['thread'])) - error(ERROR_NONEXISTANT); - $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; $post['trip'] = (isset($trip[1])?$trip[1]:''); From 88357dc1b343cd356ff0b1f109edd493fba6392e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 12:54:58 +1100 Subject: [PATCH 034/218] Removed pointless comment. --- inc/functions.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 453f5146..44d526f1 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -339,8 +339,7 @@ } mysql_free_result($query); } - - // A lot of the bellow of from BBSchan (An old project by savetheinternet) + function generate_tripcode ( $name, $length = 10 ) { $name = stripslashes ( $name ); $t = explode('#', $name); From 2247e286a3b95d52036a224e87bed3bd3860b65c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 13:08:35 +1100 Subject: [PATCH 035/218] Fixed quotes/cites in posts. --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 44d526f1..4a70da32 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -212,7 +212,7 @@ } function markup(&$body) { - global $sql; + global $sql, $board; if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); From 5e63b4b8a0c6e982bdb01299c1ce175d521b2d35 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 16:20:59 +1100 Subject: [PATCH 036/218] Optional force display of errors --- inc/config.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/inc/config.php b/inc/config.php index f7ab10d6..2cd3b71d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -38,6 +38,9 @@ define('THREADS_PER_PAGE', 10, true); define('MAX_PAGES', 5, true); define('THREADS_PREVIEW', 5, true); + + // For development purposes. Turns 'display_errors' on. Not recommended for production. + define('VERBOSE_ERRORS', true, true); // Error messages define('ERROR_LURK', 'Lurk some more before posting.', true); @@ -151,6 +154,11 @@ chdir(ROOT_FILE); } + if(VERBOSE_ERRORS) { + error_reporting(E_ALL); + ini_set('display_errors', 1); + } + /* Multi-board support removes any use for this. From 5c7de28ca61b00495fbf26c449bb5d5ed38d8669 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 16:42:48 +1100 Subject: [PATCH 037/218] JAIL_COOKIES config directive. --- inc/config.php | 4 +++- inc/user.php | 13 ++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index 2cd3b71d..9dea8ad7 100644 --- a/inc/config.php +++ b/inc/config.php @@ -17,12 +17,14 @@ // The name of the session cookie (PHP's $_SESSION) define('SESS_COOKIE', 'imgboard', true); - + // Used to safely determine when the user was first seen, to prevent floods. // time() define('TIME_COOKIE', 'arrived', true); // HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification. define('HASH_COOKIE', 'hash', true); + // Where to set the 'path' parameter to ROOT when creating cookies. Recommended. + define('JAIL_COOKIES', true, true); // How long should the cookies last (in seconds) define('COOKIE_EXPIRE', 15778463, true); //6 months diff --git a/inc/user.php b/inc/user.php index 1dad35f9..0b9af643 100644 --- a/inc/user.php +++ b/inc/user.php @@ -1,14 +1,21 @@ false, 'appeared' => $time); } else { $user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]); From 52acb4023f10680a89496c8b9b0459fa1a57c6ed Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 16:43:36 +1100 Subject: [PATCH 038/218] Cleaned function. --- inc/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/user.php b/inc/user.php index 0b9af643..2bdf5c05 100644 --- a/inc/user.php +++ b/inc/user.php @@ -7,7 +7,7 @@ session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/'); // Start the session - session_start(COOKIE_EXPIRE); + session_start(); // Session creation time if(!isset($_SESSION['created'])) $_SESSION['created'] = time(); From 8a387bff1e51733f3d25d2269d16b6e8584d0b6e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 18:21:09 +1100 Subject: [PATCH 039/218] Removed unused varaible --- post.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/post.php b/post.php index cadee9ed..8653a2c3 100644 --- a/post.php +++ b/post.php @@ -8,8 +8,6 @@ require 'inc/template.php'; require 'inc/user.php'; - $body = ''; - // Fix for magic quotes if (get_magic_quotes_gpc()) { function strip_array($var) { From 84027c6d83d4a836ea362026df778b7507a9429e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 21:24:14 +1100 Subject: [PATCH 040/218] mod panel --- inc/config.php | 12 +++++- inc/display.php | 14 +++++++ inc/functions.php | 16 +++++++- inc/instance-config.php | 14 +++---- inc/user.php | 90 ++++++++++++++++++++++++++++++++++++++++- 5 files changed, 135 insertions(+), 11 deletions(-) diff --git a/inc/config.php b/inc/config.php index 9dea8ad7..2c1e9dc8 100644 --- a/inc/config.php +++ b/inc/config.php @@ -23,8 +23,13 @@ define('TIME_COOKIE', 'arrived', true); // HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification. define('HASH_COOKIE', 'hash', true); + // Used for moderation login + define('MOD_COOKIE', 'mod', true); // Where to set the 'path' parameter to ROOT when creating cookies. Recommended. define('JAIL_COOKIES', true, true); + + // Whether or not to lock moderator sessions to the IP address that was logged in with. + define('MOD_LOCK_IP', true, true); // How long should the cookies last (in seconds) define('COOKIE_EXPIRE', 15778463, true); //6 months @@ -60,7 +65,12 @@ define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); define('ERR_INVALIDZIP','Invalid archive!', true); - + + // Moderator errors + define('ERROR_INVALID', 'Invalid username and/or password.', true); + define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.'); + define('ERROR_MALFORMED','Invalid/malformed cookies.', true); + // For resizing, max values define('THUMB_WIDTH', 200, true); define('THUMB_HEIGHT', 200, true); diff --git a/inc/display.php b/inc/display.php index c910e26c..29012046 100644 --- a/inc/display.php +++ b/inc/display.php @@ -34,6 +34,20 @@ ))); } + function loginForm($error=false, $username=false) { + if(function_exists('sql_close')) sql_close(); + die(Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Login', + 'body'=>Element('login.html', Array( + 'index'=>ROOT, + 'error'=>$error, + 'username'=>$username + ) + ) + ))); + } + class Post { public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename) { $this->id = $id; diff --git a/inc/functions.php b/inc/functions.php index 4a70da32..b20ed091 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -318,7 +318,7 @@ return $result; } - function buildThread($id) { + function buildThread($id, $return=false) { global $sql, $board; $id = round($id); @@ -335,7 +335,19 @@ } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'])); } - @file_put_contents($board['dir'] . DIR_RES . $id . '.html', Element('thread.html', Array('button'=>BUTTON_REPLY, 'board'=>$board, 'body'=>$thread->build(), 'post_url' => POST_URL, 'index' => ROOT, 'id' => $id))) or error("Couldn't write to file."); + $body = Element('thread.html', Array( + 'button'=>BUTTON_REPLY, + 'board'=>$board, + 'body'=>$thread->build(), + 'post_url' => POST_URL, + 'index' => ROOT, + 'id' => $id + )); + + if($return) + return $body; + else + @file_put_contents($board['dir'] . DIR_RES . $id . '.html', $body) or error("Couldn't write to file."); } mysql_free_result($query); } diff --git a/inc/instance-config.php b/inc/instance-config.php index 1ae82a3f..1c433a9c 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -8,16 +8,16 @@ * You can copy values from config.php (defaults) and paste them here. */ - /* + // Database stuff - define('MY_SERVER', 'localhost'); - define('MY_USER', ''); - define('MY_PASSWORD', ''); - define('MY_DATABASE', ''); + define('MY_SERVER', '127.0.0.1'); + define('MY_USER', 'imgboard'); + define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); + define('MY_DATABASE', 'imgboard'); - define('ROOT', '/'); + define('ROOT', '/board/'); // define('FOO', 'bar'); - */ + ?> \ No newline at end of file diff --git a/inc/user.php b/inc/user.php index 2bdf5c05..05deb0e3 100644 --- a/inc/user.php +++ b/inc/user.php @@ -15,9 +15,97 @@ if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) { $time = time(); setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); - setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + setcookie(HASH_COOKIE, md5($time.SALT), $time+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); $user = Array('valid' => false, 'appeared' => $time); } else { $user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]); } + + // 'false' means that the user is not logged in as a moderator + $mod = false; + + // Creates a small random string for validating moderators' cookies + function mkhash($length=12) { + // The method here isn't really important, + // but I think this generates a relatively + // unique string that looks cool. + // If you choose to change this, make sure it cannot include a ':' character. + return substr(base64_encode(sha1(rand() . time(), true)), 0, $length); + } + + function login($username, $password, $makehash=true) { + global $sql, $mod; + + // SHA1 password + if($makehash) { + $password = sha1($password); + } + + $res = mysql_query(sprintf( + "SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", + mysql_real_escape_string($username), + $password + ), $sql) or error(mysql_error($sql)); + + if($user = mysql_fetch_array($res)) { + return $mod = Array( + 'id' => $user['id'], + 'type' => $user['type'], + 'username' => $username, + 'password' => $password, + 'hash' => mkhash() + ); + } else return false; + } + + function setCookies() { + global $mod; + if(!$mod) error('setCookies() was called for a non-moderator!'); + + // MOD_COOKIE contains username:hash + setcookie(MOD_COOKIE, $mod['username'] . ':' . $mod['hash'], time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + + // Put $mod in the session + $_SESSION['mod'] = $mod; + + // Lock sessions to IP addresses + if(MOD_LOCK_IP) + $_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; + } + + function destroyCookies() { + // Delete the cookies + setcookie(MOD_COOKIE, 'deleted', time()-COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + + // Unset the session + unset($_SESSION['mod']); + } + + if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { + // Should be username:session hash + $cookie = explode(':', $_COOKIE['mod']); + if(count($cookie) != 2) { + destroyCookies(); + error(ERROR_MALFORMED); + } + + // Validate session + if( $cookie[0] != $_SESSION['mod']['username'] || + $cookie[1] != $_SESSION['mod']['hash']) { + // Malformed cookies + destroyCookies(); + error(ERROR_MALFORMED); + } + + // Open connection + sql_open(); + + // Check username/password + if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { + destroyCookies(); + error(ERROR_INVALIDAFTER); + } + + $mod = $_SESSION['mod']; + } ?> \ No newline at end of file From 9f9861ad204ec84721930fb3bd86a064765c51c3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 21:39:34 +1100 Subject: [PATCH 042/218] Fixed bug suppressing any output when mysql is not installed/enabled. --- test.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/test.php b/test.php index cda60b0c..55d97a00 100644 --- a/test.php +++ b/test.php @@ -43,19 +43,21 @@ // Database title('Database'); - if($sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD)) { - $body .= check('Connection to server.', 'ok'); - if(@mysql_select_db(MY_DATABASE, $sql)) - $body .= check('Select database.', 'ok'); - else { - $body .= check('Select database.', 'error'); + if(extension_loaded('mysql')) { + if($sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD)) { + $body .= check('Connection to server.', 'ok'); + if(@mysql_select_db(MY_DATABASE, $sql)) + $body .= check('Select database.', 'ok'); + else { + $body .= check('Select database.', 'error'); + $todo[] = 'instance-config.php: Check database configuration.'; + } + } else { + $body .= check('Connection to server.', 'error'); $todo[] = 'instance-config.php: Check database configuration.'; } - } else { - $body .= check('Connection to server.', 'error'); - $todo[] = 'instance-config.php: Check database configuration.'; } - + // Configuration title('Configuration'); $root = dirname($_SERVER['REQUEST_URI']) . (dirname($_SERVER['REQUEST_URI']) == '/' ? '' : '/'); From 0385f465338ffa3fbcc10056c887b8c236c2533b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 21:53:11 +1100 Subject: [PATCH 043/218] created mod.php --- mod.php | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 mod.php diff --git a/mod.php b/mod.php new file mode 100644 index 00000000..a2b2ef66 --- /dev/null +++ b/mod.php @@ -0,0 +1,42 @@ + + From 760ccab6355226bfc26a1aa39c267063cd439212 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 23:25:39 +1100 Subject: [PATCH 044/218] Removed some code. --- inc/instance-config.php | 12 ++++++------ mod.php | 3 +-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/inc/instance-config.php b/inc/instance-config.php index 1c433a9c..408e9b85 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -9,15 +9,15 @@ */ - + /* // Database stuff define('MY_SERVER', '127.0.0.1'); - define('MY_USER', 'imgboard'); - define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); - define('MY_DATABASE', 'imgboard'); + define('MY_USER', ''); + define('MY_PASSWORD', ''); + define('MY_DATABASE', ''); - define('ROOT', '/board/'); + define('ROOT', '/'); // define('FOO', 'bar'); - + */ ?> \ No newline at end of file diff --git a/mod.php b/mod.php index a2b2ef66..af7e0844 100644 --- a/mod.php +++ b/mod.php @@ -34,8 +34,7 @@ loginForm(); } } else { - var_dump($_COOKIE); - openBoard('b'); + // The rest is not done yet... echo buildThread(1, true); } ?> From e83accb454b4bc09dd05972339bc064373ac6480 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 1 Dec 2010 23:32:31 +1100 Subject: [PATCH 045/218] Added .installed to gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 3311211c..bbe9376e 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,9 @@ thumb/ # instance-config inc/instance-config.php +# .installed +.installed + # other stuff .DS_Store? thumbs.db From f12e52454414a3931b80a0c7d8522050936975ac Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 23:40:43 +1100 Subject: [PATCH 046/218] Removed debugging code. --- inc/instance-config.php | 10 +++++----- mod.php | 1 - src/zip.png | Bin 3 files changed, 5 insertions(+), 6 deletions(-) mode change 100755 => 100644 src/zip.png diff --git a/inc/instance-config.php b/inc/instance-config.php index 408e9b85..e372c8ef 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -9,15 +9,15 @@ */ - /* + // Database stuff define('MY_SERVER', '127.0.0.1'); - define('MY_USER', ''); - define('MY_PASSWORD', ''); - define('MY_DATABASE', ''); + define('MY_USER', 'imgboard'); + define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); + define('MY_DATABASE', 'imgboard'); define('ROOT', '/'); // define('FOO', 'bar'); - */ + ?> \ No newline at end of file diff --git a/mod.php b/mod.php index af7e0844..bee64011 100644 --- a/mod.php +++ b/mod.php @@ -35,7 +35,6 @@ } } else { // The rest is not done yet... - echo buildThread(1, true); } ?> diff --git a/src/zip.png b/src/zip.png old mode 100755 new mode 100644 From c2859e862ce068d2d1a0d0ba6dfdd9c81636b6e6 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 23:41:48 +1100 Subject: [PATCH 047/218] Removed debugging code. --- inc/instance-config.php | 10 +++++----- mod.php | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/inc/instance-config.php b/inc/instance-config.php index 408e9b85..e372c8ef 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -9,15 +9,15 @@ */ - /* + // Database stuff define('MY_SERVER', '127.0.0.1'); - define('MY_USER', ''); - define('MY_PASSWORD', ''); - define('MY_DATABASE', ''); + define('MY_USER', 'imgboard'); + define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); + define('MY_DATABASE', 'imgboard'); define('ROOT', '/'); // define('FOO', 'bar'); - */ + ?> \ No newline at end of file diff --git a/mod.php b/mod.php index af7e0844..bee64011 100644 --- a/mod.php +++ b/mod.php @@ -35,7 +35,6 @@ } } else { // The rest is not done yet... - echo buildThread(1, true); } ?> From 3ff14ef4eaa860fcfdcef8aafc6446f96a9051d8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 23:42:44 +1100 Subject: [PATCH 048/218] Disregard. --- inc/instance-config.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/instance-config.php b/inc/instance-config.php index e372c8ef..408e9b85 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -9,15 +9,15 @@ */ - + /* // Database stuff define('MY_SERVER', '127.0.0.1'); - define('MY_USER', 'imgboard'); - define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); - define('MY_DATABASE', 'imgboard'); + define('MY_USER', ''); + define('MY_PASSWORD', ''); + define('MY_DATABASE', ''); define('ROOT', '/'); // define('FOO', 'bar'); - + */ ?> \ No newline at end of file From 3e91dbadd449e4f0e189c2b2dce33d782af31f6f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 1 Dec 2010 23:44:57 +1100 Subject: [PATCH 049/218] Fixed instance-config.php --- inc/instance-config.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/instance-config.php b/inc/instance-config.php index e372c8ef..408e9b85 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -9,15 +9,15 @@ */ - + /* // Database stuff define('MY_SERVER', '127.0.0.1'); - define('MY_USER', 'imgboard'); - define('MY_PASSWORD', 'DF3uHz4vvhUM6rCq'); - define('MY_DATABASE', 'imgboard'); + define('MY_USER', ''); + define('MY_PASSWORD', ''); + define('MY_DATABASE', ''); define('ROOT', '/'); // define('FOO', 'bar'); - + */ ?> \ No newline at end of file From 162fcff691f8bd4a14e1985131af3a1fd52a7ff9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 01:17:27 +1100 Subject: [PATCH 050/218] Added basis for query handling. --- mod.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/mod.php b/mod.php index bee64011..462f6797 100644 --- a/mod.php +++ b/mod.php @@ -34,6 +34,22 @@ loginForm(); } } else { + $query = $_SERVER['QUERY_STRING']; + $regex = Array( + 'board' => str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) + ); + + // Dashboard + if(preg_match('/^\/?$/', $query)) { + + + // Board index + } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query)) { + + + } else { + error("Page not found."); + } // The rest is not done yet... } ?> From 20fd2fc23224cf300086cba0f53e32e23a2e8421 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:02:04 +1100 Subject: [PATCH 051/218] Basic login and page handling. --- inc/config.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index 2c1e9dc8..0ca457c4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -28,9 +28,6 @@ // Where to set the 'path' parameter to ROOT when creating cookies. Recommended. define('JAIL_COOKIES', true, true); - // Whether or not to lock moderator sessions to the IP address that was logged in with. - define('MOD_LOCK_IP', true, true); - // How long should the cookies last (in seconds) define('COOKIE_EXPIRE', 15778463, true); //6 months @@ -122,6 +119,14 @@ // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s/', true); + /* + Mod stuff + */ + // Whether or not to lock moderator sessions to the IP address that was logged in with. + define('MOD_LOCK_IP', true, true); + // The page that is first shown when a moderator logs in. Defaults to the dashboard. + define('MOD_DEFAULT', '/', true); + // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. define('HAS_INSTALLED', '.installed', true); From c327056f13a8eabd22aae178a3ce1c962b5a044c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:02:48 +1100 Subject: [PATCH 052/218] Page handling --- mod.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/mod.php b/mod.php index 462f6797..8a328092 100644 --- a/mod.php +++ b/mod.php @@ -9,7 +9,7 @@ require 'inc/user.php'; // If not logged in - if(!$user) { + if(!$mod) { if(isset($_POST['login'])) { // Check if inputs are set and not empty if( !isset($_POST['username']) || @@ -28,6 +28,9 @@ // Set cookies setCookies(); + // Redirect + header('Location: ?' . MOD_DEFAULT, true, 302); + // Close connection sql_close(); } else { @@ -36,21 +39,25 @@ } else { $query = $_SERVER['QUERY_STRING']; $regex = Array( - 'board' => str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) + 'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')) ); - // Dashboard if(preg_match('/^\/?$/', $query)) { + // Dashboard + + } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) { + // Board index - // Board index - } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query)) { + $boardName = $matches[1]; + // Open board + openBoard($boardName); + echo Element('index.html', index(1)); } else { - error("Page not found."); + error("Page not found."); } - // The rest is not done yet... } ?> From b2bd3303f96167bbc3812b01e386e3b1c5252eef Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:07:24 +1100 Subject: [PATCH 053/218] REDIRECT_HTTP directive --- inc/config.php | 5 +++++ inc/functions.php | 1 + mod.php | 2 +- post.php | 4 ++-- res/index.php | 2 +- src/index.php | 2 +- thumb/index.php | 2 +- 7 files changed, 12 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 0ca457c4..164c1f1a 100644 --- a/inc/config.php +++ b/inc/config.php @@ -119,6 +119,11 @@ // Multi-board (%s is board abbreviation) define('BOARD_PATH', '%s/', true); + // The HTTP status code to use when redirecting. + // Should be 3xx (redirection). http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html + // "302" is recommended. + define('REDIRECT_HTTP', 302, true); + /* Mod stuff */ diff --git a/inc/functions.php b/inc/functions.php index b20ed091..2349197c 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -44,6 +44,7 @@ function openBoard($uri) { global $sql; + sql_open(); $boards_res = mysql_query(sprintf( "SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri) diff --git a/mod.php b/mod.php index 8a328092..44aada37 100644 --- a/mod.php +++ b/mod.php @@ -29,7 +29,7 @@ setCookies(); // Redirect - header('Location: ?' . MOD_DEFAULT, true, 302); + header('Location: ?' . MOD_DEFAULT, true, REDIRECT_HTTP); // Close connection sql_close(); diff --git a/post.php b/post.php index 8653a2c3..78d1fd60 100644 --- a/post.php +++ b/post.php @@ -306,9 +306,9 @@ sql_close(); if(ALWAYS_NOKO || $noko) { - header('Location: ' . ROOT . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, 302); + header('Location: ' . ROOT . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, REDIRECT_HTTP); } else { - header('Location: ' . ROOT . $board['dir'] . FILE_INDEX, true, 302); + header('Location: ' . ROOT . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); } exit; diff --git a/res/index.php b/res/index.php index c5619a58..1869b1dd 100644 --- a/res/index.php +++ b/res/index.php @@ -1,3 +1,3 @@ \ No newline at end of file diff --git a/src/index.php b/src/index.php index c5619a58..1869b1dd 100644 --- a/src/index.php +++ b/src/index.php @@ -1,3 +1,3 @@ \ No newline at end of file diff --git a/thumb/index.php b/thumb/index.php index c5619a58..1869b1dd 100644 --- a/thumb/index.php +++ b/thumb/index.php @@ -1,3 +1,3 @@ \ No newline at end of file From c9adbdda4c3d7c232dadea74912f4ef1149dd10c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:11:54 +1100 Subject: [PATCH 054/218] login template --- templates/login.html | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 templates/login.html diff --git a/templates/login.html b/templates/login.html new file mode 100644 index 00000000..5ce955a7 --- /dev/null +++ b/templates/login.html @@ -0,0 +1,28 @@ +
+ {error?

{error}

} + + + + + + + + + + + + + +
+ Username + + +
+ Password + + +
+ +
+ +
\ No newline at end of file From e16a05cda7e59041eb2a3c4ffd144d0d89c19f83 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:15:50 +1100 Subject: [PATCH 055/218] listBoards() functions --- inc/functions.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/inc/functions.php b/inc/functions.php index 2349197c..d071fddf 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -56,6 +56,18 @@ } else return false; } + function listBoards() { + global $sql; + sql_open(); + $boards_res = mysql_query("SELECT * FROM `boards`", $sql) or error(mysql_error($sql)); + + $boards = Array(); + while($_board = mysql_fetch_array($boards_res)) { + $boards[] = $_board; + } + return $boards; + } + function threadExists($id) { global $sql; $thread_res = mysql_query(sprintf( From bbb791039821637c045b2378383b0eb167063a27 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:26:09 +1100 Subject: [PATCH 056/218] Created basis for mod dashboard --- inc/mod.php | 25 +++++++++++++++++++++++++ mod.php | 18 +++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 inc/mod.php diff --git a/inc/mod.php b/inc/mod.php new file mode 100644 index 00000000..00f94544 --- /dev/null +++ b/inc/mod.php @@ -0,0 +1,25 @@ + element with a list of linked + // boards and their subtitles. + function ulBoards() { + $body = ''; + } + +?> \ No newline at end of file diff --git a/mod.php b/mod.php index 44aada37..cbcddfb1 100644 --- a/mod.php +++ b/mod.php @@ -7,6 +7,7 @@ require 'inc/config.php'; require 'inc/template.php'; require 'inc/user.php'; + require 'inc/mod.php'; // If not logged in if(!$mod) { @@ -45,7 +46,19 @@ if(preg_match('/^\/?$/', $query)) { // Dashboard - + // Body + $body = ''; + + $body .= '
Boards' . + ulBoards() . + '
'; + + die(Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Dashboard', + 'body'=>$body + ) + )); } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) { // Board index @@ -59,5 +72,8 @@ error("Page not found."); } } + + // Close the connection in-case it's still open + sql_close(); ?> From f753b709ff6bec8bdce71993426ba60045a87215 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 18:30:13 +1100 Subject: [PATCH 057/218] SQL dump --- install.sql | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/install.sql b/install.sql index c517bdfc..1fc1ad76 100644 --- a/install.sql +++ b/install.sql @@ -77,3 +77,24 @@ CREATE TABLE IF NOT EXISTS `posts` ( -- Dumping data for table `posts` -- +-- -------------------------------------------------------- + +-- +-- Table structure for table `mods` +-- + +CREATE TABLE IF NOT EXISTS `mods` ( + `id` smallint(6) NOT NULL AUTO_INCREMENT, + `username` varchar(30) NOT NULL, + `password` char(40) NOT NULL COMMENT 'SHA1', + `type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin', + PRIMARY KEY (`id`), + UNIQUE KEY `id` (`id`,`username`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; + +-- +-- Dumping data for table `mods` +-- + +INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES +(1, 'admin', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 2); From 41daaa16b16146fa90461d514f31a90c71d3b402 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 19:08:29 +1100 Subject: [PATCH 058/218] boards now have individual tables. --- inc/functions.php | 37 +++++++++++++++++++------------------ install.sql | 7 +++---- post.php | 3 ++- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index d071fddf..55c656a8 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -69,9 +69,10 @@ } function threadExists($id) { - global $sql; + global $sql, $board; $thread_res = mysql_query(sprintf( - "SELECT 1 FROM `posts` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1", + "SELECT 1 FROM `posts_%s` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1", + mysql_real_escape_string($board['uri']), $id ), $sql) or error(mysql_error($sql)); @@ -84,8 +85,8 @@ global $sql, $board; if($OP) { mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $board['id'], + sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + mysql_real_escape_string($board['uri']), $post['subject'], $post['email'], $post['name'], @@ -108,8 +109,8 @@ return mysql_insert_id($sql); } else { mysql_query( - sprintf("INSERT INTO `posts` VALUES ( NULL, '%d', '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", - $board['id'], + sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + mysql_real_escape_string($board['uri']), $post['thread'], $post['subject'], $post['email'], @@ -142,8 +143,8 @@ sql_open(); $query = mysql_query(sprintf( - "SELECT * FROM `posts` WHERE `thread` IS NULL AND `board` = '%d' ORDER BY `bump` DESC LIMIT %d,%d", - $board['id'], + "SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `bump` DESC LIMIT %d,%d", + mysql_real_escape_string($board['uri']), $offset, THREADS_PER_PAGE ), $sql) or error(mysql_error($sql)); @@ -153,15 +154,15 @@ $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename']); $newposts = mysql_query(sprintf( - "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts` WHERE `board` = '%d' AND `thread` = '%s' ORDER BY `time` DESC LIMIT %d", - $board['id'], + "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", + mysql_real_escape_string($board['uri']), $th['id'], THREADS_PREVIEW ), $sql) or error(mysql_error($sql)); if(mysql_num_rows($newposts) == THREADS_PREVIEW) { $count_query = mysql_query(sprintf( - "SELECT COUNT(`id`) as `num` FROM `posts` WHERE `board` = '%d' AND `thread` = '%s'", - $board['id'], + "SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = '%s'", + mysql_real_escape_string($board['uri']), $th['id'] ), $sql) or error(mysql_error($sql)); $count = mysql_fetch_array($count_query); @@ -188,8 +189,8 @@ sql_open(); $res = mysql_query(sprintf( - "SELECT COUNT(`id`) as `num` FROM `posts` WHERE `board` = '%d' AND `thread` IS NULL", - $board['id'] + "SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", + mysql_real_escape_string($board['uri']) ), $sql) or error(mysql_error($sql)); $arr = mysql_fetch_array($res); $count = floor((THREADS_PER_PAGE + $arr['num'] - 1) / THREADS_PER_PAGE); @@ -253,8 +254,8 @@ ); $result = mysql_query(sprintf( - "SELECT `thread`,`id` FROM `posts` WHERE `board` = '%d' AND `id` = '%d' LIMIT 1", - $board['id'], + "SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = '%d' LIMIT 1", + mysql_real_escape_string($board['uri']), $cite ), $sql) or error(mysql_error($sql)); if($post = mysql_fetch_array($result)) { @@ -336,8 +337,8 @@ $id = round($id); $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename` FROM `posts` WHERE `board` = '%d' AND ((`thread` IS NULL AND `id` = '%s') OR `thread` = '%s') ORDER BY `thread`,`time`", - $board['id'], + "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%s') OR `thread` = '%s' ORDER BY `thread`,`time`", + mysql_real_escape_string($board['uri']), $id, $id ), $sql) or error(mysql_error($sql)); diff --git a/install.sql b/install.sql index 1fc1ad76..b3039f3c 100644 --- a/install.sql +++ b/install.sql @@ -45,12 +45,11 @@ INSERT INTO `boards` (`id`, `uri`, `title`, `subtitle`) VALUES -- -------------------------------------------------------- -- --- Table structure for table `posts` +-- Table structure for table `posts_b` -- -CREATE TABLE IF NOT EXISTS `posts` ( +CREATE TABLE IF NOT EXISTS `posts_b` ( `id` int(11) NOT NULL AUTO_INCREMENT, - `board` smallint(6) NOT NULL, `thread` int(11) DEFAULT NULL, `subject` varchar(40) NOT NULL, `email` varchar(30) NOT NULL, @@ -74,7 +73,7 @@ CREATE TABLE IF NOT EXISTS `posts` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; -- --- Dumping data for table `posts` +-- Dumping data for table `posts_b` -- -- -------------------------------------------------------- diff --git a/post.php b/post.php index 78d1fd60..0b0e0a64 100644 --- a/post.php +++ b/post.php @@ -296,7 +296,8 @@ if(!$OP) { mysql_query( - sprintf("UPDATE `posts` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", + sprintf("UPDATE `posts_%s` SET `bump` = '%d' WHERE `id` = '%s' AND `thread` IS NULL", + mysql_real_escape_string($board['uri']), time(), $post['thread'] ), $sql) or error(mysql_error($sql)); From 3679f2c78b4ad4c4204738ab0739c9aaad88f751 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 20:50:14 +1100 Subject: [PATCH 059/218] SQL table creation template --- templates/posts.sql | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 templates/posts.sql diff --git a/templates/posts.sql b/templates/posts.sql new file mode 100644 index 00000000..d9c91886 --- /dev/null +++ b/templates/posts.sql @@ -0,0 +1,23 @@ +CREATE TABLE IF NOT EXISTS `posts_{board}` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `thread` int(11) DEFAULT NULL, + `subject` varchar(40) NOT NULL, + `email` varchar(30) NOT NULL, + `name` varchar(25) NOT NULL, + `trip` varchar(15) DEFAULT NULL, + `body` text NOT NULL, + `time` int(11) NOT NULL, + `bump` int(11) DEFAULT NULL, + `thumb` varchar(50) DEFAULT NULL, + `thumbwidth` int(11) DEFAULT NULL, + `thumbheight` int(11) DEFAULT NULL, + `file` varchar(50) DEFAULT NULL, + `filewidth` int(11) DEFAULT NULL, + `fileheight` int(11) DEFAULT NULL, + `filesize` int(11) DEFAULT NULL, + `filename` varchar(30) DEFAULT NULL, + `filehash` varchar(32) DEFAULT NULL, + `password` varchar(20) DEFAULT NULL, + `ip` varchar(15) NOT NULL, + UNIQUE KEY `id` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; \ No newline at end of file From cb0912754f826e468b32c178e1abc7739463c494 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 20:55:56 +1100 Subject: [PATCH 060/218] "Create board" page --- inc/config.php | 9 +++- inc/mod.php | 130 +++++++++++++++++++++++++++++++++++++++++++++++-- inc/user.php | 87 --------------------------------- mod.php | 73 +++++++++++++++++++++++++-- 4 files changed, 201 insertions(+), 98 deletions(-) diff --git a/inc/config.php b/inc/config.php index 164c1f1a..3bb24b85 100644 --- a/inc/config.php +++ b/inc/config.php @@ -67,6 +67,9 @@ define('ERROR_INVALID', 'Invalid username and/or password.', true); define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.'); define('ERROR_MALFORMED','Invalid/malformed cookies.', true); + define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); + define('ERROR_REQUIRED', 'The %s field is required.', true); + define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); // For resizing, max values define('THUMB_WIDTH', 200, true); @@ -132,6 +135,10 @@ // The page that is first shown when a moderator logs in. Defaults to the dashboard. define('MOD_DEFAULT', '/', true); + define('MOD_JANITOR', 0, true); + define('MOD_MOD', 1, true); + define('MOD_ADMIN', 2, true); + // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. define('HAS_INSTALLED', '.installed', true); @@ -139,7 +146,7 @@ // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) // BOARD_ABBREVIATION - BOARD_TITLE define('BOARD_ABBREVIATION', '/%s/', true); - + // Automatically convert things like "..." to Unicode characters ("…") define('AUTO_UNICODE', true, true); // Use some Wiki-like syntax (''em'', '''strong''', ==Heading==, etc) diff --git a/inc/mod.php b/inc/mod.php index 00f94544..83e4cfdf 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -1,8 +1,96 @@ - $user['id'], + 'type' => $user['type'], + 'username' => $username, + 'password' => $password, + 'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash() + ); + } else return false; + } + + function setCookies() { + global $mod; + if(!$mod) error('setCookies() was called for a non-moderator!'); + + // MOD_COOKIE contains username:hash + setcookie(MOD_COOKIE, $mod['username'] . ':' . $mod['hash'], time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + + // Put $mod in the session + $_SESSION['mod'] = $mod; + + // Lock sessions to IP addresses + if(MOD_LOCK_IP) + $_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; + } + + function destroyCookies() { + // Delete the cookies + setcookie(MOD_COOKIE, 'deleted', time()-COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + + // Unset the session + unset($_SESSION['mod']); + } + + if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { + // Should be username:session hash + $cookie = explode(':', $_COOKIE['mod']); + if(count($cookie) != 2) { + destroyCookies(); + error(ERROR_MALFORMED); + } + + // Validate session + if( $cookie[0] != $_SESSION['mod']['username'] || + $cookie[1] != $_SESSION['mod']['hash']) { + // Malformed cookies + destroyCookies(); + error(ERROR_MALFORMED); + } + + // Open connection + sql_open(); + + // Check username/password + if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { + destroyCookies(); + error(ERROR_INVALIDAFTER); + } + + } + // Generates a
    element with a list of linked // boards and their subtitles. function ulBoards() { + global $mod; + $body = '
      '; // List of boards @@ -14,12 +102,44 @@ sprintf(BOARD_PATH, $b['uri']) . FILE_INDEX . '">' . sprintf(BOARD_ABBREVIATION, $b['uri']) . - '' . - (isset($b['subtitle']) ? ' - ' . $b['subtitle'] : '') . + ' - ' . + $b['title'] . + (isset($b['subtitle']) ? ' — ' . $b['subtitle'] . '' : '') . ''; } + if($mod['type'] == MOD_ADMIN) { + $body .= '
    • Create new board
      • '; + } return $body . '
    '; } - + + function form_newBoard() { + return '
    New board' . + '
    ' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
    ' . + ' (eg. "b"; "mu")' . + '
    ' . + ' (eg. "Random")' . + '
    ' . + ' (optional)' . + '
    ' . + '
    ' . + '
    '; + } + ?> \ No newline at end of file diff --git a/inc/user.php b/inc/user.php index 05deb0e3..126777bd 100644 --- a/inc/user.php +++ b/inc/user.php @@ -21,91 +21,4 @@ $user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]); } - // 'false' means that the user is not logged in as a moderator - $mod = false; - - // Creates a small random string for validating moderators' cookies - function mkhash($length=12) { - // The method here isn't really important, - // but I think this generates a relatively - // unique string that looks cool. - // If you choose to change this, make sure it cannot include a ':' character. - return substr(base64_encode(sha1(rand() . time(), true)), 0, $length); - } - - function login($username, $password, $makehash=true) { - global $sql, $mod; - - // SHA1 password - if($makehash) { - $password = sha1($password); - } - - $res = mysql_query(sprintf( - "SELECT `id`,`type` FROM `mods` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - mysql_real_escape_string($username), - $password - ), $sql) or error(mysql_error($sql)); - - if($user = mysql_fetch_array($res)) { - return $mod = Array( - 'id' => $user['id'], - 'type' => $user['type'], - 'username' => $username, - 'password' => $password, - 'hash' => mkhash() - ); - } else return false; - } - - function setCookies() { - global $mod; - if(!$mod) error('setCookies() was called for a non-moderator!'); - - // MOD_COOKIE contains username:hash - setcookie(MOD_COOKIE, $mod['username'] . ':' . $mod['hash'], time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); - - // Put $mod in the session - $_SESSION['mod'] = $mod; - - // Lock sessions to IP addresses - if(MOD_LOCK_IP) - $_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; - } - - function destroyCookies() { - // Delete the cookies - setcookie(MOD_COOKIE, 'deleted', time()-COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); - - // Unset the session - unset($_SESSION['mod']); - } - - if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { - // Should be username:session hash - $cookie = explode(':', $_COOKIE['mod']); - if(count($cookie) != 2) { - destroyCookies(); - error(ERROR_MALFORMED); - } - - // Validate session - if( $cookie[0] != $_SESSION['mod']['username'] || - $cookie[1] != $_SESSION['mod']['hash']) { - // Malformed cookies - destroyCookies(); - error(ERROR_MALFORMED); - } - - // Open connection - sql_open(); - - // Check username/password - if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { - destroyCookies(); - error(ERROR_INVALIDAFTER); - } - - $mod = $_SESSION['mod']; - } ?> \ No newline at end of file diff --git a/mod.php b/mod.php index cbcddfb1..3390d180 100644 --- a/mod.php +++ b/mod.php @@ -38,27 +38,90 @@ loginForm(); } } else { - $query = $_SERVER['QUERY_STRING']; + $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $regex = Array( 'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')) ); if(preg_match('/^\/?$/', $query)) { // Dashboard - - // Body $body = ''; $body .= '
    Boards' . ulBoards() . '
    '; - die(Element('page.html', Array( + // TODO: Statistics, etc, in the dashboard. + + echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'Dashboard', 'body'=>$body ) - )); + ); + } elseif(preg_match('/^\/new$/', $query)) { + // New board + $body = ''; + + if(isset($_POST['new_board'])) { + // Create new board + if( !isset($_POST['uri']) || + !isset($_POST['title']) || + !isset($_POST['subtitle']) + ) error(ERROR_MISSEDAFIELD); + + $b = Array( + 'uri' => $_POST['uri'], + 'title' => $_POST['title'], + 'subtitle' => $_POST['subtitle'] + ); + + // Check required fields + if(empty($b['uri'])) + error(sprintf(ERROR_REQUIRED, 'URI')); + if(empty($b['title'])) + error(sprintf(ERROR_REQUIRED, 'title')); + + // Check string lengths + if(strlen($b['uri']) > 8) + error(sprintf(ERROR_TOOLONG, 'URI')); + if(strlen($b['title']) > 20) + error(sprintf(ERROR_TOOLONG, 'title')); + if(strlen($b['subtitle']) > 40) + error(sprintf(ERROR_TOOLONG, 'subtitle')); + + if(!preg_match('/^\w+$/', $b['uri'])) + error(sprintf(ERROR_INVALIDFIELD, 'URI')); + + mysql_query(sprintf( + "INSERT INTO `boards` VALUES (NULL, '%s', '%s', " . + (empty($b['subtitle']) ? 'NULL' : "'%s'" ) . + ")", + mysql_real_escape_string($b['uri']), + mysql_real_escape_string($b['title']), + mysql_real_escape_string($b['subtitle']) + ), $sql) or error(mysql_error($sql)); + + // Open the board + openBoard($b['uri']) or error("Couldn't open board after creation."); + + // Create the posts table + mysql_query(Element('posts.sql', Array('board' => $board['uri'])), $sql) or error(mysql_error($sql)); + + // Build the board + buildIndex(); + } + + $body .= form_newBoard(); + + // TODO: Statistics, etc, in the dashboard. + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'New board', + 'body'=>$body + ) + ); } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) { // Board index From 337728f5911779cee6c28ffdd4dcccac59ce915f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 2 Dec 2010 20:57:15 +1100 Subject: [PATCH 061/218] Fixed encoding error --- inc/mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod.php b/inc/mod.php index 83e4cfdf..bf2227f1 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -1,4 +1,4 @@ - Date: Sat, 4 Dec 2010 14:58:24 +1100 Subject: [PATCH 062/218] Fix encoding issue. --- mod.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mod.php b/mod.php index 3390d180..744755c6 100644 --- a/mod.php +++ b/mod.php @@ -9,6 +9,9 @@ require 'inc/user.php'; require 'inc/mod.php'; + // Fix some encoding issues + header('Content-Type: text/html; charset=utf-8', true); + // If not logged in if(!$mod) { if(isset($_POST['login'])) { @@ -53,6 +56,8 @@ // TODO: Statistics, etc, in the dashboard. + $body .= '
    Configuration' . highlight_file('inc/instance-config.php', true) . '
    '; + echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'Dashboard', From 6d2813857efa308ed295048f047ea45b698ac093 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 8 Dec 2010 04:32:07 +1100 Subject: [PATCH 063/218] Fix for IP address links --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 3bb24b85..284692ce 100644 --- a/inc/config.php +++ b/inc/config.php @@ -154,7 +154,7 @@ // Whether to turn URLs into functional links define('MARKUP_URLS', true, true); // Complex regular expression to catch URLs - define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '([\w\-]+\.)+[a-zA-Z]{2,6}' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); + define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); // Allowed file extensions $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); From 88c4ef787e2ca0a954cfe41f60cb58eee461412b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:38:49 +1100 Subject: [PATCH 064/218] Simple permission handling --- inc/config.php | 1 + mod.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/inc/config.php b/inc/config.php index 284692ce..832afffb 100644 --- a/inc/config.php +++ b/inc/config.php @@ -70,6 +70,7 @@ define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); define('ERROR_REQUIRED', 'The %s field is required.', true); define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); + define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true); // For resizing, max values define('THUMB_WIDTH', 200, true); diff --git a/mod.php b/mod.php index 744755c6..5695ad8b 100644 --- a/mod.php +++ b/mod.php @@ -65,6 +65,8 @@ ) ); } elseif(preg_match('/^\/new$/', $query)) { + if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS); + // New board $body = ''; From 46ad66514a4baa4f83f67f457ed9e894e1804d4b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:39:56 +1100 Subject: [PATCH 065/218] A comment. --- inc/config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/config.php b/inc/config.php index 832afffb..8411dd31 100644 --- a/inc/config.php +++ b/inc/config.php @@ -136,6 +136,7 @@ // The page that is first shown when a moderator logs in. Defaults to the dashboard. define('MOD_DEFAULT', '/', true); + // Probably best not to change these: define('MOD_JANITOR', 0, true); define('MOD_MOD', 1, true); define('MOD_ADMIN', 2, true); From afd5f5b9cc75c0197acf1311b17f935e48917b0b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:42:16 +1100 Subject: [PATCH 066/218] Comment out useless code at this time --- mod.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mod.php b/mod.php index 5695ad8b..62200545 100644 --- a/mod.php +++ b/mod.php @@ -61,7 +61,8 @@ echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'Dashboard', - 'body'=>$body + 'body'=>$body, + 'mod'=>true ) ); } elseif(preg_match('/^\/new$/', $query)) { @@ -126,7 +127,8 @@ echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'New board', - 'body'=>$body + 'body'=>$body, + 'mod'=>true ) ); } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) { @@ -136,7 +138,7 @@ // Open board openBoard($boardName); - echo Element('index.html', index(1)); + // echo Element('index.html', index(1)); } else { error("Page not found."); From f4d35fd3410f84524a1d18ceca55a0b31f165c19 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:45:09 +1100 Subject: [PATCH 067/218] Erorr handling --- mod.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 62200545..a00d5ac8 100644 --- a/mod.php +++ b/mod.php @@ -136,7 +136,8 @@ $boardName = $matches[1]; // Open board - openBoard($boardName); + if(!openBoard($boardName)) + error(ERROR_NOBOARD); // echo Element('index.html', index(1)); From 04a812c5ff02c463550369ff827a66f2d6f2f3c9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:48:13 +1100 Subject: [PATCH 068/218] moderator template change --- templates/page.html | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/page.html b/templates/page.html index f47fbca4..bdf09579 100644 --- a/templates/page.html +++ b/templates/page.html @@ -9,6 +9,7 @@

    {title}

    {subtitle?{subtitle}}
    + {mod?Return to dashboard} {body}

    Copyright © 2010 OmegaSDG

    From 12848daf0c2c6d0f695d9d45040291310d5b27f4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:49:28 +1100 Subject: [PATCH 069/218] Style change on dashboard link --- templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/page.html b/templates/page.html index bdf09579..487f8f28 100644 --- a/templates/page.html +++ b/templates/page.html @@ -9,7 +9,7 @@

    {title}

    {subtitle?{subtitle}}
    - {mod?Return to dashboard} + {mod?Return to dashboard} {body}

    Copyright © 2010 OmegaSDG

    From 0df2dfd6d5ba6b298b12568d5d4daf4ebfeb89fb Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:53:30 +1100 Subject: [PATCH 070/218] MOD_NEVER_REAL_PASSWORD in config.php --- inc/config.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inc/config.php b/inc/config.php index 8411dd31..5c1e5a0d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -135,6 +135,8 @@ define('MOD_LOCK_IP', true, true); // The page that is first shown when a moderator logs in. Defaults to the dashboard. define('MOD_DEFAULT', '/', true); + // Don't even display MySQL password to administrators (in the configuration page) + define('MOD_NEVER_REAL_PASSWORD', true, true); // Probably best not to change these: define('MOD_JANITOR', 0, true); From b5a4377e09176c171bd3c233d6a067548fb528ba Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 20:57:34 +1100 Subject: [PATCH 071/218] Config page --- mod.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index a00d5ac8..05b4b491 100644 --- a/mod.php +++ b/mod.php @@ -56,11 +56,29 @@ // TODO: Statistics, etc, in the dashboard. - $body .= '
    Configuration' . highlight_file('inc/instance-config.php', true) . '
    '; - echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'Dashboard', + 'body'=>$body + //,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ + ) + ); + } elseif(preg_match('/^\/config$/', $query)) { + if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS); + + // Show instance-config.php + + $data = highlight_file('inc/instance-config.php', true); + if(MOD_NEVER_REAL_PASSWORD) { + // Rough and dirty removal of password + $data = str_replace(MY_PASSWORD, '*******', $data); + } + + $body = '
    Configuration' . $data . '
    '; + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Configuration', 'body'=>$body, 'mod'=>true ) From aca7afbf46bc768128204a8ef9dc50dc5377616c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:03:20 +1100 Subject: [PATCH 072/218] Moved "$mod = false" to user.php --- inc/mod.php | 4 +--- inc/user.php | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index bf2227f1..92d6de09 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -1,7 +1,5 @@ Date: Fri, 10 Dec 2010 21:14:45 +1100 Subject: [PATCH 073/218] Ability to show poster IP addresses to moderators --- inc/display.php | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/inc/display.php b/inc/display.php index 29012046..25fbc6ba 100644 --- a/inc/display.php +++ b/inc/display.php @@ -49,7 +49,7 @@ } class Post { - public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename) { + public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { $this->id = $id; $this->thread = $thread; $this->subject = utf8tohtml($subject); @@ -66,9 +66,11 @@ $this->filey = $filey; $this->filesize = $filesize; $this->filename = $filename; + $this->ip = $ip; + $this->root = $root; } public function build($index=false) { - global $board; + global $board, $mod; $built = '
    ' . '

    '; @@ -84,6 +86,11 @@ // Trip . (!empty($this->trip) ? ' '.$this->trip.'':''); + // IP Address + if($mod && $mod['type'] >= MOD_SHOW_IP) { + $built .= ' [' . $this->ip . ']'; + } + // End email if(!empty($this->email)) $built .= ''; @@ -94,14 +101,14 @@ $built .= ' No.' . + ' href="' . $this->root . $board['dir'] . DIR_RES . $this->thread . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . '

    '; // File info if(!empty($this->file)) { - $built .= '

    File: ' . $this->file . ' (' . + $built .= '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -114,7 +121,7 @@ // Filename $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; } // Body @@ -126,7 +133,7 @@ class Thread { public $omitted = 0; - public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename) { + public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { $this->id = $id; $this->subject = utf8tohtml($subject); $this->email = $email; @@ -144,6 +151,8 @@ $this->filename = $filename; $this->omitted = 0; $this->posts = Array(); + $this->ip = $ip; + $this->root = $root; } public function add(Post $post) { $this->posts[] = $post; @@ -151,9 +160,9 @@ public function build($index=false) { - global $board; + global $board, $mod; - $built = '

    File: ' . $this->file . ' (' . + $built = '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -166,7 +175,7 @@ // Filename $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; $built .= '

    '; @@ -181,6 +190,11 @@ // Trip . (!empty($this->trip) ? ' '.$this->trip.'':''); + // IP Address + if($mod && $mod['type'] >= MOD_SHOW_IP) { + $built .= ' [' . $this->ip . ']'; + } + // End email if(!empty($this->email)) $built .= ''; @@ -191,11 +205,11 @@ $built .= ' No.' . + ' href="' . $this->root . $board['dir'] . DIR_RES . $this->id . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . // [Reply] - ($index ? '[Reply]' : '') . + ($index ? '[Reply]' : '') . '

    '; // Body From 5c557d44e8595f1381f3df1fe3ee5c7159837ac3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:15:02 +1100 Subject: [PATCH 074/218] MOD_SHOW_IP in config.php --- inc/config.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/config.php b/inc/config.php index 5c1e5a0d..2d2dddf6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -143,6 +143,9 @@ define('MOD_MOD', 1, true); define('MOD_ADMIN', 2, true); + // What level of administration you need to view IP addresses + define('MOD_SHOW_IP', MOD_MOD, true); + // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. define('HAS_INSTALLED', '.installed', true); From d97b1a56c4615c8b57991bcc40601225e0a87cbe Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:15:44 +1100 Subject: [PATCH 075/218] View board --- mod.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 05b4b491..ab59d43e 100644 --- a/mod.php +++ b/mod.php @@ -157,7 +157,10 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - // echo Element('index.html', index(1)); + $page = index(1); + $page['mod'] = true; + + echo Element('index.html', $page); } else { error("Page not found."); From 33c27ce7faaf8782b07d33b4779181dd976fd3d4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:16:20 +1100 Subject: [PATCH 076/218] Finalized showing IP addresses for mods --- inc/functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 55c656a8..c6ef451e 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -151,10 +151,10 @@ if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = mysql_fetch_array($query)) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename']); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip']); $newposts = mysql_query(sprintf( - "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", + "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", mysql_real_escape_string($board['uri']), $th['id'], THREADS_PREVIEW @@ -173,7 +173,7 @@ unset($omitted); } while($po = mysql_fetch_array($newposts)) { - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'])); + $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'])); } mysql_free_result($newposts); @@ -337,7 +337,7 @@ $id = round($id); $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%s') OR `thread` = '%s' ORDER BY `thread`,`time`", + "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%s') OR `thread` = '%s' ORDER BY `thread`,`time`", mysql_real_escape_string($board['uri']), $id, $id @@ -345,9 +345,9 @@ while($post = mysql_fetch_array($query)) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], false); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip']); } else { - $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'])); + $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'])); } $body = Element('thread.html', Array( 'button'=>BUTTON_REPLY, From dcaeb7a81a39d9d0274dac0d3a389cb1e0b6954a Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:22:46 +1100 Subject: [PATCH 077/218] Fixed links for mod pages --- inc/display.php | 8 ++++---- inc/functions.php | 6 +++--- mod.php | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/inc/display.php b/inc/display.php index 25fbc6ba..83b1d3bf 100644 --- a/inc/display.php +++ b/inc/display.php @@ -108,7 +108,7 @@ // File info if(!empty($this->file)) { - $built .= '

    File: ' . $this->file . ' (' . + $built .= '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -121,7 +121,7 @@ // Filename $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; } // Body @@ -162,7 +162,7 @@ public function build($index=false) { global $board, $mod; - $built = '

    File: ' . $this->file . ' (' . + $built = '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions @@ -175,7 +175,7 @@ // Filename $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; $built .= '

    '; diff --git a/inc/functions.php b/inc/functions.php index c6ef451e..4c3f281a 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -135,7 +135,7 @@ } } - function index($page) { + function index($page, $mod) { global $sql, $board; $body = ''; @@ -151,7 +151,7 @@ if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = mysql_fetch_array($query)) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip']); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $mod ? '?/' : null); $newposts = mysql_query(sprintf( "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", @@ -173,7 +173,7 @@ unset($omitted); } while($po = mysql_fetch_array($newposts)) { - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'])); + $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : null)); } mysql_free_result($newposts); diff --git a/mod.php b/mod.php index ab59d43e..6fe71720 100644 --- a/mod.php +++ b/mod.php @@ -157,7 +157,7 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $page = index(1); + $page = index(1, true); $page['mod'] = true; echo Element('index.html', $page); From 409ee49ed35728b68279e290a3661a2b35b24c5f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 10 Dec 2010 21:24:54 +1100 Subject: [PATCH 078/218] Fixed a small bug with the quote links on index pages --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index 83b1d3bf..a5bb1c70 100644 --- a/inc/display.php +++ b/inc/display.php @@ -103,7 +103,7 @@ ($index?'':' onclick="highlightReply(' . $this->id . ');"') . ' href="' . $this->root . $board['dir'] . DIR_RES . $this->thread . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . '

    '; // File info From 974492e11fbb82e1bafb95fd22be4a5f9391b177 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 13 Dec 2010 02:21:56 +1100 Subject: [PATCH 079/218] Fixed major bug causing new installations to fail --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 4c3f281a..631685fb 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -135,7 +135,7 @@ } } - function index($page, $mod) { + function index($page, $mod=false) { global $sql, $board; $body = ''; From 7a728f4a3e59e3deb9b466418bc62bd4eca9b5d9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 13 Dec 2010 02:24:26 +1100 Subject: [PATCH 080/218] Fixed bug causing incorrect links when not a mod --- inc/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 631685fb..ecbe4478 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -151,7 +151,7 @@ if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = mysql_fetch_array($query)) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $mod ? '?/' : null); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $mod ? '?/' : ROOT); $newposts = mysql_query(sprintf( "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", @@ -173,7 +173,7 @@ unset($omitted); } while($po = mysql_fetch_array($newposts)) { - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : null)); + $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); } mysql_free_result($newposts); From 5adfff925b144161c840f63ebb271c11c3c0c883 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 13 Dec 2010 02:44:43 +1100 Subject: [PATCH 081/218] Post moderation controls --- inc/config.php | 23 ++++++++++++++++++++++- inc/display.php | 33 +++++++++++++++++++++++++++++++-- 2 files changed, 53 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index 2d2dddf6..e3080316 100644 --- a/inc/config.php +++ b/inc/config.php @@ -143,8 +143,29 @@ define('MOD_MOD', 1, true); define('MOD_ADMIN', 2, true); - // What level of administration you need to view IP addresses + // Permissions + // What level of administration you need to: + + // View IP addresses define('MOD_SHOW_IP', MOD_MOD, true); + // Delete a post + define('MOD_DELETE', MOD_JANITOR, true); + // Ban a user for a post + define('MOD_BAN', MOD_MOD, true); + // Ban and delete (one click; instant) + define('MOD_BANDELETE', MOD_BAN, true); + // Delete file (and keep post) + define('MOD_DELETEFILE', MOD_JANITOR, true); + // Delete all posts by IP + define('MOD_DELETEBYIP', MOD_BAN, true); + + // Mod links (full HTML) + // Correspond to above permission directives + define('MOD_LINK_DELETE', '[D]', true); + define('MOD_LINK_BAN', '[B]', true); + define('MOD_LINK_BANDELETE', '[B&D]', true); + define('MOD_LINK_DELETEFILE', '[F]', true); + define('MOD_LINK_DELETEBYIP', '[D+]', true); // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. diff --git a/inc/display.php b/inc/display.php index a5bb1c70..b8a58e2b 100644 --- a/inc/display.php +++ b/inc/display.php @@ -119,9 +119,38 @@ $built .= ', ' . $fraction; } // Filename - $built .= ', ' . $this->filename . ')

    ' . + $built .= ', ' . $this->filename . ')

    ' . + // Thumbnail - ''; + ''; + } + + if($mod) { + // Mod controls (on posts) + $built .= '

    '; + + // Delete + if($mod['type'] >= MOD_DELETE) + $built .= ' ' . MOD_LINK_DELETE . ''; + + // Delete all posts by IP + if($mod['type'] >= MOD_DELETEBYIP) + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + + // Ban + if($mod['type'] >= MOD_BAN) + $built .= ' ' . MOD_LINK_BAN . ''; + + // Ban & Delete + if($mod['type'] >= MOD_BANDELETE) + $built .= ' ' . MOD_LINK_BANDELETE . ''; + + // Delete file (keep post) + if($mod['type'] >= MOD_DELETEFILE) + $built .= ' ' . MOD_LINK_DELETEFILE . ''; + + + $built .= '

    '; } // Body From fe1ca57ff5039a2f618c84a6de41097ff6c38841 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 16:36:14 +1100 Subject: [PATCH 082/218] FILE_PAGE was being ignored --- inc/functions.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index ecbe4478..69c719ba 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -332,12 +332,12 @@ return $result; } - function buildThread($id, $return=false) { + function buildThread($id, $return=false, $mod=false) { global $sql, $board; $id = round($id); - + $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%s') OR `thread` = '%s' ORDER BY `thread`,`time`", + "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", mysql_real_escape_string($board['uri']), $id, $id @@ -345,10 +345,11 @@ while($post = mysql_fetch_array($query)) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip']); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT); } else { - $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'])); + $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); } + } $body = Element('thread.html', Array( 'button'=>BUTTON_REPLY, 'board'=>$board, @@ -358,11 +359,10 @@ 'id' => $id )); - if($return) - return $body; - else - @file_put_contents($board['dir'] . DIR_RES . $id . '.html', $body) or error("Couldn't write to file."); - } + if($return) + return $body; + else + @file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file."); mysql_free_result($query); } From faf90e4527dc53960427ade20d781523b525a2c3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 16:36:33 +1100 Subject: [PATCH 083/218] deleteThread() function --- inc/mod.php | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/inc/mod.php b/inc/mod.php index 92d6de09..46d966fe 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -140,4 +140,41 @@ ''; } + // Delete a post (reply or thread) + function deletePost($id) { + global $board, $sql; + + // Select post and replies (if thread) in one query + $post_res = mysql_query(sprintf( + "SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", + mysql_real_escape_string($board['uri']), + $id, + $id + ), $sql) or error(mysql_error($sql)); + + // Delete posts and maybe replies + while($post = mysql_fetch_array($post_res)) { + + if(!$post['thread']) { + // Delete thread HTML page + @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); + } + + if($post['thumb']) { + // Delete thumbnail + @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + } + if($post['file']) { + // Delete file + @unlink($board['dir'] . DIR_IMG . $post['file']); + } + + // Delete post + mysql_query(sprintf( + "DELETE FROM `posts_%s` WHERE `id` = '%d'", + mysql_real_escape_string($board['uri']), + $post['id'] + ), $sql) or error(mysql_error($sql)); + } + } ?> \ No newline at end of file From 507513d5db688ed3231892ec8864ded723ca0e6a Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 16:36:40 +1100 Subject: [PATCH 084/218] Delete thread --- mod.php | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index 6fe71720..590bd2df 100644 --- a/mod.php +++ b/mod.php @@ -42,8 +42,16 @@ } } else { $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; + + // A sort of "cache" + // Stops calling preg_quote and str_replace when not needed; only does it once $regex = Array( - 'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')) + 'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')), + 'page' => str_replace('%d', '(\d+)', preg_quote(FILE_PAGE, '/')), + 'img' => preg_quote(DIR_IMG, '/'), + 'thumb' => preg_quote(DIR_THUMB, '/'), + 'res' => preg_quote(DIR_RES, '/'), + 'index' => preg_quote(FILE_INDEX, '/') ); if(preg_match('/^\/?$/', $query)) { @@ -149,7 +157,7 @@ 'mod'=>true ) ); - } elseif(preg_match('/^\/' . $regex['board'] . '(' . preg_quote(FILE_INDEX, '/') . ')?$/', $query, $matches)) { + } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . ')?$/', $query, $matches)) { // Board index $boardName = $matches[1]; @@ -161,7 +169,32 @@ $page['mod'] = true; echo Element('index.html', $page); + } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { + // View thread + + $boardName = $matches[1]; + $thread = $matches[2]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + $page = buildThread($thread, true, true); + + echo $page; + } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { + // Delete post + + $boardName = $matches[1]; + $post = $matches[2]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + // Delete post + deletePost($post); + // Rebuild board + buildIndex(); } else { error("Page not found."); } From 9554c7ecb26b7e26cb395532c26845886a5d3541 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 16:43:45 +1100 Subject: [PATCH 085/218] Redirect after deleting --- mod.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 590bd2df..b44f502f 100644 --- a/mod.php +++ b/mod.php @@ -192,9 +192,10 @@ // Delete post deletePost($post); - // Rebuild board buildIndex(); + // Redirect to board + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } else { error("Page not found."); } From be1f1192279772f83454d5c543ecc51b242dd08d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 17:04:10 +1100 Subject: [PATCH 086/218] Mod controls for OP --- inc/display.php | 76 +++++++++++++++++++++++++++++++------------------ 1 file changed, 48 insertions(+), 28 deletions(-) diff --git a/inc/display.php b/inc/display.php index b8a58e2b..b0980fa3 100644 --- a/inc/display.php +++ b/inc/display.php @@ -48,6 +48,50 @@ ))); } + function postControls($id, $thread=false) { + global $mod; + + $built = ''; + if($mod) { + // Mod controls (on posts) + if($thread) { + $built .= ''; + } else { + $built .= ''; + } + + // Delete + if($mod['type'] >= MOD_DELETE) + $built .= ' ' . MOD_LINK_DELETE . ''; + + // Delete all posts by IP + if($mod['type'] >= MOD_DELETEBYIP) + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + + // Ban + if($mod['type'] >= MOD_BAN) + $built .= ' ' . MOD_LINK_BAN . ''; + + // Ban & Delete + if($mod['type'] >= MOD_BANDELETE) + $built .= ' ' . MOD_LINK_BANDELETE . ''; + + // Delete file (keep post) + if(!$thread && $mod['type'] >= MOD_DELETEFILE) + $built .= ' ' . MOD_LINK_DELETEFILE . ''; + + if($thread) { + // Delete file (keep post) + if($mod['type'] >= MOD_STICKY) + $built .= ' ' . MOD_LINK_STICKY . ''; + + } + + $built .= ''; + } + return $built; + } + class Post { public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { $this->id = $id; @@ -125,33 +169,7 @@ ''; } - if($mod) { - // Mod controls (on posts) - $built .= '

    '; - - // Delete - if($mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; - - // Delete all posts by IP - if($mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; - - // Ban - if($mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; - - // Ban & Delete - if($mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; - - // Delete file (keep post) - if($mod['type'] >= MOD_DELETEFILE) - $built .= ' ' . MOD_LINK_DELETEFILE . ''; - - - $built .= '

    '; - } + $built .= postControls($this->id); // Body $built .= '

    ' . $this->body . '


    '; @@ -239,8 +257,10 @@ ''.$this->id.'' . // [Reply] ($index ? '[Reply]' : '') . + // Mod controls + postControls($this->id, true) . '

    '; - + // Body $built .= $this->body . From f49bfa17c0d68c05b6c870b54dd451e2312516ab Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 17:04:33 +1100 Subject: [PATCH 087/218] MOD_STICKY --- inc/config.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/config.php b/inc/config.php index e3080316..78b78403 100644 --- a/inc/config.php +++ b/inc/config.php @@ -71,6 +71,7 @@ define('ERROR_REQUIRED', 'The %s field is required.', true); define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true); + define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true); // For resizing, max values define('THUMB_WIDTH', 200, true); @@ -158,6 +159,8 @@ define('MOD_DELETEFILE', MOD_JANITOR, true); // Delete all posts by IP define('MOD_DELETEBYIP', MOD_BAN, true); + // Sticky a thread + define('MOD_STICKY', MOD_MOD, true); // Mod links (full HTML) // Correspond to above permission directives @@ -166,6 +169,7 @@ define('MOD_LINK_BANDELETE', '[B&D]', true); define('MOD_LINK_DELETEFILE', '[F]', true); define('MOD_LINK_DELETEBYIP', '[D+]', true); + define('MOD_LINK_STICKY', '[Sticky]', true); // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. From a395805e580e07edef1d47eea43daf3fd92880d3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 17:04:52 +1100 Subject: [PATCH 088/218] Style for mod controls on posts --- style.css | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/style.css b/style.css index 8d8bae1c..bc6314c0 100644 --- a/style.css +++ b/style.css @@ -167,4 +167,17 @@ span.omitted { } br.clear { clear: left; +} +span.controls { + float: right; + margin: 0; + padding: 0; + font-size: 80%; +} +span.controls.op { + float: none; + margin-left: 10px; +} +span.controls a { + margin: 0; } \ No newline at end of file From f45d3fdb32a932a7202c1e68331b442ae23d1a63 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 17:05:29 +1100 Subject: [PATCH 089/218] Check if post exists when deleting --- inc/mod.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/mod.php b/inc/mod.php index 46d966fe..a6cf3793 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -152,6 +152,10 @@ $id ), $sql) or error(mysql_error($sql)); + if(mysql_num_rows($post_res) < 1) { + error(ERROR_INVALIDPOST); + } + // Delete posts and maybe replies while($post = mysql_fetch_array($post_res)) { From 466d5e4832d68f6e3a88957db1b0997d12550711 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 19:12:13 +1100 Subject: [PATCH 090/218] "Return to dashboard" links --- templates/index.html | 3 ++- templates/page.html | 3 +-- templates/thread.html | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/templates/index.html b/templates/index.html index 048a3dd9..7aaf72e0 100644 --- a/templates/index.html +++ b/templates/index.html @@ -10,7 +10,8 @@

    {board[url]} - {board[name]}

    -
    {board[title]?{board[title]}}
    +
    {board[title]?{board[title]}}

    {mod?Return to dashboard}

    +
    diff --git a/templates/page.html b/templates/page.html index 487f8f28..9e243b75 100644 --- a/templates/page.html +++ b/templates/page.html @@ -8,8 +8,7 @@

    {title}

    -
    {subtitle?{subtitle}}
    - {mod?Return to dashboard} +
    {subtitle?{subtitle}}

    {mod?Return to dashboard}

    {body}

    Copyright © 2010 OmegaSDG

    diff --git a/templates/thread.html b/templates/thread.html index f0f271b7..a56a3ad7 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -11,6 +11,7 @@

    {board[url]} - {board[name]}

    {board[title]?{board[title]}}
    + {mod?Return to dashboard} From 130efdf467ed59670f108924199a42a33a26b5d2 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 19:13:04 +1100 Subject: [PATCH 091/218] Redirect to referer --- mod.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index b44f502f..ddd58ab4 100644 --- a/mod.php +++ b/mod.php @@ -194,8 +194,13 @@ deletePost($post); // Rebuild board buildIndex(); - // Redirect to board - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + + // Redirect + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } else { error("Page not found."); } From 9e2a8f248dd3cd11ba7b574935aeff9190b9fcc6 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 20:29:35 +1100 Subject: [PATCH 092/218] Moved several DELETE queries into one --- inc/mod.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index a6cf3793..200ffa20 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -158,12 +158,10 @@ // Delete posts and maybe replies while($post = mysql_fetch_array($post_res)) { - if(!$post['thread']) { // Delete thread HTML page @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); } - if($post['thumb']) { // Delete thumbnail @unlink($board['dir'] . DIR_THUMB . $post['thumb']); @@ -172,13 +170,13 @@ // Delete file @unlink($board['dir'] . DIR_IMG . $post['file']); } - - // Delete post - mysql_query(sprintf( - "DELETE FROM `posts_%s` WHERE `id` = '%d'", - mysql_real_escape_string($board['uri']), - $post['id'] - ), $sql) or error(mysql_error($sql)); } + + mysql_query(sprintf( + "DELETE FROM `posts_%s` WHERE `id` = '%d' OR `thread` = '%d'", + mysql_real_escape_string($board['uri']), + $id, + $id + ), $sql) or error(mysql_error($sql)); } ?> \ No newline at end of file From ae122f9754f801d201c80511fa5a3174e7f0bdc9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 21:11:44 +1100 Subject: [PATCH 093/218] "Return to dashboard" link on threads --- templates/thread.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/thread.html b/templates/thread.html index a56a3ad7..36dd2b49 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -10,8 +10,7 @@

    {board[url]} - {board[name]}

    -
    {board[title]?{board[title]}}
    - {mod?Return to dashboard} +
    {board[title]?{board[title]}}

    {mod?Return to dashboard}

    From a261dca0a5545f11114dddf85c81924b6491604d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 21:28:03 +1100 Subject: [PATCH 094/218] Pages on index pages in mod panel --- mod.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index ddd58ab4..e6b52060 100644 --- a/mod.php +++ b/mod.php @@ -157,15 +157,17 @@ 'mod'=>true ) ); - } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . ')?$/', $query, $matches)) { + } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { // Board index $boardName = $matches[1]; + // Open board if(!openBoard($boardName)) error(ERROR_NOBOARD); - $page = index(1, true); + $page = index($matches[2] == FILE_INDEX ? 1 : $matches[2], true); + $page['pages'] = getPages(true); $page['mod'] = true; echo Element('index.html', $page); From 22641bdc58909485cfcd9c05e4ac4f231022fe6f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 21:28:38 +1100 Subject: [PATCH 095/218] Basic stickies --- inc/functions.php | 31 ++++++++++++++++++------------- install.sql | 1 + templates/posts.sql | 1 + 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 69c719ba..bc6fce45 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -85,7 +85,7 @@ global $sql, $board; if($OP) { mysql_query( - sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + sprintf("INSERT INTO `posts_%s` VALUES ( NULL, NULL, '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", mysql_real_escape_string($board['uri']), $post['subject'], $post['email'], @@ -109,7 +109,7 @@ return mysql_insert_id($sql); } else { mysql_query( - sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s' )", + sprintf("INSERT INTO `posts_%s` VALUES ( NULL, '%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '0')", mysql_real_escape_string($board['uri']), $post['thread'], $post['subject'], @@ -143,7 +143,7 @@ sql_open(); $query = mysql_query(sprintf( - "SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `bump` DESC LIMIT %d,%d", + "SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT %d,%d", mysql_real_escape_string($board['uri']), $offset, THREADS_PER_PAGE @@ -183,11 +183,10 @@ mysql_free_result($query); return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT); } - - function buildIndex() { + + function getPages($mod=false) { global $sql, $board; - sql_open(); - + $res = mysql_query(sprintf( "SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", mysql_real_escape_string($board['uri']) @@ -197,12 +196,17 @@ $pages = Array(); for($x=0;$x<$count && $x $x+1, 'link' => $x==0 ? ROOT . $board['dir'] . FILE_INDEX : ROOT . $board['dir'] . sprintf(FILE_PAGE, $x+1)); - } + $pages[] = Array('num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : ROOT) . $board['dir'] . FILE_INDEX : ($mod ? '?/' : ROOT) . $board['dir'] . sprintf(FILE_PAGE, $x+1)); + } + + return $pages; + } - mysql_free_result($res); - unset($arr); - unset($count); + function buildIndex() { + global $sql, $board; + sql_open(); + + $pages = getPages(); $page = 1; while($page <= MAX_PAGES && $content = index($page)) { @@ -356,7 +360,8 @@ 'body'=>$thread->build(), 'post_url' => POST_URL, 'index' => ROOT, - 'id' => $id + 'id' => $id, + 'mod' => $mod )); if($return) diff --git a/install.sql b/install.sql index b3039f3c..051b596b 100644 --- a/install.sql +++ b/install.sql @@ -69,6 +69,7 @@ CREATE TABLE IF NOT EXISTS `posts_b` ( `filehash` varchar(32) DEFAULT NULL, `password` varchar(20) DEFAULT NULL, `ip` varchar(15) NOT NULL, + `sticky` int(1) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; diff --git a/templates/posts.sql b/templates/posts.sql index d9c91886..9806a10b 100644 --- a/templates/posts.sql +++ b/templates/posts.sql @@ -19,5 +19,6 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` ( `filehash` varchar(32) DEFAULT NULL, `password` varchar(20) DEFAULT NULL, `ip` varchar(15) NOT NULL, + `sticky` int(1) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; \ No newline at end of file From a896abbd667fb8d1cb2f04be34a7a1a9daae6626 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 21:42:31 +1100 Subject: [PATCH 096/218] Fixed bug causing errors when visiting a board index in a certain way --- mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod.php b/mod.php index e6b52060..e822e6ba 100644 --- a/mod.php +++ b/mod.php @@ -166,7 +166,7 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $page = index($matches[2] == FILE_INDEX ? 1 : $matches[2], true); + $page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], true); $page['pages'] = getPages(true); $page['mod'] = true; From db50d076819cfec3bd19faad0d1e194914c51dcd Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 21:43:01 +1100 Subject: [PATCH 097/218] Fixed "Return" links in threads --- inc/functions.php | 3 ++- templates/thread.html | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index bc6fce45..04340be1 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -361,7 +361,8 @@ 'post_url' => POST_URL, 'index' => ROOT, 'id' => $id, - 'mod' => $mod + 'mod' => $mod, + 'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) )); if($return) diff --git a/templates/thread.html b/templates/thread.html index 36dd2b49..e816e127 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -12,7 +12,7 @@

    {board[url]} - {board[name]}

    {board[title]?{board[title]}}

    {mod?Return to dashboard}

    - + From b0bee3556f7932949a929c0077c454314d5dbb42 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 22:48:54 +1100 Subject: [PATCH 098/218] Made HTML valid in mod controls --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index b0980fa3..a485f906 100644 --- a/inc/display.php +++ b/inc/display.php @@ -74,7 +74,7 @@ // Ban & Delete if($mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; + $built .= ' ' . MOD_LINK_BANDELETE . ''; // Delete file (keep post) if(!$thread && $mod['type'] >= MOD_DELETEFILE) From 627c6ac91a338cfbd9fcc618b28dd678902da8f7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 23:08:52 +1100 Subject: [PATCH 099/218] Stickies --- inc/config.php | 5 +++++ inc/display.php | 7 +++++-- inc/functions.php | 6 +++--- style.css | 6 ++++++ 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/inc/config.php b/inc/config.php index 78b78403..4e48b6d5 100644 --- a/inc/config.php +++ b/inc/config.php @@ -72,6 +72,7 @@ define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true); define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true); + define('ERROR_404', 'Page not found.', true); // For resizing, max values define('THUMB_WIDTH', 200, true); @@ -129,6 +130,10 @@ // "302" is recommended. define('REDIRECT_HTTP', 302, true); + // Static images + // These can be URLs OR base64 (data URI scheme) + define('IMAGE_STICKY', 'data:image/gif;base64,R0lGODlhEgASAIcAACM8mR5BnAFPowNVpwBZqQBerhNPpRpLoxhSqABgrwBksgFvughltA5ttwBwuwR0vyN2vDdosDJ9tQB6wkJqtGN2tgODyweR1QCZ3gGc3wiR1ROr6SGGyCqJyDqEwjaX0Das4j256GaFu22Fs0qFwkyNx1mLxEun2k264lO76V+45WSezW2Vx2+fzGCrxWW30X6/5oaIvo+rvqidtr29vo+RwIWj0ISp1KSn0aG337euxbGwxry71KW84LbMvJLLzZDK1ZDI2Y3S76fJ5qbK6KrP6K3U7aDd8bzI6Mu6vMC/z83NwtDO39PW2drd0cPO7tXW5tje7MXk9t7u4+LJw+bX1ezhz+Hg8uDr9Obw+PHo6v//7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAMAAFsALAAAAAASABIAAAieALcIHEiwoMGDRT6ckHLQYJYhRixcENKQIBYiUmBowHCkYRQWLVZ0AJFCBYYNB6FUiGCixAILFjRkCHEwxhUbAxI4mHCAA4opB2vk6EGigIMHB4JUVEIBwg0PCxYYAFJxywgBBBo4YBDgRVUtIgYoWAAAwY+qSHDIkHAAgIuqT3ZYEejDR1UmM5xUJZhEx5K9A6nwoAF4YJUmhRMXDAgAOw==', true); + /* Mod stuff */ diff --git a/inc/display.php b/inc/display.php index a485f906..8cf4a18e 100644 --- a/inc/display.php +++ b/inc/display.php @@ -180,7 +180,7 @@ class Thread { public $omitted = 0; - public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { + public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT) { $this->id = $id; $this->subject = utf8tohtml($subject); $this->email = $email; @@ -199,13 +199,13 @@ $this->omitted = 0; $this->posts = Array(); $this->ip = $ip; + $this->sticky = $sticky; $this->root = $root; } public function add(Post $post) { $this->posts[] = $post; } - public function build($index=false) { global $board, $mod; @@ -255,8 +255,11 @@ ' href="' . $this->root . $board['dir'] . DIR_RES . $this->id . '.html' . '#' . $this->id . '">No.' . // JavaScript cite ''.$this->id.'' . + // Sticky + ($this->sticky ? '' : '') . // [Reply] ($index ? '[Reply]' : '') . + // Mod controls postControls($this->id, true) . '

    '; diff --git a/inc/functions.php b/inc/functions.php index 04340be1..fd87de43 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -151,7 +151,7 @@ if(mysql_num_rows($query) < 1 && $page > 1) return false; while($th = mysql_fetch_array($query)) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $mod ? '?/' : ROOT); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); $newposts = mysql_query(sprintf( "SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = '%s' ORDER BY `time` DESC LIMIT %d", @@ -341,7 +341,7 @@ $id = round($id); $query = mysql_query(sprintf( - "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", + "SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = '%d') OR `thread` = '%d' ORDER BY `thread`,`time`", mysql_real_escape_string($board['uri']), $id, $id @@ -349,7 +349,7 @@ while($post = mysql_fetch_array($query)) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); } diff --git a/style.css b/style.css index bc6314c0..d7646c5d 100644 --- a/style.css +++ b/style.css @@ -111,6 +111,12 @@ div.post img { padding: 5px; margin: 5px 20px 0 0; } +div.post img.icon { + display: inline; + float: none; + margin: 0 5px; + padding: 0; +} div.post.op { margin-right: 20px; margin-bottom: 5px; From 4052d6350214e5384cfe15823e29197d2eaf7326 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 16 Dec 2010 23:09:44 +1100 Subject: [PATCH 100/218] Better "page not found" code --- mod.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index e822e6ba..6b3d17c3 100644 --- a/mod.php +++ b/mod.php @@ -166,7 +166,9 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], true); + if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], true)) { + error(ERROR_404); + } $page['pages'] = getPages(true); $page['mod'] = true; @@ -204,7 +206,7 @@ header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } else { - error("Page not found."); + error(ERROR_404); } } From 9554291802cb8ac712ba25d1a59ced31d20b07f0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 02:20:16 +1100 Subject: [PATCH 101/218] Mod controls and permissions --- inc/config.php | 8 ++++ inc/display.php | 116 +++++++++++++++++++++++++++++------------------- inc/mod.php | 8 ++-- mod.php | 25 ++++++++--- 4 files changed, 101 insertions(+), 56 deletions(-) diff --git a/inc/config.php b/inc/config.php index 4e48b6d5..8f265a78 100644 --- a/inc/config.php +++ b/inc/config.php @@ -152,6 +152,7 @@ // Permissions // What level of administration you need to: + /* Post Controls */ // View IP addresses define('MOD_SHOW_IP', MOD_MOD, true); // Delete a post @@ -167,6 +168,12 @@ // Sticky a thread define('MOD_STICKY', MOD_MOD, true); + /* Administration */ + // Display the contents of instant-config.php + define('MOD_SHOW_CONFIG', MOD_ADMIN, true); + // Create a new board + define('MOD_NEWBOARD', MOD_ADMIN, true); + // Mod links (full HTML) // Correspond to above permission directives define('MOD_LINK_DELETE', '[D]', true); @@ -175,6 +182,7 @@ define('MOD_LINK_DELETEFILE', '[F]', true); define('MOD_LINK_DELETEBYIP', '[D+]', true); define('MOD_LINK_STICKY', '[Sticky]', true); + define('MOD_LINK_DESTICKY', '[-Sticky]', true); // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. diff --git a/inc/display.php b/inc/display.php index 8cf4a18e..5dbccc8f 100644 --- a/inc/display.php +++ b/inc/display.php @@ -48,50 +48,6 @@ ))); } - function postControls($id, $thread=false) { - global $mod; - - $built = ''; - if($mod) { - // Mod controls (on posts) - if($thread) { - $built .= ''; - } else { - $built .= ''; - } - - // Delete - if($mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; - - // Delete all posts by IP - if($mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; - - // Ban - if($mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; - - // Ban & Delete - if($mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; - - // Delete file (keep post) - if(!$thread && $mod['type'] >= MOD_DELETEFILE) - $built .= ' ' . MOD_LINK_DELETEFILE . ''; - - if($thread) { - // Delete file (keep post) - if($mod['type'] >= MOD_STICKY) - $built .= ' ' . MOD_LINK_STICKY . ''; - - } - - $built .= ''; - } - return $built; - } - class Post { public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { $this->id = $id; @@ -113,6 +69,39 @@ $this->ip = $ip; $this->root = $root; } + public function postControls() { + global $mod; + + $built = ''; + if($mod) { + // Mod controls (on posts) + $built .= ''; + + // Delete + if($mod['type'] >= MOD_DELETE) + $built .= ' ' . MOD_LINK_DELETE . ''; + + // Delete all posts by IP + if($mod['type'] >= MOD_DELETEBYIP) + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + + // Ban + if($mod['type'] >= MOD_BAN) + $built .= ' ' . MOD_LINK_BAN . ''; + + // Ban & Delete + if($mod['type'] >= MOD_BANDELETE) + $built .= ' ' . MOD_LINK_BANDELETE . ''; + + // Delete file (keep post) + if($mod['type'] >= MOD_DELETEFILE) + $built .= ' ' . MOD_LINK_DELETEFILE . ''; + + $built .= ''; + } + return $built; + } + public function build($index=false) { global $board, $mod; @@ -169,7 +158,7 @@ ''; } - $built .= postControls($this->id); + $built .= $this->postControls(); // Body $built .= '

    ' . $this->body . '


    '; @@ -205,6 +194,41 @@ public function add(Post $post) { $this->posts[] = $post; } + public function postControls() { + global $mod; + + $built = ''; + if($mod) { + // Mod controls (on posts) + $built .= ''; + + // Delete + if($mod['type'] >= MOD_DELETE) + $built .= ' ' . MOD_LINK_DELETE . ''; + + // Delete all posts by IP + if($mod['type'] >= MOD_DELETEBYIP) + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + + // Ban + if($mod['type'] >= MOD_BAN) + $built .= ' ' . MOD_LINK_BAN . ''; + + // Ban & Delete + if($mod['type'] >= MOD_BANDELETE) + $built .= ' ' . MOD_LINK_BANDELETE . ''; + + // Delete file (keep post) + if($mod['type'] >= MOD_STICKY) + if($this->sticky) + $built .= ' ' . MOD_LINK_DESTICKY . ''; + else + $built .= ' ' . MOD_LINK_STICKY . ''; + + $built .= ''; + } + return $built; + } public function build($index=false) { global $board, $mod; @@ -261,7 +285,7 @@ ($index ? '[Reply]' : '') . // Mod controls - postControls($this->id, true) . + $this->postControls() . '

    '; // Body diff --git a/inc/mod.php b/inc/mod.php index 200ffa20..b5e773f5 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -85,11 +85,11 @@ } // Generates a
      element with a list of linked - // boards and their subtitles. + // boards and their subtitles. (without the
        opening and ending tags) function ulBoards() { global $mod; - $body = '
          '; + $body = ''; // List of boards $boards = listBoards(); @@ -106,10 +106,10 @@ ''; } - if($mod['type'] == MOD_ADMIN) { + if($mod['type'] >= MOD_NEWBOARD) { $body .= '
        • Create new board
          • '; } - return $body . '
        '; + return $body; } function form_newBoard() { diff --git a/mod.php b/mod.php index 6b3d17c3..7b52735f 100644 --- a/mod.php +++ b/mod.php @@ -56,14 +56,26 @@ if(preg_match('/^\/?$/', $query)) { // Dashboard - $body = ''; + $fieldset = Array( + 'Boards' => '', + 'Administration' => '' + ); - $body .= '
        Boards' . - ulBoards() . - '
        '; + // Boards + $fieldset['Boards'] .= ulBoards(); + + if($mod['type'] >= MOD_SHOW_CONFIG) { + $fieldset['Administration'] .= '
      • Show configuration
        • '; + } // TODO: Statistics, etc, in the dashboard. + $body = ''; + foreach($fieldset as $title => $data) { + if($data) + $body .= "
        {$title}
          {$data}
        "; + } + echo Element('page.html', Array( 'index'=>ROOT, 'title'=>'Dashboard', @@ -72,7 +84,7 @@ ) ); } elseif(preg_match('/^\/config$/', $query)) { - if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS); + if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS); // Show instance-config.php @@ -92,7 +104,7 @@ ) ); } elseif(preg_match('/^\/new$/', $query)) { - if($mod['type'] != MOD_ADMIN) error(ERROR_NOACCESS); + if($mod['type'] < MOD_NEWBOARD) error(ERROR_NOACCESS); // New board $body = ''; @@ -186,6 +198,7 @@ echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); // Delete post $boardName = $matches[1]; From 72ff91105841e9b3dcdc1e691ed2a4967afc6124 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 02:25:53 +1100 Subject: [PATCH 102/218] Removed and cleaned directories --- res/index.php | 3 --- src/index.php | 3 --- {src => static}/error.png | Bin {src => static}/ok.png | Bin {src => static}/warning.png | Bin {src => static}/zip.png | Bin thumb/index.php | 3 --- 7 files changed, 9 deletions(-) delete mode 100644 res/index.php delete mode 100644 src/index.php rename {src => static}/error.png (100%) rename {src => static}/ok.png (100%) rename {src => static}/warning.png (100%) rename {src => static}/zip.png (100%) delete mode 100644 thumb/index.php diff --git a/res/index.php b/res/index.php deleted file mode 100644 index 1869b1dd..00000000 --- a/res/index.php +++ /dev/null @@ -1,3 +0,0 @@ - \ No newline at end of file diff --git a/src/index.php b/src/index.php deleted file mode 100644 index 1869b1dd..00000000 --- a/src/index.php +++ /dev/null @@ -1,3 +0,0 @@ - \ No newline at end of file diff --git a/src/error.png b/static/error.png similarity index 100% rename from src/error.png rename to static/error.png diff --git a/src/ok.png b/static/ok.png similarity index 100% rename from src/ok.png rename to static/ok.png diff --git a/src/warning.png b/static/warning.png similarity index 100% rename from src/warning.png rename to static/warning.png diff --git a/src/zip.png b/static/zip.png similarity index 100% rename from src/zip.png rename to static/zip.png diff --git a/thumb/index.php b/thumb/index.php deleted file mode 100644 index 1869b1dd..00000000 --- a/thumb/index.php +++ /dev/null @@ -1,3 +0,0 @@ - \ No newline at end of file From fb576d7966cd72226e0b64f3bd70987cfa68d259 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 02:26:59 +1100 Subject: [PATCH 103/218] Moved "zip.png" file in code to new "static" directory --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 8f265a78..116ad334 100644 --- a/inc/config.php +++ b/inc/config.php @@ -89,7 +89,7 @@ * Extremely beta and not recommended yet. */ define('ALLOW_ZIP', false, true); - define('ZIP_IMAGE', 'src/zip.png', true); + define('ZIP_IMAGE', 'static/zip.png', true); /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) From 473bc415b5308f37771fe936a95aad046d9fc8cc Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 02:27:31 +1100 Subject: [PATCH 104/218] Moved images in text.php --- test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.php b/test.php index 55d97a00..66b78b7e 100644 --- a/test.php +++ b/test.php @@ -11,7 +11,7 @@ require 'inc/user.php'; function image($type) { - return ""; + return ""; } function check($title, $test) { global $body, $count; From 46166888e9b6fc883c77eaece80fa2172c981bf3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 02:31:10 +1100 Subject: [PATCH 105/218] ERROR_INVALIDAFTER was not configurable --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 116ad334..d8831302 100644 --- a/inc/config.php +++ b/inc/config.php @@ -65,7 +65,7 @@ // Moderator errors define('ERROR_INVALID', 'Invalid username and/or password.', true); - define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.'); + define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.', true); define('ERROR_MALFORMED','Invalid/malformed cookies.', true); define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); define('ERROR_REQUIRED', 'The %s field is required.', true); From 62e97732e8a060a7e1a0e6eb8b35a05c73ee92b3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 04:41:11 +1100 Subject: [PATCH 106/218] Fixed config page --- mod.php | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/mod.php b/mod.php index 7b52735f..87514aec 100644 --- a/mod.php +++ b/mod.php @@ -88,13 +88,42 @@ // Show instance-config.php - $data = highlight_file('inc/instance-config.php', true); - if(MOD_NEVER_REAL_PASSWORD) { - // Rough and dirty removal of password - $data = str_replace(MY_PASSWORD, '*******', $data); + //$data = highlight_file('inc/instance-config.php', true); + //if(MOD_NEVER_REAL_PASSWORD) { + // // Rough and dirty removal of password + // $data = str_replace(MY_PASSWORD, '*******', $data); + //} + + $constants = get_defined_constants(true); + $constants = $constants['user']; + + $data = ''; + foreach($constants as $name => $value) { + if(MOD_NEVER_REAL_PASSWORD && $name == 'MY_PASSWORD') + $value = '********'; + else { + // For some reason PHP is only giving me the first defined value (the default), so use constant() + $value = constant($name); + if(gettype($value) == 'boolean') { + $value = $value ? 'On' : 'Off'; + } elseif(gettype($value) == 'string') { + $value = '' . utf8tohtml($value) . ''; + } elseif(gettype($value) == 'integer') { + $value = '' . $value . ''; + } + } + + $data .= + '
' . + $name . + '' . + substr($value, 0, 120) . + '' . + (strlen($value) > 120 ? '…' : '') . + '
' . $data . '
'; echo Element('page.html', Array( 'index'=>ROOT, From 02e990979ad54dd5a6f617626c1282024e48efa2 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 17 Dec 2010 16:25:32 +1100 Subject: [PATCH 107/218] Cleaned config page --- mod.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/mod.php b/mod.php index 87514aec..fec65c02 100644 --- a/mod.php +++ b/mod.php @@ -100,15 +100,24 @@ $data = ''; foreach($constants as $name => $value) { if(MOD_NEVER_REAL_PASSWORD && $name == 'MY_PASSWORD') - $value = '********'; + $value = 'hidden'; else { // For some reason PHP is only giving me the first defined value (the default), so use constant() $value = constant($name); if(gettype($value) == 'boolean') { $value = $value ? 'On' : 'Off'; } elseif(gettype($value) == 'string') { - $value = '' . utf8tohtml($value) . ''; + $value = '' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . ''; } elseif(gettype($value) == 'integer') { + // Show permissions in a cleaner way + if(preg_match('/^MOD_/', $name) && $name != 'MOD_JANITOR' && $name != 'MOD_MOD' && $name != 'MOD_ADMIN') { + if($value == MOD_JANITOR) + $value = 'Janitor'; + elseif($value == MOD_MOD) + $value = 'Mod'; + elseif($value == MOD_ADMIN) + $value = 'Admin'; + } $value = '' . $value . ''; } } @@ -117,9 +126,7 @@ '
' . $name . '' . - substr($value, 0, 120) . - '' . - (strlen($value) > 120 ? '…' : '') . + $value . '
' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
' . + ' (eg. "2d1h30m" or "2 days")
' . + '' . + ''; + } + function form_newBoard() { return '
New board' . '
' . '' . '' . - '' . + '' . '' . '' . '' . - '' . + '' . '' . '' . '' . - '' . + '' . '' . '' . '' . '' . diff --git a/mod.php b/mod.php index be9268a0..57c385b2 100644 --- a/mod.php +++ b/mod.php @@ -280,7 +280,102 @@ header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } elseif(preg_match('/^\/' . $regex['board'] . 'ban\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + // Ban by post + + $boardName = $matches[1]; + $post = $matches[2]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + // Delete post + //deletePost($post); + // Rebuild board + //buildIndex(); + + $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + if($query->rowCount() < 1) { + error(ERROR_INVALIDPOST); + } + + $post = $query->fetch(); + + if(isset($_POST['new_ban'])) { + if( !isset($_POST['ip']) || + !isset($_POST['reason']) || + !isset($_POST['length']) + ) error(ERROR_MISSEDAFIELD); + + // Check required fields + if(empty($_POST['ip'])) + error(sprintf(ERROR_REQUIRED, 'IP address')); + + $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :expires, :reason)"); + + // 1yr2hrs30mins + // 1y2h30m + if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?m?i?n?u?t?e?s?)?\s?+((\d+)\s?s?e?c?o?n?d?s?)?$/', $_POST['length'], $m)) { + $expire = 0; + if(isset($m[2])) { + // Years + $expire += $m[2]*60*60*24*7*52; + } + if(isset($m[4])) { + // Weeks + $expire += $m[4]*60*60*24*7; + } + if(isset($m[6])) { + // Days + $expire += $m[6]*60*60*24; + } + if(isset($m[8])) { + // Hours + $expire += $m[8]*60*60; + } + if(isset($m[10])) { + // Minutes + $expire += $m[10]*60; + } + if(isset($m[12])) { + // Seconds + $expire += $m[12]; + } + $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); + } else { + // Never expire + $query->bindValue(':expires', null, PDO::PARAM_NULL); + } + + $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + if(isset($_POST['reason'])) { + $query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR); + } else { + $query->bindValue(':reason', null, PDO::PARAM_NULL); + } + $query->execute() or error(db_error($query)); + + // Redirect + if(isset($_POST['continue'])) + header('Location: ' . $_POST['continue'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } + + $body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'New ban', + 'body'=>$body, + 'mod'=>true + ) + ); } else { error(ERROR_404); } From 23683c13787a5686d3f5302296a989562831eaf8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 00:50:25 +1100 Subject: [PATCH 131/218] "when ban was filed" in the database --- install.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sql b/install.sql index c7ab4870..6a828e3a 100644 --- a/install.sql +++ b/install.sql @@ -109,6 +109,7 @@ INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES CREATE TABLE IF NOT EXISTS `bans` ( `ip` varchar( 15 ) NOT NULL , `mod` int NOT NULL COMMENT 'which mod made the ban', + `set` int NOT NULL, `expires` int NULL, `reason` text NULL ) ENGINE = InnoDB; From eeb512f54971245dcc7ba63eb616265e0de90902 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 00:51:20 +1100 Subject: [PATCH 132/218] Fixed code to use new column --- inc/mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod.php b/inc/mod.php index 4670dc8d..23ec43af 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -10,7 +10,7 @@ } function login($username, $password, $makehash=true) { - global $sql, $mod; + global $mod; // SHA1 password if($makehash) { From 3c24ecd412d3b589e4ad5382deec4ffc1656f98f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 01:37:52 +1100 Subject: [PATCH 133/218] Bans --- inc/functions.php | 74 +++++++++++++++++++++++++++++++++++++++++++---- post.php | 3 ++ 2 files changed, 72 insertions(+), 5 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 36ee9807..70520334 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -27,7 +27,6 @@ } function openBoard($uri) { - global $sql; sql_open(); $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); @@ -46,6 +45,71 @@ return $boards; } + function until($timestamp) { + $difference = $timestamp - time(); + if($difference < 60) { + return $difference . ' second' . ($difference != 1 ? 's' : ''); + } elseif($difference < 60*60) { + return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24) { + return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*7) { + return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*7*52) { + return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); + } else { + return ($num = round($difference/(60*60*24*7*52))) . ' year' . ($num != 1 ? 's' : ''); + } + } + + function formatDate($timestamp) { + return date('jS F, Y', $timestamp); + } + + function checkBan() { + if(!isset($_SERVER['REMOTE_ADDR'])) { + // Server misconfiguration + return; + } + + $query = prepare("SELECT * FROM `bans` WHERE `ip` = :ip LIMIT 1"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + if($ban = $query->fetch()) { + $body = '
+

You are banned! ;_;

+

You have been banned ' . + ($ban['reason'] ? 'for the following reason:' : 'for an unspecified reason.') . + '

' . + ($ban['reason'] ? + '

' . + $ban['reason'] . + '

' + : '') . + '

Your ban was filed on ' . + formatDate($ban['set']) . + ', and ' . + ($ban['expires'] ? + 'expires on ' . + formatDate($ban['expires']) . + ', which is ' . until($ban['expires']) . ' from now' + : 'does not expire' ) . + '.

+

Your IP address is ' . $_SERVER['REMOTE_ADDR'] . '.

+
'; + + // Show banned page and exit + die(Element('page.html', Array( + 'index' => ROOT, + 'title' => 'Banned', + 'subtitle' => 'You are banned!', + 'body' => $body + ) + )); + } + } + function threadExists($id) { global $board; @@ -117,7 +181,7 @@ } function index($page, $mod=false) { - global $sql, $board; + global $board; $body = ''; $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); @@ -162,7 +226,7 @@ } function getPages($mod=false) { - global $sql, $board; + global $board; // Count threads $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); @@ -179,7 +243,7 @@ } function buildIndex() { - global $sql, $board; + global $board; sql_open(); $pages = getPages(); @@ -206,7 +270,7 @@ } function markup(&$body) { - global $sql, $board; + global $board; if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); diff --git a/post.php b/post.php index fccf3f16..6233f807 100644 --- a/post.php +++ b/post.php @@ -59,6 +59,9 @@ // Open database connection sql_open(); + // Check if banned + checkBan(); + // Check if board exists if(!openBoard($post['board'])) error(ERROR_NOBOARD); From d46c40652cf0710c75d7cc1d929ed9f2aa106411 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 01:43:25 +1100 Subject: [PATCH 134/218] Bans expire --- inc/functions.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 70520334..30effd17 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -77,6 +77,14 @@ $query->execute() or error(db_error($query)); if($ban = $query->fetch()) { + if($ban['expires'] && $ban['expires'] < time()) { + // Ban expired + $query = prepare("DELETE FROM `bans` WHERE `ip` = :ip AND `expires` = :expires LIMIT 1"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':expires', $ban['expires'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + return; + } $body = '

You are banned! ;_;

You have been banned ' . @@ -94,7 +102,7 @@ 'expires on ' . formatDate($ban['expires']) . ', which is ' . until($ban['expires']) . ' from now' - : 'does not expire' ) . + : 'will not expire' ) . '.

Your IP address is ' . $_SERVER['REMOTE_ADDR'] . '.

'; From 9ba2638ad73c891e9a19247f0932fed3eb45ccff Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 01:45:14 +1100 Subject: [PATCH 135/218] Configurable post time format --- inc/config.php | 4 ++++ inc/display.php | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 79f4bf1e..5e9aa365 100644 --- a/inc/config.php +++ b/inc/config.php @@ -220,6 +220,10 @@ define('BUTTON_NEWTOPIC', 'New Topic', true); define('BUTTON_REPLY', 'New Reply', true); + // The string passed to date() for post times + // http://php.net/manual/en/function.date.php + define('POST_DATE', 'm/d/y (D) H:i:s', true); + define('ALWAYS_NOKO', false, true); define('URL_MATCH', '/^' . diff --git a/inc/display.php b/inc/display.php index 32eb9cb2..0f1a6c07 100644 --- a/inc/display.php +++ b/inc/display.php @@ -128,7 +128,7 @@ $built .= ''; // Date/time - $built .= ' ' . date('m/d/y (D) H:i:s', $this->time); + $built .= ' ' . date(POST_DATE, $this->time); $built .= ' time); + $built .= ' ' . date(POST_DATE, $this->time); $built .= ' Date: Sun, 2 Jan 2011 01:52:22 +1100 Subject: [PATCH 136/218] Ban styling --- style.css | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/style.css b/style.css index d7646c5d..0211e04e 100644 --- a/style.css +++ b/style.css @@ -186,4 +186,25 @@ span.controls.op { } span.controls a { margin: 0; +} +div.ban { + background: white; + border: 1px solid #98E; + max-width: 700px; + margin: 30px auto; +} +div.ban p, div.ban h2 { + padding: 3px 7px; +} +div.ban h2 { + background: #98E; + color: black; + font-size: 12pt; +} +div.ban p { + font-size: 12px; + margin-bottom: 12px; +} +div.ban p.reason { + font-weight: bold; } \ No newline at end of file From a22df7b0391612c03c237ec0eeb573b9f1d88719 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 02:00:40 +1100 Subject: [PATCH 137/218] Removed old, un-used, commented-out code --- inc/config.php | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/inc/config.php b/inc/config.php index 5e9aa365..65a35506 100644 --- a/inc/config.php +++ b/inc/config.php @@ -252,14 +252,4 @@ error_reporting(E_ALL); ini_set('display_errors', 1); } - - /* - Multi-board support removes any use for this. - - if(!defined('IS_INSTALLATION')) { - if(!file_exists(DIR_IMG)) @mkdir(DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); - if(!file_exists(DIR_THUMB)) @mkdir(DIR_THUMB, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); - if(!file_exists(DIR_RES)) @mkdir(DIR_RES, 0777) or error("Couldn't create " . DIR_IMG . ". Install manually.", true); - } - */ ?> \ No newline at end of file From ed693335804765c4784a7cf24c718a43e5fb69bc Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 02:05:30 +1100 Subject: [PATCH 138/218] Block banned clients from accessing the moderation panel --- mod.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/mod.php b/mod.php index 57c385b2..35261e3f 100644 --- a/mod.php +++ b/mod.php @@ -8,6 +8,12 @@ require 'inc/template.php'; require 'inc/database.php'; require 'inc/user.php'; + + sql_open(); + + // Check if banned + checkBan(); + require 'inc/mod.php'; // Fix some encoding issues @@ -23,8 +29,6 @@ empty($_POST['password']) ) loginForm(ERROR_INVALID, $_POST['username']); - // Open connection - sql_open(); if(!login($_POST['username'], $_POST['password'])) loginForm(ERROR_INVALID, $_POST['username']); @@ -315,7 +319,7 @@ if(empty($_POST['ip'])) error(sprintf(ERROR_REQUIRED, 'IP address')); - $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :expires, :reason)"); + $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); // 1yr2hrs30mins // 1y2h30m @@ -353,6 +357,8 @@ $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':set', time(), PDO::PARAM_INT); + if(isset($_POST['reason'])) { $query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR); } else { From 55595e8cfdf3f103f8f15e4f1c76a2699d63ce42 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 15:30:20 +1100 Subject: [PATCH 139/218] Rearranged some stuff in config.php --- inc/config.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/inc/config.php b/inc/config.php index 65a35506..96a1892d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -97,11 +97,8 @@ * get dumped into the thread as replies. * Extremely beta and not recommended yet. */ - define('ALLOW_ZIP', false, true); - define('ZIP_IMAGE', 'static/zip.png', true); + define('ALLOW_ZIP', false, true); - define('DELETED_IMAGE', 'static/deleted.png', true); - /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) WARNING: Very beta. Currently strips animated GIFs too :( @@ -126,6 +123,12 @@ // examples: '/', 'http://boards.chan.org/', '/chan/' define('ROOT', '/', true); + // Static images + // These can be URLs OR base64 (data URI scheme) + define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true); + define('DELETED_IMAGE', ROOT . DIR_STATIC . 'deleted.png', true); + define('ZIP_IMAGE', ROOT . DIR_STATIC . 'zip.png', true); + // If for some reason the folders and static HTML index files aren't in the current working direcotry, // enter the directory path here. Otherwise, keep it false. define('ROOT_FILE', false, true); @@ -143,10 +146,6 @@ // "302" is recommended. define('REDIRECT_HTTP', 302, true); - // Static images - // These can be URLs OR base64 (data URI scheme) - define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true); - /* Mod stuff */ From 2f602e9b4dfe11000cc3dfd7f07ed2709f5b8541 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 15:31:47 +1100 Subject: [PATCH 140/218] Fixed DELETED_IMAGE showing wrong image location --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index 0f1a6c07..555b78e8 100644 --- a/inc/display.php +++ b/inc/display.php @@ -156,7 +156,7 @@ // Thumbnail ''; } elseif($this->file == 'deleted') { - $built .= ''; + $built .= ''; } $built .= $this->postControls(); From a3b438104eeb7407e41033b5d079c438035f89f6 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 2 Jan 2011 16:18:10 +0800 Subject: [PATCH 141/218] start work on a web based installer --- inc/config.php | 2 +- install.php | 347 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 348 insertions(+), 1 deletion(-) create mode 100644 install.php diff --git a/inc/config.php b/inc/config.php index 96a1892d..8cbc6ba2 100644 --- a/inc/config.php +++ b/inc/config.php @@ -251,4 +251,4 @@ error_reporting(E_ALL); ini_set('display_errors', 1); } -?> \ No newline at end of file +?> diff --git a/install.php b/install.php new file mode 100644 index 00000000..6333c281 --- /dev/null +++ b/install.php @@ -0,0 +1,347 @@ +Error:"; + echo "

inc/instance-config.php already exists. Please delete it before trying to re-install.

"; + die(); +} + +$default_values = array( + // Database stuff + array( + 'output' => "

Database settings

\n". + "

Please change the following to reflect the setup of your database.

" + ), + array( + 'name' => 'DB_TYPE', + 'html' => 'dropdown', + 'values' => array('mysql'=>'MySQL'), + 'comment' => 'Database engine:' + ), + array( + 'name' => 'DB_SERVER', + 'html' => 'text', + 'values' => 'localhost', + 'comment' => 'Database hostname:' + ), + array( + 'name' => 'DB_USER', + 'html' => 'text', + 'values' => 'root', + 'comment' => 'Database username:' + ), + array( + 'name' => 'DB_PASSWORD', + 'html' => 'password', + 'values' => '', + 'comment' => 'Database password:' + ), + array( + 'name' => 'DB_DATABASE', + 'html' => 'text', + 'values' => 'tinyboard', + 'comment' => 'Database name (please create this database beforehand):' + ), + + // General Config + array( + 'output' => "

General Config

\n". + "

General board configuration.

" + ), + array( + 'name' => 'LURKTIME', + 'html' => 'text', + 'values' => '30', + 'comment' => 'How many seconds before you can post, after the first visit:' + ), + array( + 'name' => 'MAX_BODY', + 'html' => 'text', + 'values' => '1800', + 'comment' => 'Max body length:' + ), + array( + 'name' => 'THREADS_PER_PAGE', + 'html' => 'text', + 'values' => '10', + 'comment' => 'Threads per page:' + ), + array( + 'name' => 'MAX_PAGES', + 'html' => 'text', + 'values' => '5', + 'comment' => 'Max pages:' + ), + array( + 'name' => 'THREADS_PREVIEW', + 'html' => 'text', + 'values' => '5', + 'comment' => 'Threads Preview:' + ), + array( + 'name' => 'VERBOSE_ERRORS', + 'html' => 'bool', + 'values' => true, + 'comment' => 'Turns \'display_errors\' on. Not recommended for production.:' + ), + + // Image Config + array( + 'output' => "

Image Config

\n". + "

Image configuration.

" + ), + array( + 'name' => 'THUMB_WIDTH', + 'html' => 'text', + 'values' => '200', + 'comment' => 'Maximum thumbnail width:' + ), + array( + 'name' => 'THUMB_HEIGHT', + 'html' => 'text', + 'values' => '200', + 'comment' => 'Maximum thumbnail height:' + ), + array( + 'name' => 'MAX_FILESIZE', + 'html' => 'text', + 'values' => '10485760', + 'comment' => 'Maximum file size (in bytes; default: 10MB):' + ), + array( + 'name' => 'MAX_WIDTH', + 'html' => 'text', + 'values' => '10000', + 'comment' => 'Maximum image width:' + ), + array( + 'name' => 'MAX_HEIGHT', + 'html' => 'text', + 'values' => '10000', + 'comment' => 'Maximum image height:' + ), + array( + 'name' => 'ALLOW_ZIP', + 'html' => 'bool', + 'values' => false, + 'comment' => 'When you upload a ZIP as a file, all the images inside the archive '. + 'get dumped into the thread as replies. (Extremely beta and not recommended yet.)' + ), + array( + 'name' => 'REDRAW_IMAGE', + 'html' => 'bool', + 'values' => false, + 'comment' => 'Redraw the image using GD functions to strip any excess data (WARNING: VERY BETA).' + ), + array( + 'name' => 'SHOW_RATIO', + 'html' => 'bool', + 'values' => true, + 'comment' => 'Display the aspect ratio in a post\'s file info.' + ), + + // Cookies + array( + 'output' => "

Cookies

\n". + "

The following deals with cookie setup. ". + "You probably don't need to change it.

" + ), + array( + 'name' => 'SESS_COOKIE', + 'html' => 'text', + 'values' => 'imgboard', + 'comment' => 'Name of the session cookie:' + ), + array( + 'name' => 'TIME_COOKIE', + 'html' => 'text', + 'values' => 'arrived', + 'comment' => 'Name of the time cookie:' + ), + array( + 'name' => 'HASH_COOKIE', + 'html' => 'text', + 'values' => 'hash', + 'comment' => 'Name of the hash cookie:' + ), + array( + 'name' => 'MOD_COOKIE', + 'html' => 'text', + 'values' => 'mod', + 'comment' => 'Name of the moderator cookie:' + ), + array( + 'name' => 'JAIL_COOKIES', + 'html' => 'text', + 'values' => 'true', + 'comment' => 'Where to set the \'path\' parameter to ROOT when creating cookies. Recommended.:' + ), + array( + 'name' => 'COOKIE_EXPIRE', + 'html' => 'text', + 'values' => '15778463', + 'comment' => 'How long should the cookies last (in seconds; default 6 months):' + ), + array( + 'name' => 'SALT', + 'html' => 'text', + 'values' => md5(rand(0,100)), + 'comment' => 'Make this something long and random for security:' + ), + + ); + +$sql = array( + 'SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";', + 'CREATE TABLE IF NOT EXISTS `boards` ( + `id` smallint(6) NOT NULL AUTO_INCREMENT, + `uri` varchar(8) NOT NULL, + `title` varchar(20) NOT NULL, + `subtitle` varchar(40) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `uri` (`uri`), + UNIQUE KEY `id` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;', + 'INSERT INTO `boards` (`id`, `uri`, `title`, `subtitle`) VALUES +(1, \'b\', \'Beta\', \'In development.\');', + 'CREATE TABLE IF NOT EXISTS `posts_b` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `thread` int(11) DEFAULT NULL, + `subject` varchar(40) NOT NULL, + `email` varchar(30) NOT NULL, + `name` varchar(25) NOT NULL, + `trip` varchar(15) DEFAULT NULL, + `body` text NOT NULL, + `time` int(11) NOT NULL, + `bump` int(11) DEFAULT NULL, + `thumb` varchar(50) DEFAULT NULL, + `thumbwidth` int(11) DEFAULT NULL, + `thumbheight` int(11) DEFAULT NULL, + `file` varchar(50) DEFAULT NULL, + `filewidth` int(11) DEFAULT NULL, + `fileheight` int(11) DEFAULT NULL, + `filesize` int(11) DEFAULT NULL, + `filename` varchar(30) DEFAULT NULL, + `filehash` varchar(32) DEFAULT NULL, + `password` varchar(20) DEFAULT NULL, + `ip` varchar(15) NOT NULL, + `sticky` int(1) NOT NULL, + UNIQUE KEY `id` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;', + 'CREATE TABLE IF NOT EXISTS `mods` ( + `id` smallint(6) NOT NULL AUTO_INCREMENT, + `username` varchar(30) NOT NULL, + `password` char(40) NOT NULL COMMENT \'SHA1\', + `type` smallint(1) NOT NULL COMMENT \'0: janitor, 1: mod, 2: admin\', + PRIMARY KEY (`id`), + UNIQUE KEY `id` (`id`,`username`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;', + 'INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES +(1, \'admin\', \'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\', 2);', + 'CREATE TABLE IF NOT EXISTS `bans` ( + `ip` varchar( 15 ) NOT NULL , + `mod` int NOT NULL COMMENT \'which mod made the ban\', + `set` int NOT NULL, + `expires` int NULL, + `reason` text NULL +) ENGINE = InnoDB;', + ); + +if (isset($_POST['submit'])) { + $date = date('H:i jS F Y (e)'); + $config_file = "Install Complete."; + die(); +} + +echo ""; +foreach ($default_values as $value) { + if (isset($value['output'])) { + echo $value['output']; + continue; + } + if (isset($value['error'])) { + echo "

Error: ".htmlclean($value['error'])."

\n"; + } + echo "

".$value['comment']." "; + switch ($value['html']) { + case 'text': + echo ""; + break; + case 'password': + echo ""; + break; + case 'dropdown': + echo "\n"; + break; + case 'bool': + if ($value['values']) { + echo "True
"; + echo "False
"; + } else { + echo "True
"; + echo "False
"; + } + break; + default: + die('Internal Error. You have found a bug.'); + } + echo "

\n"; +} +echo "

\n"; +echo ""; + +?> From 39515df99926e7c44cf547d2efec1d79722966e5 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:09:02 +1100 Subject: [PATCH 142/218] Added ERROR_NOTAMOD --- inc/config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 8cbc6ba2..52eb40bb 100644 --- a/inc/config.php +++ b/inc/config.php @@ -74,6 +74,7 @@ // Moderator errors define('ERROR_INVALID', 'Invalid username and/or password.', true); + define('ERROR_NOTAMOD', 'You are not a mod…', true); define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.', true); define('ERROR_MALFORMED','Invalid/malformed cookies.', true); define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); @@ -251,4 +252,4 @@ error_reporting(E_ALL); ini_set('display_errors', 1); } -?> +?> \ No newline at end of file From 82557e2c125989cccae40b4b82c2e310f05409c4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:10:18 +1100 Subject: [PATCH 143/218] Fixed encodign errors --- templates/index.html | 20 +++++++++++++++++++- templates/login.html | 2 +- templates/page.html | 2 +- templates/thread.html | 2 +- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/templates/index.html b/templates/index.html index 7aaf72e0..99c60d4f 100644 --- a/templates/index.html +++ b/templates/index.html @@ -1,4 +1,4 @@ - + @@ -15,6 +15,7 @@
+ {mod?}
' . - ' (eg. "b"; "mu")' . + ' (eg. "b"; "mu")
' . - ' (eg. "Random")' . + ' (eg. "Random")
' . - ' (optional)' . + ' (optional)
+ {mod? + + + + + } @@ -71,6 +71,10 @@
+
+
+ +
} diff --git a/templates/thread.html b/templates/thread.html index 95867830..a2f61df8 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -22,7 +22,7 @@ Name @@ -58,6 +58,19 @@ + {mod? + + + + + } '; - } - function title($text) { - global $body; - $body .= ''; - } - - $count = Array('ok'=>0, 'warning'=>0, 'error'=>0); - $todo = Array(); - $body = '
@@ -57,6 +58,23 @@
+ Flags + +
+ +
+
+
+
+ +
+
Password diff --git a/templates/login.html b/templates/login.html index 5ce955a7..312bd6e9 100644 --- a/templates/login.html +++ b/templates/login.html @@ -1,4 +1,4 @@ -
+
{error?

{error}

} diff --git a/templates/page.html b/templates/page.html index 9e243b75..d8b78898 100644 --- a/templates/page.html +++ b/templates/page.html @@ -1,4 +1,4 @@ - + diff --git a/templates/thread.html b/templates/thread.html index e816e127..e0c33a1e 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -1,4 +1,4 @@ - + From 13cd22e32405e7fceb80e12699616829ac0002df Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:10:33 +1100 Subject: [PATCH 144/218] Check if mod post --- post.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/post.php b/post.php index 6233f807..f79dc5a6 100644 --- a/post.php +++ b/post.php @@ -83,6 +83,15 @@ $post['password'] = $_POST['password']; $post['filename'] = $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); + $post['mod'] = isset($_POST['mod']) && $_POST['mod']; + + if($post['mod']) { + require 'inc/mod.php'; + if(!$mod) { + // Liar. You're not a mod. + error(ERROR_NOTAMOD); + } + } if($post['has_file']) { $size = $_FILES['file']['size']; From d57977121095a38fcd4c4b98d5ffab63c227a34c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:15:59 +1100 Subject: [PATCH 145/218] Mod stickies and redirects --- inc/functions.php | 7 ++++++- post.php | 10 ++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 30effd17..76b44cb3 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -144,7 +144,12 @@ $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':password', $post['password']); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':sticky', 0, PDO::PARAM_INT); + + if($post['mod'] && $post['sticky']) { + $query->bindValue(':sticky', 1, PDO::PARAM_INT); + } else { + $query->bindValue(':sticky', 0, PDO::PARAM_INT); + } if($OP) { // No parent thread, image diff --git a/post.php b/post.php index f79dc5a6..1cae8714 100644 --- a/post.php +++ b/post.php @@ -91,6 +91,9 @@ // Liar. You're not a mod. error(ERROR_NOTAMOD); } + + $post['sticky'] = isset($_POST['sticky']); + $post['locked'] = isset($_POST['lock']); } if($post['has_file']) { @@ -311,10 +314,13 @@ buildIndex(); sql_close(); + + $root = $post['mod'] ? ROOT . FILE_MOD . '?/' : ROOT; + if(ALWAYS_NOKO || $noko) { - header('Location: ' . ROOT . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, REDIRECT_HTTP); + header('Location: ' . $root . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, REDIRECT_HTTP); } else { - header('Location: ' . ROOT . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); } exit; From 010dda16c43fc920b67e9dd4696f2dd8cd560ff4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:20:16 +1100 Subject: [PATCH 146/218] mod posts in threads --- templates/thread.html | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/thread.html b/templates/thread.html index e0c33a1e..58b5028c 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -16,6 +16,7 @@ + {mod?}
From a3143b5b3da3a9781b3e63826041e3b6a7f8b70e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:27:28 +1100 Subject: [PATCH 147/218] Stickies --- mod.php | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/mod.php b/mod.php index 35261e3f..69d8dafe 100644 --- a/mod.php +++ b/mod.php @@ -263,7 +263,6 @@ header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); - } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); // Delete post @@ -279,6 +278,36 @@ // Rebuild board buildIndex(); + // Redirect + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + // Ban by post + + $boardName = $matches[1]; + $post = $matches[3]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + + if($matches[2] == 'un') { + $query->bindValue(':sticky', 0, PDO::PARAM_INT); + } else { + $query->bindValue(':sticky', 1, PDO::PARAM_INT); + } + + $query->execute() or error(db_error($query)); + + buildIndex(); + buildThread($post); + + // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); @@ -294,11 +323,6 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - // Delete post - //deletePost($post); - // Rebuild board - //buildIndex(); - $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); From f1f68b0e7eedc26ea507e039bafffb20a083f918 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:34:04 +1100 Subject: [PATCH 148/218] Fixed ban lengths --- mod.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index 69d8dafe..7d821f1d 100644 --- a/mod.php +++ b/mod.php @@ -347,8 +347,8 @@ // 1yr2hrs30mins // 1y2h30m - if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?m?i?n?u?t?e?s?)?\s?+((\d+)\s?s?e?c?o?n?d?s?)?$/', $_POST['length'], $m)) { - $expire = 0; + $expire = 0; + if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years $expire += $m[2]*60*60*24*7*52; @@ -373,6 +373,8 @@ // Seconds $expire += $m[12]; } + } + if($expire) { $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); } else { // Never expire From cff02371ce9e638dcff5db152a49f5e437d4eb58 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 21:34:31 +1100 Subject: [PATCH 149/218] Fixed permissions typo in stickies --- mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 7d821f1d..a06c424a 100644 --- a/mod.php +++ b/mod.php @@ -284,7 +284,7 @@ else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + if($mod['type'] < MOD_STICKY) error(ERROR_NOACCESS); // Ban by post $boardName = $matches[1]; From 7ae3678554b049515b398403a04e7ffe87b4f4c0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:14:51 +1100 Subject: [PATCH 150/218] Fixed URL matching with double dashes in hostname --- inc/functions.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 76b44cb3..54e3a287 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -284,7 +284,10 @@ function markup(&$body) { global $board; - + + if(MARKUP_URLS) + $body = preg_replace(URL_REGEX, "$0", $body); + if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); $body = str_replace('<--', '←', $body); @@ -321,22 +324,24 @@ // Find the position of the cite $position = strpos($body, $cites[0][$index]); + + + // Replace the found string with "xxxx[...]". (allows duplicate tags). Keeps whitespace. $body = substr_replace($body, str_repeat('x', strlen($cites[0][$index]) - $whitespace[0] - $whitespace[1]), $position + $whitespace[0], strlen($cites[0][$index]) - $whitespace[0] - $whitespace[1]); - + $temp .= substr($body, $previousPosition, $position-$previousPosition) . $cites[1][$index] . $replacement . $cites[3][$index]; $previousPosition = $position+strlen($cites[0][$index]); } + // The rest $temp .= substr($body, $previousPosition); - + $body = $temp; } $body = str_replace("\r", '', $body); - - if(MARKUP_URLS) - $body = preg_replace(URL_REGEX, "$0", $body); + $body = preg_replace("/(^|\n)([\s]+)?(>)([^\n]+)?($|\n)/m", '$1$2$3$4$5', $body); if(WIKI_MARKUP) { From 6bbe6583706f7c231072f7157a29f55b28a905c7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:16:18 +1100 Subject: [PATCH 151/218] Fixed URL matching with double dashes in hostname --- inc/functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 54e3a287..bdb8298c 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -285,9 +285,11 @@ function markup(&$body) { global $board; + $body = utf8tohtml($body, true); + if(MARKUP_URLS) $body = preg_replace(URL_REGEX, "$0", $body); - + if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); $body = str_replace('<--', '←', $body); @@ -299,8 +301,6 @@ $body = str_replace('--', '–', $body); // en dash } - $body = utf8tohtml($body, true); - // Cites if(preg_match_all('/(^|\s)>>([0-9]+?)(\s|$)/', $body, $cites)) { $previousPosition = 0; From bcda984255b5168cd0460364c863c083e08d9ad0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:17:25 +1100 Subject: [PATCH 152/218] Fixed URL matching --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 52eb40bb..1c6f94b6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -212,7 +212,7 @@ // Whether to turn URLs into functional links define('MARKUP_URLS', true, true); // Complex regular expression to catch URLs - define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+))?' . '/', true); + define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+)?)?' . '/', true); // Allowed file extensions $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); From 69956021fc50d904d4050378543524a3e2e0b4e0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:21:53 +1100 Subject: [PATCH 153/218] Locked field in database --- install.php | 10 ++++++++-- install.sql | 1 + templates/posts.sql | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/install.php b/install.php index 6333c281..fb171397 100644 --- a/install.php +++ b/install.php @@ -32,7 +32,12 @@ $default_values = array( array( 'name' => 'DB_TYPE', 'html' => 'dropdown', - 'values' => array('mysql'=>'MySQL'), + 'values' => array( + 'mysql' => 'MySQL', + 'dblib' => 'FreeTDS / Microsoft SQL Server / Sybase', + 'pgsql' => 'PostgreSQL', + 'sqlite' => 'SQLite' + ), 'comment' => 'Database engine:' ), array( @@ -243,6 +248,7 @@ $sql = array( `password` varchar(20) DEFAULT NULL, `ip` varchar(15) NOT NULL, `sticky` int(1) NOT NULL, + `locked` int(1) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;', 'CREATE TABLE IF NOT EXISTS `mods` ( @@ -290,7 +296,7 @@ if (isset($_POST['submit'])) { require 'inc/functions.php'; require 'inc/display.php'; require 'inc/instance-config.php'; - require 'inc/config.php'; + //require 'inc/config.php'; require 'inc/template.php'; require 'inc/database.php'; diff --git a/install.sql b/install.sql index 6a828e3a..0955c153 100644 --- a/install.sql +++ b/install.sql @@ -70,6 +70,7 @@ CREATE TABLE IF NOT EXISTS `posts_b` ( `password` varchar(20) DEFAULT NULL, `ip` varchar(15) NOT NULL, `sticky` int(1) NOT NULL, + `locked` int(1) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; diff --git a/templates/posts.sql b/templates/posts.sql index 9806a10b..4163f125 100644 --- a/templates/posts.sql +++ b/templates/posts.sql @@ -20,5 +20,6 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` ( `password` varchar(20) DEFAULT NULL, `ip` varchar(15) NOT NULL, `sticky` int(1) NOT NULL, + `locked` int(1) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; \ No newline at end of file From 5c094429d7fdcd6dbac4d1d9ff3d7cb190ad2b53 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:25:17 +1100 Subject: [PATCH 154/218] Locks --- inc/functions.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index bdb8298c..57980283 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -133,7 +133,7 @@ function post($post, $OP) { global $pdo, $board; - $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky)", $board['uri'])); + $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :body, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked)", $board['uri'])); // Basic stuff $query->bindValue(':subject', $post['subject']); @@ -151,6 +151,12 @@ $query->bindValue(':sticky', 0, PDO::PARAM_INT); } + if($post['mod'] && $post['locked']) { + $query->bindValue(':locked', 1, PDO::PARAM_INT); + } else { + $query->bindValue(':locked', 0, PDO::PARAM_INT); + } + if($OP) { // No parent thread, image $query->bindValue(':thread', null, PDO::PARAM_NULL); From 97e927bef9e5c69ece8f1c78c5dfe1b16493c842 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:30:30 +1100 Subject: [PATCH 155/218] Show locked threads --- inc/config.php | 1 + inc/display.php | 5 ++++- inc/functions.php | 4 ++-- static/locked.gif | Bin 0 -> 423 bytes 4 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 static/locked.gif diff --git a/inc/config.php b/inc/config.php index 1c6f94b6..6824e71d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -127,6 +127,7 @@ // Static images // These can be URLs OR base64 (data URI scheme) define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true); + define('IMAGE_LOCKED', ROOT . DIR_STATIC . 'locked.gif', true); define('DELETED_IMAGE', ROOT . DIR_STATIC . 'deleted.png', true); define('ZIP_IMAGE', ROOT . DIR_STATIC . 'zip.png', true); diff --git a/inc/display.php b/inc/display.php index 555b78e8..ddced5c6 100644 --- a/inc/display.php +++ b/inc/display.php @@ -170,7 +170,7 @@ class Thread { public $omitted = 0; - public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT, $mod=false) { + public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $root=ROOT, $mod=false) { $this->id = $id; $this->subject = utf8tohtml($subject); $this->email = $email; @@ -190,6 +190,7 @@ $this->posts = Array(); $this->ip = $ip; $this->sticky = $sticky; + $this->locked = $locked; $this->root = $root; $this->mod = $mod; } @@ -281,6 +282,8 @@ ''.$this->id.'' . // Sticky ($this->sticky ? '' : '') . + // Locked + ($this->locked ? '' : '') . // [Reply] ($index ? '[Reply]' : '') . diff --git a/inc/functions.php b/inc/functions.php index 57980283..99b8ac71 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -214,7 +214,7 @@ if($query->rowcount() < 1 && $page > 1) return false; while($th = $query->fetch()) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT, $mod); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); $posts->bindValue(1, $th['id']); @@ -407,7 +407,7 @@ while($post = $query->fetch()) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT, $mod); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod)); } diff --git a/static/locked.gif b/static/locked.gif new file mode 100644 index 0000000000000000000000000000000000000000..d178c7b6e7d11cd779296925cc8a3c59a1f7cc96 GIT binary patch literal 423 zcmV;Y0a*S=Nk%w1VG;lm0M$PLIC;Lgwz5!|(%a_l%ErNErOS88>RzqfOO(%DsoQuvvKZwUohRRl;*0Zpz!oIqwq@lLV+=+&S z*VE2YoYOgh!`|A}_w(;lg33#P$W)-!OM=IJz};@Ygx-@>cm6DD>dbnPz+*_&JSESf{n87r4v^9CRTd3QSj*I{Q z{{R30A^8LW002J#EC2ui01^Na000KWz@KpFD;kGL#+S|nFg>Fh*1OP$0}%lP5gLXX5ezgh14JY>B_$6bA|fFV z1qC%Ee?Ap9D+;0p1|}vcDGdOf6*vk9H#|5h2o4J!C_AhtuRJ^!0tgMaxw{4jzQDo@ z0u;JJo+HP}!NUR`&p*-Aztzmxod6vs3FQ+O9Rd&*;LtJ^2ow(U^bim(**-Zf68$>= R0CmKe(MgZNgFk`*06QTrz7PNa literal 0 HcmV?d00001 From 0fc51119ded6767c91a02239dbeead844249aa03 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:30:49 +1100 Subject: [PATCH 156/218] Fixed bug allowing lock of non-OP posts --- post.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/post.php b/post.php index 1cae8714..56bddd5d 100644 --- a/post.php +++ b/post.php @@ -92,8 +92,8 @@ error(ERROR_NOTAMOD); } - $post['sticky'] = isset($_POST['sticky']); - $post['locked'] = isset($_POST['lock']); + $post['sticky'] = $OP && isset($_POST['sticky']); + $post['locked'] = $OP && isset($_POST['lock']); } if($post['has_file']) { From f4c5ee88f24476f4ea9232942fb2c22272d0da1f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:32:38 +1100 Subject: [PATCH 157/218] Mod controls styling --- style.css | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/style.css b/style.css index 0211e04e..ca26a8da 100644 --- a/style.css +++ b/style.css @@ -80,6 +80,18 @@ form table tr th { form table tr th { background: #98E; } +form table tr td div { + text-align: cetner; + float: left; + padding-left: 3px; +} +form table tr td div input { + display: block; + margin: 2px auto 0 auto; +} +form table tr td div label { + font-size: 10px; +} .unimportant, .unimportant * { font-size: 10px; } From 90b48f128b84268e04d9dc795d9f9631ea188c20 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:32:51 +1100 Subject: [PATCH 158/218] .. --- inc/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 99b8ac71..e5a8023d 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -401,13 +401,13 @@ global $board; $id = round($id); - $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri'])); + $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky`,`locked` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $mod ? '?/' : ROOT, $mod); } else { $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod)); } From e23aa7a7368f9c373f7593976ab84f8f093e5cbd Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 22:45:25 +1100 Subject: [PATCH 159/218] FILE_HASH in config.php --- inc/config.php | 5 +++++ post.php | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 6824e71d..0347846c 100644 --- a/inc/config.php +++ b/inc/config.php @@ -87,6 +87,11 @@ // For resizing, max values define('THUMB_WIDTH', 200, true); define('THUMB_HEIGHT', 200, true); + + // Store image hash in the database for r9k-like boards implementation soon + // Function name for hashing + // sha1_file, md5_file, etc. + define('FILE_HASH', 'md5_file', true); // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB diff --git a/post.php b/post.php index 56bddd5d..169a55e1 100644 --- a/post.php +++ b/post.php @@ -166,7 +166,8 @@ error(ERR_MAXSIZE); } - $post['filehash'] = md5_file($post['file']); + $hash_function = FILE_HASH; + $post['filehash'] = $hash_function($post['file']); $post['filesize'] = filesize($post['file']); $image = createimage($post['extension'], $post['file']); From 01afb9d0c1409d2836fd3e05a37952cd07f12ff7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 23:06:54 +1100 Subject: [PATCH 160/218] README changes --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 815e3a4a..e4d4823d 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,8 @@ Tinyboard is not currently at a stable state. [o]: http://omegadev.org/ ## Installation - 1. Tinyboard requires a MySQL database and a user to work. Create one. +An automated installation script will be completed soon. + 1. Tinyboard requires an SQL database and a user to work. Create one. 2. Import 'install.sql' into the database. There are several ways to do this. - using phpMyAdmin - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` From 7a17490443593b08ff198bcc63b1e177b182a158 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 23:06:58 +1100 Subject: [PATCH 161/218] README changes --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index e4d4823d..b4a8d848 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,7 @@ An automated installation script will be completed soon. - using phpMyAdmin - `mysql -uUSERNAME -pPASSWORD DATABASE < install.sql` 3. Edit 'instance-config.php' to suit your installation. You should copy some values from '[inc/config.php][c]' to redefine them in the instance-config. - 4. Make sure that the directories used by Tinyboard are writable. Depending on your setup, you may need to `chmod` the directories to 777. - The default directories are: - - ./res - - ./src - - ./thumb - - . (document root) + 4. Make sure that the Tinyboard directory is writable. Depending on your setup, you may need to `chmod` "." to 777, with `chmod 777 .` 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. From 6633c6b46dfd767249bb8d1fc2364baa9dd2912e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 23:07:39 +1100 Subject: [PATCH 162/218] README changes --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b4a8d848..032f271a 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ Tinyboard is not currently at a stable state. ## Installation An automated installation script will be completed soon. + 1. Tinyboard requires an SQL database and a user to work. Create one. 2. Import 'install.sql' into the database. There are several ways to do this. - using phpMyAdmin From 685e6b896418c58240e3cb763d8c4fc2e845b2a3 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 23:08:08 +1100 Subject: [PATCH 163/218] README changes --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 032f271a..fcb8591a 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Tinyboard is not currently at a stable state. ## Installation An automated installation script will be completed soon. + 1. Tinyboard requires an SQL database and a user to work. Create one. 2. Import 'install.sql' into the database. There are several ways to do this. - using phpMyAdmin From d68adefd3bdabdebc02f66a814cafaad5ffbee54 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sun, 2 Jan 2011 23:08:37 +1100 Subject: [PATCH 164/218] README changes --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fcb8591a..3d13c026 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,6 @@ Tinyboard is not currently at a stable state. [o]: http://omegadev.org/ ## Installation -An automated installation script will be completed soon. - - 1. Tinyboard requires an SQL database and a user to work. Create one. 2. Import 'install.sql' into the database. There are several ways to do this. - using phpMyAdmin @@ -20,6 +17,8 @@ An automated installation script will be completed soon. 5. Ensure everything is okay by running [test.php][t] in a browser. The script will try and help you correct your errors. 6. Run the [post.php][p] script. It should create an index.html and redirect you to it if everything is okay. 7. Optional (highly recommended): Either delete or chmod as unreadable the following files: [test.php][t], [install.sql][i], and this [README][r]. + +An automated installation script will be completed soon. [t]: http://github.com/savetheinternet/Tinyboard/blob/master/test.php [p]: http://github.com/savetheinternet/Tinyboard/blob/master/post.php From 567d37c62ee30ed1f94e4e73659c96cea94afcf0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:15:55 +1100 Subject: [PATCH 165/218] Permissions on mod controls when making a new thread --- post.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/post.php b/post.php index 169a55e1..cdc51ffd 100644 --- a/post.php +++ b/post.php @@ -94,6 +94,9 @@ $post['sticky'] = $OP && isset($_POST['sticky']); $post['locked'] = $OP && isset($_POST['lock']); + + if($post['sticky'] && $mod['type'] < MOD_STICKY) error(ERROR_NOACCESS); + if($post['locked'] && $mod['type'] < MOD_LOCK) error(ERROR_NOACCESS); } if($post['has_file']) { From 5df6f85854f25581df787241773b8b39e23e8f00 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:23:34 +1100 Subject: [PATCH 166/218] Don't allow users to post in locked threads' --- inc/config.php | 3 +++ inc/functions.php | 15 +++++++++++++++ post.php | 3 +++ 3 files changed, 21 insertions(+) diff --git a/inc/config.php b/inc/config.php index 0347846c..26607d25 100644 --- a/inc/config.php +++ b/inc/config.php @@ -66,6 +66,7 @@ define('ERROR_FILEEXT', 'Unsupported image format.', true); define('ERROR_NOBOARD', 'Invalid board!', true); define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); + define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); @@ -186,6 +187,8 @@ define('MOD_DELETEBYIP', MOD_BAN, true); // Sticky a thread define('MOD_STICKY', MOD_MOD, true); + // Lock a thread + define('MOD_LOCK', MOD_MOD, true); /* Administration */ // Display the contents of instant-config.php diff --git a/inc/functions.php b/inc/functions.php index e5a8023d..a5ec0093 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -118,6 +118,21 @@ } } + function threadLocked($id) { + global $board; + + $query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if(!$post = $query->fetch()) { + // Non-existant, so it can't be locked... + return false; + } + + return (bool) $post['locked']; + } + function threadExists($id) { global $board; diff --git a/post.php b/post.php index cdc51ffd..452aa054 100644 --- a/post.php +++ b/post.php @@ -70,6 +70,9 @@ if(!$OP && !threadExists($post['thread'])) error(ERROR_NONEXISTANT); + if(!$OP && threadLocked($post['thread'])) + error(ERROR_LOCKED); + // Check for a file if($OP) { if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name'])) From 8fe1846e5642ad50790dc1626a025f9845d74d69 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:33:57 +1100 Subject: [PATCH 167/218] Allow mods to post in locked threads as per the config --- inc/config.php | 2 ++ post.php | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/inc/config.php b/inc/config.php index 26607d25..ec697f79 100644 --- a/inc/config.php +++ b/inc/config.php @@ -189,6 +189,8 @@ define('MOD_STICKY', MOD_MOD, true); // Lock a thread define('MOD_LOCK', MOD_MOD, true); + // Post in a locked thread + define('MOD_POSTINLOCKED', MOD_MOD, true); /* Administration */ // Display the contents of instant-config.php diff --git a/post.php b/post.php index 452aa054..f76b2c73 100644 --- a/post.php +++ b/post.php @@ -69,10 +69,7 @@ //Check if thread exists if(!$OP && !threadExists($post['thread'])) error(ERROR_NONEXISTANT); - - if(!$OP && threadLocked($post['thread'])) - error(ERROR_LOCKED); - + // Check for a file if($OP) { if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name'])) @@ -102,6 +99,14 @@ if($post['locked'] && $mod['type'] < MOD_LOCK) error(ERROR_NOACCESS); } + // Check if thread is locked + // but allow mods to post + if(!$OP && threadLocked($post['thread'])) { + if(!$mod || $mod['type'] < MOD_POSTINLOCKED) { + error(ERROR_LOCKED); + } + } + if($post['has_file']) { $size = $_FILES['file']['size']; if($size > MAX_FILESIZE) From 01bbe8fca7e50327c54faa26e41a1fdd57156762 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:41:14 +1100 Subject: [PATCH 168/218] Optimize code when checking if locked. --- post.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/post.php b/post.php index f76b2c73..d2306ca1 100644 --- a/post.php +++ b/post.php @@ -101,10 +101,9 @@ // Check if thread is locked // but allow mods to post - if(!$OP && threadLocked($post['thread'])) { - if(!$mod || $mod['type'] < MOD_POSTINLOCKED) { + if(!$OP && (!$mod || $mod['type'] < MOD_POSTINLOCKED)) { + if(threadLocked($post['thread'])) error(ERROR_LOCKED); - } } if($post['has_file']) { From 8981e4b2759f1ae138824823c68e79995411f1e0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:56:06 +1100 Subject: [PATCH 169/218] Changed FILE_HASH to default to sha1 --- inc/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index ec697f79..809e8148 100644 --- a/inc/config.php +++ b/inc/config.php @@ -92,7 +92,7 @@ // Store image hash in the database for r9k-like boards implementation soon // Function name for hashing // sha1_file, md5_file, etc. - define('FILE_HASH', 'md5_file', true); + define('FILE_HASH', 'sha1_file', true); // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB From f5f4d8743e2fcc180eeec8c91e5799a2b138012e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:57:24 +1100 Subject: [PATCH 170/218] Fixed an incorrect comment... --- inc/display.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index ddced5c6..63446305 100644 --- a/inc/display.php +++ b/inc/display.php @@ -219,13 +219,14 @@ if($this->mod['type'] >= MOD_BANDELETE) $built .= ' ' . MOD_LINK_BANDELETE . ''; - // Delete file (keep post) + // Stickies if($this->mod['type'] >= MOD_STICKY) if($this->sticky) $built .= ' ' . MOD_LINK_DESTICKY . ''; else $built .= ' ' . MOD_LINK_STICKY . ''; + $built .= ''; } return $built; From 76cb8b07883471670e63bc2a441439fa93a1438e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 01:58:38 +1100 Subject: [PATCH 171/218] Lock controls on posts --- inc/display.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/inc/display.php b/inc/display.php index 63446305..f6cfafdc 100644 --- a/inc/display.php +++ b/inc/display.php @@ -226,6 +226,13 @@ else $built .= ' ' . MOD_LINK_STICKY . ''; + // Lock + if($this->mod['type'] >= MOD_LOCK) + if($this->sticky) + $built .= ' ' . MOD_LINK_UNLOCK . ''; + else + $built .= ' ' . MOD_LINK_LOCK . ''; + $built .= ''; } From 5538d5589dfd04c1a9b8c4c6641e1beb28b7812f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 02:00:03 +1100 Subject: [PATCH 172/218] Fixed error, confused stickies with locks --- inc/display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/display.php b/inc/display.php index f6cfafdc..028ca1aa 100644 --- a/inc/display.php +++ b/inc/display.php @@ -228,7 +228,7 @@ // Lock if($this->mod['type'] >= MOD_LOCK) - if($this->sticky) + if($this->locked) $built .= ' ' . MOD_LINK_UNLOCK . ''; else $built .= ' ' . MOD_LINK_LOCK . ''; From cb4ebae191db86ab8bdb4414af9b0ea340a61caf Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 02:00:30 +1100 Subject: [PATCH 173/218] Unlock/lock operations --- mod.php | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index a06c424a..150ab6a5 100644 --- a/mod.php +++ b/mod.php @@ -285,7 +285,7 @@ header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { if($mod['type'] < MOD_STICKY) error(ERROR_NOACCESS); - // Ban by post + // Add/remove sticky $boardName = $matches[1]; $post = $matches[3]; @@ -308,6 +308,36 @@ buildThread($post); + // Redirect + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_LOCK) error(ERROR_NOACCESS); + // Lock/Unlock + + $boardName = $matches[1]; + $post = $matches[3]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + + if($matches[2] == 'un') { + $query->bindValue(':locked', 0, PDO::PARAM_INT); + } else { + $query->bindValue(':locked', 1, PDO::PARAM_INT); + } + + $query->execute() or error(db_error($query)); + + buildIndex(); + buildThread($post); + + // Redirect if(isset($_SERVER['HTTP_REFERER'])) header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); From 714e531303d6406a41c9b3b82c7f14964028d133 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 02:04:32 +1100 Subject: [PATCH 174/218] Changed years expire time to 365 days instead of 52 weeks --- mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 150ab6a5..7c910a4a 100644 --- a/mod.php +++ b/mod.php @@ -381,7 +381,7 @@ if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years - $expire += $m[2]*60*60*24*7*52; + $expire += $m[2]*60*60*24*365; } if(isset($m[4])) { // Weeks From db1760322149162062e774cf2849357c76a6749e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 02:28:29 +1100 Subject: [PATCH 175/218] Locking permissions --- inc/config.php | 3 ++- inc/functions.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index 809e8148..d40f7654 100644 --- a/inc/config.php +++ b/inc/config.php @@ -207,7 +207,8 @@ define('MOD_LINK_DELETEBYIP', '[D+]', true); define('MOD_LINK_STICKY', '[Sticky]', true); define('MOD_LINK_DESTICKY', '[-Sticky]', true); - + define('MOD_LINK_LOCK', '[Lock]', true); + define('MOD_LINK_UNLOCK', '[-Lock]', true); // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. define('HAS_INSTALLED', '.installed', true); diff --git a/inc/functions.php b/inc/functions.php index a5ec0093..8cea487e 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -99,9 +99,9 @@ formatDate($ban['set']) . ', and ' . ($ban['expires'] ? - 'expires on ' . + 'expires ' . until($ban['expires']) . ' from now, which is on ' . formatDate($ban['expires']) . - ', which is ' . until($ban['expires']) . ' from now' + '' : 'will not expire' ) . '.

Your IP address is ' . $_SERVER['REMOTE_ADDR'] . '.

From a0ae475ea450b6cacdb615698d8bfc62d0c99540 Mon Sep 17 00:00:00 2001 From: Paul Merrill Date: Sun, 2 Jan 2011 08:27:34 -0800 Subject: [PATCH 176/218] Added live countdown to expiry on ban page. --- inc/functions.php | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 8cea487e..b56bf29d 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -55,10 +55,10 @@ return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24*7) { return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24*7*52) { + } elseif($difference < 60*60*24*365) { return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); } else { - return ($num = round($difference/(60*60*24*7*52))) . ' year' . ($num != 1 ? 's' : ''); + return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); } } @@ -99,11 +99,38 @@ formatDate($ban['set']) . ', and ' . ($ban['expires'] ? - 'expires ' . until($ban['expires']) . ' from now, which is on ' . + 'expires ' . until($ban['expires']) . ' from now, which is on ' . formatDate($ban['expires']) . - '' + ' + ' : 'will not expire' ) . - '.

+ '

Your IP address is ' . $_SERVER['REMOTE_ADDR'] . '.

'; @@ -739,4 +766,4 @@ function int_to_word($n) { return chr($n & 255).chr(($n >> 8) & 255); } -?> \ No newline at end of file +?> From 98c62258b46a40bfc1669987f227c677b9942e3d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 15:00:14 +1100 Subject: [PATCH 177/218] Improved countdown timer --- inc/functions.php | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index b56bf29d..de188f0b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -97,22 +97,27 @@ : '') . '

Your ban was filed on ' . formatDate($ban['set']) . - ', and ' . + ', and ' . ($ban['expires'] ? - 'expires ' . until($ban['expires']) . ' from now, which is on ' . + 'expires ' . until($ban['expires']) . ' from now, which is on ' . formatDate($ban['expires']) . - ' + ' ' - : 'will not expire' ) . - '

+ : 'will not expire.' ) . + '

Your IP address is ' . $_SERVER['REMOTE_ADDR'] . '.

'; From 083d7213f6782d33a2b5fe3de2bb767aab89e129 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 15:10:21 +1100 Subject: [PATCH 178/218] Fixed link in "Go back" on error pages for mods --- inc/display.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/inc/display.php b/inc/display.php index 028ca1aa..58f26960 100644 --- a/inc/display.php +++ b/inc/display.php @@ -20,7 +20,7 @@ } function error($message) { - global $board; + global $board, $mod; if(function_exists('sql_close')) sql_close(); die(Element('page.html', Array( @@ -29,7 +29,10 @@ 'subtitle'=>'An error has occured.', 'body'=>"
" . "

$message

" . - (isset($board) ? "

Go back.

" : ''). + (isset($board) ? + "

Go back.

" : ''). "
" ))); } From 3a3578c80507d80d571297b6bbf2502d5da73fd9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 16:29:34 +1100 Subject: [PATCH 179/218] Valid HTML5 --- inc/config.php | 2 +- inc/display.php | 4 ++-- templates/index.html | 3 +-- templates/page.html | 2 +- templates/thread.html | 3 +-- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/inc/config.php b/inc/config.php index d40f7654..521d3eb3 100644 --- a/inc/config.php +++ b/inc/config.php @@ -202,7 +202,7 @@ // Correspond to above permission directives define('MOD_LINK_DELETE', '[D]', true); define('MOD_LINK_BAN', '[B]', true); - define('MOD_LINK_BANDELETE', '[B&D]', true); + define('MOD_LINK_BANDELETE', '[B&D]', true); define('MOD_LINK_DELETEFILE', '[F]', true); define('MOD_LINK_DELETEBYIP', '[D+]', true); define('MOD_LINK_STICKY', '[Sticky]', true); diff --git a/inc/display.php b/inc/display.php index 58f26960..edcbf21b 100644 --- a/inc/display.php +++ b/inc/display.php @@ -138,7 +138,7 @@ ($index?'':' onclick="highlightReply(' . $this->id . ');"') . ' href="' . $this->root . $board['dir'] . DIR_RES . $this->thread . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . '

'; // File info @@ -290,7 +290,7 @@ ($index?'':' onclick="highlightReply(' . $this->id . ');"') . ' href="' . $this->root . $board['dir'] . DIR_RES . $this->id . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . // Sticky ($this->sticky ? '' : '') . // Locked diff --git a/templates/index.html b/templates/index.html index 99c60d4f..d0702ba9 100644 --- a/templates/index.html +++ b/templates/index.html @@ -3,8 +3,7 @@ {board[url]} - {board[name]} - - + diff --git a/templates/page.html b/templates/page.html index d8b78898..f8525e01 100644 --- a/templates/page.html +++ b/templates/page.html @@ -3,7 +3,7 @@ {title} - + diff --git a/templates/thread.html b/templates/thread.html index 58b5028c..2fd03418 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -3,8 +3,7 @@ {board[url]} - {board[name]} - - + From 05712d745713944e2e2535879f1cc82fdae2070f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 17:28:18 +1100 Subject: [PATCH 180/218] Check if board already exists when creating it --- inc/config.php | 1 + mod.php | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 521d3eb3..7bd2228c 100644 --- a/inc/config.php +++ b/inc/config.php @@ -81,6 +81,7 @@ define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); define('ERROR_REQUIRED', 'The %s field is required.', true); define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); + define('ERROR_BOARDEXISTS', 'There is already a %s board.', true); define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true); define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true); define('ERROR_404', 'Page not found.', true); diff --git a/mod.php b/mod.php index 7c910a4a..00f4ab96 100644 --- a/mod.php +++ b/mod.php @@ -183,6 +183,9 @@ if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf(ERROR_INVALIDFIELD, 'URI')); + if(openBoard($b['uri'])) + error(sprintf(ERROR_BOARDEXISTS, sprintf(BOARD_ABBREVIATION, $b['uri']))); + $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); $query->bindValue(':uri', $b['uri']); $query->bindValue(':title', $b['title']); @@ -378,7 +381,7 @@ // 1yr2hrs30mins // 1y2h30m $expire = 0; - if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { + if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years $expire += $m[2]*60*60*24*365; From dbae5dbf56a6659b5c06740e8e41cdc5fecbc1d0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 3 Jan 2011 17:30:17 +1100 Subject: [PATCH 181/218] Remove "return to board" link when showing "board already exists" error --- mod.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mod.php b/mod.php index 00f4ab96..41e593c9 100644 --- a/mod.php +++ b/mod.php @@ -183,8 +183,10 @@ if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf(ERROR_INVALIDFIELD, 'URI')); - if(openBoard($b['uri'])) + if(openBoard($b['uri'])) { + unset($board); error(sprintf(ERROR_BOARDEXISTS, sprintf(BOARD_ABBREVIATION, $b['uri']))); + } $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); $query->bindValue(':uri', $b['uri']); From c17a26d689642a694e58ff25bf46f09862ac6fa2 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 15 Jan 2011 14:17:03 +1100 Subject: [PATCH 182/218] Fixed a small mistake, not causing any major problems --- inc/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/database.php b/inc/database.php index e9780640..3ae66c29 100644 --- a/inc/database.php +++ b/inc/database.php @@ -5,7 +5,7 @@ if($pdo) return true; $dsn = DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE; - if(!empty($dsn)) + if(!empty(DB_DSN)) $dsn .= ';' . DB_DSN; try { return $pdo = new PDO($dsn, DB_USER, DB_PASSWORD); From ee6af9bfba49c8a70d5bc3a1e348dcf237e241ca Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 15 Jan 2011 14:59:27 +1100 Subject: [PATCH 183/218] Fix for empty() on a constant --- inc/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/database.php b/inc/database.php index 3ae66c29..dca1fbd1 100644 --- a/inc/database.php +++ b/inc/database.php @@ -5,7 +5,7 @@ if($pdo) return true; $dsn = DB_TYPE . ':host=' . DB_SERVER . ';dbname=' . DB_DATABASE; - if(!empty(DB_DSN)) + if((bool)DB_DSN) // empty() doesn't work on constants $dsn .= ';' . DB_DSN; try { return $pdo = new PDO($dsn, DB_USER, DB_PASSWORD); From a0ef70beab3ddcc1d61016d65f9687594d0db5b9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 15 Jan 2011 15:05:58 +1100 Subject: [PATCH 184/218] "ban&delete" --- mod.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index 41e593c9..ecdfedcf 100644 --- a/mod.php +++ b/mod.php @@ -348,12 +348,13 @@ header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); - } elseif(preg_match('/^\/' . $regex['board'] . 'ban\/(\d+)$/', $query, $matches)) { + } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)\/(\d+)$/', $query, $matches)) { if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); // Ban by post $boardName = $matches[1]; - $post = $matches[2]; + $delete = isset($matches[2]) && $matches[2] == '&delete'; + $post = $matches[3]; // Open board if(!openBoard($boardName)) error(ERROR_NOBOARD); @@ -427,6 +428,10 @@ } $query->execute() or error(db_error($query)); + // Delete too + if($delete) + deletePost($post['id']); + // Redirect if(isset($_POST['continue'])) header('Location: ' . $_POST['continue'], true, REDIRECT_HTTP); From c2727787aba5cf837af747cfb8b5c61c750c1581 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 15 Jan 2011 15:29:05 +1100 Subject: [PATCH 185/218] Basic "IP" page --- inc/config.php | 6 ++++++ mod.php | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/inc/config.php b/inc/config.php index 7bd2228c..ae79edc4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -164,6 +164,12 @@ define('MOD_DEFAULT', '/', true); // Don't even display MySQL password to administrators (in the configuration page) define('MOD_NEVER_REAL_PASSWORD', true, true); + // Do a DNS lookup on IP addresses to get their hostname on the IP summary page + define('MOD_DNS_LOOKUP', true, true); + // Show ban form on the IP summary page + define('MOD_IP_BANFORM', true, true); + // How many recent posts, per board, to show in the IP summary page + define('MOD_IP_RECENTPOSTS', 5, true); // Probably best not to change these: define('MOD_JANITOR', 0, true); diff --git a/mod.php b/mod.php index ecdfedcf..f93430b8 100644 --- a/mod.php +++ b/mod.php @@ -448,6 +448,46 @@ 'mod'=>true ) ); + } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+)$/', $query, $matches)) { + // View information on an IP address + + $ip = $matches[1]; + $host = MOD_DNS_LOOKUP ? gethostbyaddr($ip) : false; + + $body = ''; + $boards = listBoards(); + foreach($boards as &$_board) { + openBoard($_board['uri']); + + $temp = ''; + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri'])); + $query->bindValue(':ip', $ip); + $query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + while($post = $query->fetch()) { + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod); + $temp .= $po->build(); + } + if(!empty($temp)) + $body .= '
Last ' . $query->rowCount() . ' posts on ' . + sprintf(BOARD_ABBREVIATION, $_board['uri']) . ' - ' . $_board['title'] . + '' . $temp . '
'; + } + + if(MOD_IP_BANFORM) + $body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'IP: ' . $ip, + 'subtitle' => $host, + 'body'=>$body, + 'mod'=>true + ) + ); } else { error(ERROR_404); } From f47cccab019f3e7882a188c7d09e3070eb8f82ce Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 15 Jan 2011 15:37:39 +1100 Subject: [PATCH 186/218] fixed ban addition page --- inc/mod.php | 6 ++++-- mod.php | 50 +++++++++++++++++++++++++++----------------------- 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index 23ec43af..a325d589 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -111,10 +111,12 @@ return $body; } - function form_newBan($ip=null, $reason='', $continue=false) { + function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false) { return '
New ban' . - '' . + '' . ($continue ? '' : '') . + ($delete ? '' : '') . + ($board ? '' : '') . '' . '' . '' . diff --git a/mod.php b/mod.php index f93430b8..b4355fe4 100644 --- a/mod.php +++ b/mod.php @@ -348,26 +348,8 @@ header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); - } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); - // Ban by post - - $boardName = $matches[1]; - $delete = isset($matches[2]) && $matches[2] == '&delete'; - $post = $matches[3]; - // Open board - if(!openBoard($boardName)) - error(ERROR_NOBOARD); - - $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); - } - - $post = $query->fetch(); + } elseif(preg_match('/^\/ban$/', $query)) { + // Ban page if(isset($_POST['new_ban'])) { if( !isset($_POST['ip']) || @@ -429,8 +411,10 @@ $query->execute() or error(db_error($query)); // Delete too - if($delete) - deletePost($post['id']); + if($mod['type'] >= MOD_DELETE && isset($_POST['delete']) && isset($_POST['board'])) { + openBoard($_POST['board']); + deletePost(round($_POST['delete'])); + } // Redirect if(isset($_POST['continue'])) @@ -438,8 +422,28 @@ else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } + } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { + if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + // Ban by post + + $boardName = $matches[1]; + $delete = isset($matches[2]) && $matches[2] == '&delete'; + $post = $matches[3]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error(ERROR_INVALIDPOST); + } + + $post = $query->fetch(); - $body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); + $body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false); echo Element('page.html', Array( 'index'=>ROOT, From 5c2b7dfe61c1a702fd7cbb1bbcec6a036055bff9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 18 Jan 2011 16:48:39 +1100 Subject: [PATCH 187/218] .. --- inc/display.php | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/inc/display.php b/inc/display.php index edcbf21b..66637d0d 100644 --- a/inc/display.php +++ b/inc/display.php @@ -74,6 +74,8 @@ $this->mod = $mod; } public function postControls() { + global $board; + $built = ''; if($this->mod) { // Mod controls (on posts) @@ -81,23 +83,23 @@ // Delete if($this->mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; + $built .= ' ' . MOD_LINK_DELETE . ''; // Delete all posts by IP if($this->mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; // Ban if($this->mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; + $built .= ' ' . MOD_LINK_BAN . ''; // Ban & Delete if($this->mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; + $built .= ' ' . MOD_LINK_BANDELETE . ''; // Delete file (keep post) if(!empty($this->file) && $this->mod['type'] >= MOD_DELETEFILE) - $built .= ' ' . MOD_LINK_DELETEFILE . ''; + $built .= ' ' . MOD_LINK_DELETEFILE . ''; $built .= ''; } @@ -200,7 +202,9 @@ public function add(Post $post) { $this->posts[] = $post; } - public function postControls() { + public function postControls() { + global $board; + $built = ''; if($this->mod) { // Mod controls (on posts) @@ -208,33 +212,33 @@ // Delete if($this->mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; + $built .= ' ' . MOD_LINK_DELETE . ''; // Delete all posts by IP if($this->mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + $built .= ' ' . MOD_LINK_DELETEBYIP . ''; // Ban if($this->mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; + $built .= ' ' . MOD_LINK_BAN . ''; // Ban & Delete if($this->mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; + $built .= ' ' . MOD_LINK_BANDELETE . ''; // Stickies if($this->mod['type'] >= MOD_STICKY) if($this->sticky) - $built .= ' ' . MOD_LINK_DESTICKY . ''; + $built .= ' ' . MOD_LINK_DESTICKY . ''; else - $built .= ' ' . MOD_LINK_STICKY . ''; + $built .= ' ' . MOD_LINK_STICKY . ''; // Lock if($this->mod['type'] >= MOD_LOCK) if($this->locked) - $built .= ' ' . MOD_LINK_UNLOCK . ''; + $built .= ' ' . MOD_LINK_UNLOCK . ''; else - $built .= ' ' . MOD_LINK_LOCK . ''; + $built .= ' ' . MOD_LINK_LOCK . ''; $built .= ''; From d284b0d50dabef2627ba9e38291f07e736dd0721 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 18 Jan 2011 17:11:28 +1100 Subject: [PATCH 188/218] flood prevention --- inc/config.php | 12 ++++++++++-- inc/functions.php | 14 ++++++++++++++ post.php | 4 ++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index ae79edc4..f3906b1b 100644 --- a/inc/config.php +++ b/inc/config.php @@ -44,12 +44,19 @@ // How many seconds before you can post, after the first visit define('LURKTIME', 30, true); + + // How many seconds between each post + define('FLOOD_TIME', 4, true); + // How many seconds between each post with exactly the same content and same IP + define('FLOOD_TIME_IP_SAME', 120, true); + // Same as above but different IP address + define('FLOOD_TIME_SAME', 30, true); // Max body length define('MAX_BODY', 1800, true); define('THREADS_PER_PAGE', 10, true); - define('MAX_PAGES', 5, true); + define('MAX_PAGES', 10, true); define('THREADS_PREVIEW', 5, true); // For development purposes. Turns 'display_errors' on. Not recommended for production. @@ -68,10 +75,11 @@ define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); + define('ERROR_FLOOD', 'Flood detected; Post discared.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); - define('ERR_INVALIDZIP','Invalid archive!', true); + define('ERR_INVALIDZIP', 'Invalid archive!', true); // Moderator errors define('ERROR_INVALID', 'Invalid username and/or password.', true); diff --git a/inc/functions.php b/inc/functions.php index de188f0b..70a17d23 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -45,6 +45,20 @@ return $boards; } + function checkFlood($post) { + global $board; + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':body', $post['body'], PDO::PARAM_INT); + $query->bindValue(':floodtime', time()-FLOOD_TIME, PDO::PARAM_INT); + $query->bindValue(':floodsameiptime', time()-FLOOD_TIME_IP_SAME, PDO::PARAM_INT); + $query->bindValue(':floodsametime', time()-FLOOD_TIME_SAME, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + return (bool)$query->fetch(); + } + function until($timestamp) { $difference = $timestamp - time(); if($difference < 60) { diff --git a/post.php b/post.php index d2306ca1..66247f4f 100644 --- a/post.php +++ b/post.php @@ -143,6 +143,10 @@ markup($post['body']); + // Check for a flood + if(checkFlood($post)) + error(ERROR_FLOOD); + if($post['has_file']) { // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; From 62bd2ee348f460b3d4cbbdbd8469a783b4c64c78 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 19 Jan 2011 00:41:43 +1100 Subject: [PATCH 189/218] A bunch of stuff. --- inc/config.php | 9 +++++ inc/functions.php | 92 ++++++++++++++++++++++++++++++++++++++++++++++- inc/mod.php | 41 --------------------- post.php | 9 +++-- style.css | 10 ++++++ 5 files changed, 117 insertions(+), 44 deletions(-) diff --git a/inc/config.php b/inc/config.php index f3906b1b..746efb63 100644 --- a/inc/config.php +++ b/inc/config.php @@ -76,6 +76,7 @@ define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERROR_FLOOD', 'Flood detected; Post discared.', true); + define('ERROR_UNORIGINAL', 'Unoriginal content!', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); @@ -163,6 +164,12 @@ // "302" is recommended. define('REDIRECT_HTTP', 302, true); + // Robot stuff + // Strip repeating characters when making hashes + define('ROBOT_ENABLE', true, true); + define('ROBOT_STRIP_REPEATING', true, true); + + /* Mod stuff */ @@ -206,6 +213,8 @@ define('MOD_LOCK', MOD_MOD, true); // Post in a locked thread define('MOD_POSTINLOCKED', MOD_MOD, true); + // Post bypass unoriginal content check + define('MOD_POSTUNORIGINAL', MOD_MOD, true); /* Administration */ // Display the contents of instant-config.php diff --git a/inc/functions.php b/inc/functions.php index 70a17d23..4f4a69bd 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -261,7 +261,62 @@ $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } - + + // Delete a post (reply or thread) + function deletePost($id) { + global $board; + + // Select post and replies (if thread) in one query + $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error(ERROR_INVALIDPOST); + } + + // Delete posts and maybe replies + while($post = $query->fetch()) { + if(!$post['thread']) { + // Delete thread HTML page + @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); + } elseif($query->rowCount() == 1) { + // Rebuild thread + $rebuild = $post['thread']; + } + if($post['thumb']) { + // Delete thumbnail + @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + } + if($post['file']) { + // Delete file + @unlink($board['dir'] . DIR_IMG . $post['file']); + } + } + + $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(isset($rebuild)) { + buildThread($rebuild); + } + } + + function clean() { + global $board; + $offset = round(MAX_PAGES*THREADS_PER_PAGE); + + // I too wish there was an easier way of doing this... + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); + $query->bindValue(':offset', $offset, PDO::PARAM_INT); + + $query->execute() or error(db_error($query)); + while($post = $query->fetch()) { + deletePost($post['id']); + } + } + function index($page, $mod=false) { global $board; @@ -323,7 +378,41 @@ return $pages; } + + function makerobot($body) { + $body = strtolower($body); + + // Leave only letters + $body = preg_replace('/[^a-z]/i', '', $body); + // Remove repeating characters + if(ROBOT_STRIP_REPEATING) + $body = preg_replace('/(.)\\1+/', '$1', $body); + + return sha1($body); + } + + function checkRobot($body) { + /* CREATE TABLE `robot` ( +`hash` VARCHAR( 40 ) NOT NULL COMMENT 'SHA1' +) ENGINE = INNODB; */ + + $body = makerobot($body); + $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); + $query->bindValue(':hash', $body); + $query->execute() or error(db_error($query)); + if($query->fetch()) { + return true; + } else { + // Insert new hash + + $query = prepare("INSERT INTO `robot` VALUES (:hash)"); + $query->bindValue(':hash', $body); + $query->execute() or error(db_error($query)); + return false; + } + } + function buildIndex() { global $board; sql_open(); @@ -417,6 +506,7 @@ $body = preg_replace("/(^|\n)==(.+?)==\n?/m", "

$2

", $body); $body = preg_replace("/'''(.+?)'''/m", "$1", $body); $body = preg_replace("/''(.+?)''/m", "$1", $body); + $body = preg_replace("/\*\*(.+?)\*\*/m", "$1", $body); } $body = preg_replace("/\n/", '
', $body); } diff --git a/inc/mod.php b/inc/mod.php index a325d589..5e3a2c87 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -209,45 +209,4 @@ buildThread($post['thread']); } - - // Delete a post (reply or thread) - function deletePost($id) { - global $board; - - // Select post and replies (if thread) in one query - $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); - } - - // Delete posts and maybe replies - while($post = $query->fetch()) { - if(!$post['thread']) { - // Delete thread HTML page - @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); - } elseif($query->rowCount() == 1) { - // Rebuild thread - $rebuild = $post['thread']; - } - if($post['thumb']) { - // Delete thumbnail - @unlink($board['dir'] . DIR_THUMB . $post['thumb']); - } - if($post['file']) { - // Delete file - @unlink($board['dir'] . DIR_IMG . $post['file']); - } - } - - $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if(isset($rebuild)) { - buildThread($rebuild); - } - } ?> \ No newline at end of file diff --git a/post.php b/post.php index 66247f4f..40830f0f 100644 --- a/post.php +++ b/post.php @@ -147,6 +147,9 @@ if(checkFlood($post)) error(ERROR_FLOOD); + if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body'])) + error(ERROR_UNORIGINAL); + if($post['has_file']) { // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; @@ -221,7 +224,6 @@ } // Todo: Validate some more, remove messy code, allow more specific configuration - $id = post($post, $OP); if($post['has_file'] && $post['zip']) { @@ -322,10 +324,13 @@ buildThread(($OP?$id:$post['thread'])); - if(!$OP) { + if(!$OP && $post['email'] != 'sage') { bumpThread($post['thread']); } + if($OP) + clean(); + buildIndex(); sql_close(); diff --git a/style.css b/style.css index ca26a8da..60c36d19 100644 --- a/style.css +++ b/style.css @@ -199,6 +199,10 @@ span.controls.op { span.controls a { margin: 0; } +div#wrap { + width: 900px; + margin:0 auto; +} div.ban { background: white; border: 1px solid #98E; @@ -219,4 +223,10 @@ div.ban p { } div.ban p.reason { font-weight: bold; +} +span.spoiler { + background: black; +} +span.spoiler:hover { + color: white; } \ No newline at end of file From c59f36f400eb718714154fa1ab125662bc7b89ea Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 19 Jan 2011 12:37:31 +1100 Subject: [PATCH 190/218] a bunch of things --- inc/config.php | 21 +++++++++++++++++--- inc/functions.php | 35 ++++++++++++++++++++++++++++++--- mod.php | 2 +- post.php | 45 ++++++++++++++++++++++++++++++++++++++----- style.css | 4 ++++ templates/posts.sql | 2 +- templates/thread.html | 1 + 7 files changed, 97 insertions(+), 13 deletions(-) diff --git a/inc/config.php b/inc/config.php index 746efb63..65346edd 100644 --- a/inc/config.php +++ b/inc/config.php @@ -41,7 +41,8 @@ define('COOKIE_EXPIRE', 15778463, true); //6 months // Make this something long and random for security define('SALT', 'wefaw98YHEWUFuo', true); - + define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true); + // How many seconds before you can post, after the first visit define('LURKTIME', 30, true); @@ -51,6 +52,8 @@ define('FLOOD_TIME_IP_SAME', 120, true); // Same as above but different IP address define('FLOOD_TIME_SAME', 30, true); + // Do you need a body for your non-OP posts? + define('FORCE_BODY', true, true); // Max body length define('MAX_BODY', 1800, true); @@ -77,6 +80,9 @@ define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERROR_FLOOD', 'Flood detected; Post discared.', true); define('ERROR_UNORIGINAL', 'Unoriginal content!', true); + define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true); + define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); + define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); @@ -103,7 +109,11 @@ // Function name for hashing // sha1_file, md5_file, etc. define('FILE_HASH', 'sha1_file', true); - + + define('BLOCK_TOR', true, true); + // Typically spambots try to post a lot of links. Refuse a post with X standalone links? + define('MAX_LINKS', 7, true); + // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB // Maximum image dimensions @@ -167,8 +177,13 @@ // Robot stuff // Strip repeating characters when making hashes define('ROBOT_ENABLE', true, true); + define('ROBOT_BOARD', 'r9k', true); define('ROBOT_STRIP_REPEATING', true, true); - + // Enable mutes + define('ROBOT_MUTE', true, true); + define('ROBOT_MUTE_MIN', 60, true); + define('ROBOT_MUTE_MAX', 120, true); + define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true); /* Mod stuff diff --git a/inc/functions.php b/inc/functions.php index 4f4a69bd..6193ab38 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -439,14 +439,43 @@ } } } + + function isDNSBL() { + $dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES); + + // Reverse the IP + $rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.'); + $response = array(); + foreach ($dns_black_lists as $dns_black_list) { + $response = (gethostbynamel($rev_ip . '.' . $dns_black_list)); + if(!empty($response)) + return true; + } + + return false; + } + + function isTor() { + return gethostbyname( + ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org' + ) == '127.0.0.2'; + } + + function ReverseIPOctets($inputip) { + $ipoc = explode('.', $inputip); + return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; + } function markup(&$body) { global $board; $body = utf8tohtml($body, true); - if(MARKUP_URLS) - $body = preg_replace(URL_REGEX, "$0", $body); + if(MARKUP_URLS) { + $body = preg_replace(URL_REGEX, "$0", $body, -1, $num_links); + if($num_links > MAX_LINKS) + error(ERROR_TOOMANYLINKS); + } if(AUTO_UNICODE) { $body = str_replace('...', '…', $body); @@ -602,7 +631,7 @@ $salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' ); if ( isset ( $t[2] ) ) { // secure - $trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) ); + $trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) ); } else { // insecure $trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) ); diff --git a/mod.php b/mod.php index b4355fe4..80647471 100644 --- a/mod.php +++ b/mod.php @@ -464,7 +464,7 @@ openBoard($_board['uri']); $temp = ''; - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri'])); + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT); $query->execute() or error(db_error($query)); diff --git a/post.php b/post.php index 40830f0f..b8724522 100644 --- a/post.php +++ b/post.php @@ -62,6 +62,9 @@ // Check if banned checkBan(); + if(BLOCK_TOR && isTor()) + error(ERROR_TOR); + // Check if board exists if(!openBoard($post['board'])) error(ERROR_NOBOARD); @@ -85,6 +88,9 @@ $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); $post['mod'] = isset($_POST['mod']) && $_POST['mod']; + if(empty($post['body']) && FORCE_BODY) + error(ERROR_TOOSHORTBODY); + if($post['mod']) { require 'inc/mod.php'; if(!$mod) { @@ -115,6 +121,15 @@ 'maxsz'=>commaize(MAX_FILESIZE)))); } + if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { + if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) { + $post['mod_tag'] = $match[3]; + $post['name'] = !empty($match[2])?$match[2]:'Anonymous'; + } + } else { + $post['mod_tag'] = false; + } + $trip = generate_tripcode($post['name']); $post['name'] = $trip[0]; $post['trip'] = (isset($trip[1])?$trip[1]:''); @@ -134,21 +149,40 @@ } // Check string lengths - if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); + if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); + if($post['mod_tag']) + $post['trip'] .= ' ## ' . $post['mod_tag'] . ''; + + if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) { + if(ROBOT_MUTE) { + $mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN); + + $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':mod', -1, PDO::PARAM_INT); + $query->bindValue(':set', time(), PDO::PARAM_INT); + $query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT); + $query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION); + $query->execute() or error(db_error($query)); + + error(sprintf(ERROR_MUTED, $mutetime)); + } else { + error(ERROR_UNORIGINAL); + } + } + markup($post['body']); // Check for a flood - if(checkFlood($post)) + if(checkFlood($post)) { error(ERROR_FLOOD); - - if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body'])) - error(ERROR_UNORIGINAL); + } if($post['has_file']) { // Just trim the filename if it's too long @@ -206,6 +240,7 @@ imagebmp($image, $post['file']); break; default: + unlink($post['file']); error('Unknwon file extension.'); } } diff --git a/style.css b/style.css index 60c36d19..058de230 100644 --- a/style.css +++ b/style.css @@ -146,6 +146,10 @@ p.intro span.name { color: #117743; font-weight: bold; } +p.intro a.nametag { + color: #F00000; + margin-left: 0; +} p.intro a { margin-left: 8px; } diff --git a/templates/posts.sql b/templates/posts.sql index 4163f125..f8e1b6fb 100644 --- a/templates/posts.sql +++ b/templates/posts.sql @@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` ( `subject` varchar(40) NOT NULL, `email` varchar(30) NOT NULL, `name` varchar(25) NOT NULL, - `trip` varchar(15) DEFAULT NULL, + `trip` varchar(45) DEFAULT NULL, `body` text NOT NULL, `time` int(11) NOT NULL, `bump` int(11) DEFAULT NULL, diff --git a/templates/thread.html b/templates/thread.html index 2fd03418..e1260ff5 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -71,6 +71,7 @@
{body} + [Return.]

Copyright © 2010 OmegaSDG

\ No newline at end of file From cff753d8da889e6cd2180cb97f84876979cd49aa Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 13:48:53 +1100 Subject: [PATCH 191/218] added requirements in readme --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 3d13c026..2cd9ba2c 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,11 @@ Tinyboard is not currently at a stable state. [o]: http://omegadev.org/ +## Requirements + 1. PHP >= 5.2.0 + 2. php-gd + 3. php-pdo with appropriate driver for your database + ## Installation 1. Tinyboard requires an SQL database and a user to work. Create one. 2. Import 'install.sql' into the database. There are several ways to do this. From 29d0cab28ed81d8feeab3a1660daa3a427f12e2e Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:24:06 +1100 Subject: [PATCH 192/218] Added robot and mute tables --- install.sql | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/install.sql b/install.sql index 0955c153..7e1af765 100644 --- a/install.sql +++ b/install.sql @@ -107,6 +107,7 @@ INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES -- Table structure for table `bans` -- + CREATE TABLE IF NOT EXISTS `bans` ( `ip` varchar( 15 ) NOT NULL , `mod` int NOT NULL COMMENT 'which mod made the ban', @@ -114,3 +115,14 @@ CREATE TABLE IF NOT EXISTS `bans` ( `expires` int NULL, `reason` text NULL ) ENGINE = InnoDB; + + +CREATE TABLE `robot` ( +`hash` VARCHAR( 40 ) NOT NULL COMMENT 'SHA1' +) ENGINE = INNODB; */ + + +CREATE TABLE `mutes` ( +`ip` VARCHAR( 15 ) NOT NULL , +`time` INT NOT NULL +) ENGINE = MYISAM ; \ No newline at end of file From a62cd3893fbed75caee158db6ff1b73452aaee5d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:24:23 +1100 Subject: [PATCH 193/218] robot mutes and reply count --- inc/functions.php | 63 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 6193ab38..13f636e1 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -40,7 +40,7 @@ } function listBoards() { - $query = query("SELECT * FROM `boards`") or error(db_error()); + $query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error()); $boards = $query->fetchAll(); return $boards; } @@ -395,6 +395,10 @@ /* CREATE TABLE `robot` ( `hash` VARCHAR( 40 ) NOT NULL COMMENT 'SHA1' ) ENGINE = INNODB; */ + /* CREATE TABLE `mutes` ( +`ip` VARCHAR( 15 ) NOT NULL , +`time` INT NOT NULL +) ENGINE = MYISAM ; */ $body = makerobot($body); $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); @@ -413,6 +417,61 @@ } } + function numPosts($id) { + global $board; + $query = prepare(sprintf("SELECT COUNT(*) as `count` FROM `posts_%s` WHERE `thread` = :thread", $board['uri'])); + $query->bindValue(':thread', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $result = $query->fetch(); + return $result['count']; + } + + function muteTime() { + // Find number of mutes in the past X hours + $query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); + $query->bindValue(':time', time()-(ROBOT_MUTE_HOUR*3600), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + $result = $query->fetch(); + if($result['count'] == 0) return 0; + return pow(ROBOT_MUTE_MULTIPLIER, $result['count']); + } + + function mute() { + // Insert mute + $query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + return muteTime(); + } + + function checkMute() { + $mutetime = muteTime(); + if($mutetime > 0) { + // Find last mute time + $query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + if(!$mute = $query->fetch()) { + // What!? He's muted but he's not muted... + return; + } + + if($mute['time'] + $mutetime > time()) { + // Not expired yet + error(sprintf(ERROR_YOUAREMUTED, $mute['time'] + $mutetime - time())); + } else { + // Already expired + return; + } + } + } + function buildIndex() { global $board; sql_open(); @@ -764,7 +823,7 @@ switch($type) { case 'jpg': case 'jpeg': - if(!$image = @imagecreatefromjpeg($source_pic)) { + if(!$image = imagecreatefromjpeg($source_pic)) { unlink($source_pic); error(ERR_INVALIDIMG); } From e1e5dc713e9f7fdf44618f94065290f97357279b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:24:41 +1100 Subject: [PATCH 194/218] reply limit and mutes --- inc/config.php | 14 +++++++---- post.php | 64 +++++++++++++++++++++++++++++++++----------------- 2 files changed, 51 insertions(+), 27 deletions(-) diff --git a/inc/config.php b/inc/config.php index 65346edd..1fe6efaa 100644 --- a/inc/config.php +++ b/inc/config.php @@ -81,6 +81,7 @@ define('ERROR_FLOOD', 'Flood detected; Post discared.', true); define('ERROR_UNORIGINAL', 'Unoriginal content!', true); define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true); + define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true); define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); define('ERR_INVALIDIMG','Invalid image.', true); @@ -101,9 +102,12 @@ define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true); define('ERROR_404', 'Page not found.', true); + // Reply limit (deletes thread when this is reached) + define('REPLY_LIMIT', 250, true); + // For resizing, max values - define('THUMB_WIDTH', 200, true); - define('THUMB_HEIGHT', 200, true); + define('THUMB_WIDTH', 250, true); + define('THUMB_HEIGHT', 250, true); // Store image hash in the database for r9k-like boards implementation soon // Function name for hashing @@ -112,7 +116,7 @@ define('BLOCK_TOR', true, true); // Typically spambots try to post a lot of links. Refuse a post with X standalone links? - define('MAX_LINKS', 7, true); + define('MAX_LINKS', 15, true); // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB @@ -181,8 +185,8 @@ define('ROBOT_STRIP_REPEATING', true, true); // Enable mutes define('ROBOT_MUTE', true, true); - define('ROBOT_MUTE_MIN', 60, true); - define('ROBOT_MUTE_MAX', 120, true); + define('ROBOT_MUTE_HOUR', 50, true); // How many mutes X hours ago to include in the algorithm + define('ROBOT_MUTE_MULTIPLIER', 2, true); define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true); /* diff --git a/post.php b/post.php index b8724522..04250ff7 100644 --- a/post.php +++ b/post.php @@ -1,4 +1,7 @@ ## ' . $post['mod_tag'] . ''; - if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) { - if(ROBOT_MUTE) { - $mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN); - - $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':mod', -1, PDO::PARAM_INT); - $query->bindValue(':set', time(), PDO::PARAM_INT); - $query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT); - $query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION); - $query->execute() or error(db_error($query)); - - error(sprintf(ERROR_MUTED, $mutetime)); - } else { - error(ERROR_UNORIGINAL); - } - } - + $post['body_nomarkup'] = $post['body']; markup($post['body']); // Check for a flood @@ -185,11 +175,14 @@ } if($post['has_file']) { + file_put_contents('test.log', "There is a file, I'm about to move it!\n", FILE_APPEND); // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; // Move the uploaded file if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); + file_put_contents('test.log', "Moved it successfully (to {$post['file']}), I think!\n", FILE_APPEND); + if($post['zip']) { // Validate ZIP file if(is_resource($zip = zip_open($post['zip']))) @@ -202,10 +195,14 @@ $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); } + file_put_contents('test.log', "Getting image size of {$post['file']}\n", FILE_APPEND); + $size = @getimagesize($post['file']); $post['width'] = $size[0]; $post['height'] = $size[1]; + file_put_contents('test.log', "GOT IT! {$post['width']}x{$post['height']}\n", FILE_APPEND); + // Check if the image is valid if($post['width'] < 1 || $post['height'] < 1) { unlink($post['file']); @@ -217,12 +214,18 @@ error(ERR_MAXSIZE); } + file_put_contents('test.log', "Making a hash\n", FILE_APPEND); + $hash_function = FILE_HASH; $post['filehash'] = $hash_function($post['file']); $post['filesize'] = filesize($post['file']); + file_put_contents('test.log', "Got a hash ({$post['filehash']})! Loading image...\n", FILE_APPEND); + $image = createimage($post['extension'], $post['file']); + file_put_contents('test.log', "Image loaded!\n", FILE_APPEND); + if(REDRAW_IMAGE && !$post['zip']) { switch($post['extension']) { case 'jpg': @@ -245,19 +248,32 @@ } } + file_put_contents('test.log', "Resizing...\n", FILE_APPEND); // Create a thumbnail $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + file_put_contents('test.log', "Resized!\n", FILE_APPEND); + $post['thumbwidth'] = $thumb['width']; $post['thumbheight'] = $thumb['height']; } + if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body_nomarkup'])) { + if(ROBOT_MUTE) { + error(sprintf(ERROR_MUTED, mute())); + } else { + error(ERROR_UNORIGINAL); + } + } + // Remove DIR_* before inserting them into the database. if($post['has_file']) { $post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . DIR_IMG)); $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); } + file_put_contents('test.log', "Posting...!\n", FILE_APPEND); + // Todo: Validate some more, remove messy code, allow more specific configuration $id = post($post, $OP); @@ -357,10 +373,14 @@ unlink($post['zip']); } - buildThread(($OP?$id:$post['thread'])); - - if(!$OP && $post['email'] != 'sage') { - bumpThread($post['thread']); + if(numPosts($OP?$id:$post['thread']) > REPLY_LIMIT) { + deletePost($OP?$id:$post['thread']); + } else { + buildThread(($OP?$id:$post['thread'])); + + if(!$OP && $post['email'] != 'sage') { + bumpThread($post['thread']); + } } if($OP) From d7f7b602efc6668557e1c0f544dd3bab0e677122 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:25:11 +1100 Subject: [PATCH 195/218] ... --- mod.php | 17 +++++++++++++++++ templates/index.html | 3 ++- templates/thread.html | 3 ++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/mod.php b/mod.php index 80647471..04b758f6 100644 --- a/mod.php +++ b/mod.php @@ -348,6 +348,23 @@ header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); else header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) { + // Delete all posts by an IP + + $boardName = $matches[1]; + $post = $matches[2]; + // Open board + if(!openBoard($boardName)) + error(ERROR_NOBOARD); + + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + + //if(isset($_SERVER['HTTP_REFERER'])) + // header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + //else + // header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } elseif(preg_match('/^\/ban$/', $query)) { // Ban page diff --git a/templates/index.html b/templates/index.html index d0702ba9..acca2408 100644 --- a/templates/index.html +++ b/templates/index.html @@ -8,6 +8,7 @@ +

{board[url]} - {board[name]}

{board[title]?{board[title]}}

{mod?Return to dashboard}

@@ -38,7 +39,7 @@ diff --git a/templates/thread.html b/templates/thread.html index e1260ff5..82867ec2 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -8,6 +8,7 @@ +

{board[url]} - {board[name]}

{board[title]?{board[title]}}

{mod?Return to dashboard}

@@ -39,7 +40,7 @@ From 4b1d5719f974e1f0f65b757bea49bdcc5b2005eb Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:28:53 +1100 Subject: [PATCH 196/218] removed debug crap --- post.php | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/post.php b/post.php index 04250ff7..306c050b 100644 --- a/post.php +++ b/post.php @@ -1,7 +1,4 @@ - 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; // Move the uploaded file if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); - file_put_contents('test.log', "Moved it successfully (to {$post['file']}), I think!\n", FILE_APPEND); - if($post['zip']) { // Validate ZIP file if(is_resource($zip = zip_open($post['zip']))) @@ -195,14 +189,10 @@ $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); } - file_put_contents('test.log', "Getting image size of {$post['file']}\n", FILE_APPEND); - $size = @getimagesize($post['file']); $post['width'] = $size[0]; $post['height'] = $size[1]; - file_put_contents('test.log', "GOT IT! {$post['width']}x{$post['height']}\n", FILE_APPEND); - // Check if the image is valid if($post['width'] < 1 || $post['height'] < 1) { unlink($post['file']); @@ -214,18 +204,12 @@ error(ERR_MAXSIZE); } - file_put_contents('test.log', "Making a hash\n", FILE_APPEND); - $hash_function = FILE_HASH; $post['filehash'] = $hash_function($post['file']); $post['filesize'] = filesize($post['file']); - file_put_contents('test.log', "Got a hash ({$post['filehash']})! Loading image...\n", FILE_APPEND); - $image = createimage($post['extension'], $post['file']); - file_put_contents('test.log', "Image loaded!\n", FILE_APPEND); - if(REDRAW_IMAGE && !$post['zip']) { switch($post['extension']) { case 'jpg': @@ -248,12 +232,9 @@ } } - file_put_contents('test.log', "Resizing...\n", FILE_APPEND); // Create a thumbnail $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - file_put_contents('test.log', "Resized!\n", FILE_APPEND); - $post['thumbwidth'] = $thumb['width']; $post['thumbheight'] = $thumb['height']; } @@ -272,8 +253,6 @@ $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); } - file_put_contents('test.log', "Posting...!\n", FILE_APPEND); - // Todo: Validate some more, remove messy code, allow more specific configuration $id = post($post, $OP); From 0190dcfa52aee3acd6871cd1885ed171ad30c69f Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:34:16 +1100 Subject: [PATCH 197/218] changed omegadev.org to omegasdg.com --- README.md | 2 +- templates/index.html | 3 +-- templates/page.html | 2 +- templates/thread.html | 3 +-- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2cd9ba2c..3d59f3c5 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Tinyboard is an imageboard software package written in PHP. It aims to maintain Tinyboard is not currently at a stable state. -[o]: http://omegadev.org/ +[o]: http://omegasdg.com/ ## Requirements 1. PHP >= 5.2.0 diff --git a/templates/index.html b/templates/index.html index acca2408..219fec12 100644 --- a/templates/index.html +++ b/templates/index.html @@ -8,7 +8,6 @@ -

{board[url]} - {board[name]}

{board[title]?{board[title]}}

{mod?Return to dashboard}

@@ -91,6 +90,6 @@ Pages: {pages: [{pages[num]}]{!%last? } } -

Copyright © 2010 OmegaSDG

+

Copyright © 2010 OmegaSDG

\ No newline at end of file diff --git a/templates/page.html b/templates/page.html index f8525e01..ddcac8c6 100644 --- a/templates/page.html +++ b/templates/page.html @@ -11,6 +11,6 @@
{subtitle?{subtitle}}

{mod?Return to dashboard}

{body}
-

Copyright © 2010 OmegaSDG

+

Copyright © 2010 OmegaSDG

\ No newline at end of file diff --git a/templates/thread.html b/templates/thread.html index 82867ec2..d6a48213 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -8,7 +8,6 @@ -

{board[url]} - {board[name]}

{board[title]?{board[title]}}

{mod?Return to dashboard}

@@ -73,6 +72,6 @@
{body} [Return.] -

Copyright © 2010 OmegaSDG

+

Copyright © 2010 OmegaSDG

\ No newline at end of file From 915dcc55ebfcdb441f4b0efee90b12334718b9bd Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 20 Jan 2011 19:35:41 +1100 Subject: [PATCH 198/218] Added styles and yotsuba.css --- main.js | 41 +++++++++++++++++++++++++++++++++++++++++ style.css | 10 ++++++++++ yotsuba.css | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 yotsuba.css diff --git a/main.js b/main.js index d0b0e0d6..dd46cd18 100644 --- a/main.js +++ b/main.js @@ -24,8 +24,49 @@ function citeReply(id) { document.getElementById('body').value += '>>' + id + '\n'; } +var selectedstyle = 'Yotsuba B'; +var styles = [ + ['Yotsuba B', '/default.css'], + ['Yotsuba', '/yotsuba.css'] +]; + +function changeStyle(x) { + localStorage.stylesheet = styles[x][1]; + document.getElementById('stylesheet').href = styles[x][1]; + selectedstyle = styles[x][0]; +} + +newLink = document.createElement('link'); +newLink.rel = 'stylesheet'; +newLink.type = 'text/css'; +newLink.id = 'stylesheet'; +document.getElementsByTagName('head')[0].insertBefore(newLink, document.getElementsByTagName('link')[0].lastChild) + +if(localStorage.stylesheet) { + for(x=0;x Date: Fri, 21 Jan 2011 13:13:50 +1100 Subject: [PATCH 199/218] added delete form in templates --- templates/index.html | 11 +++++++++++ templates/thread.html | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/templates/index.html b/templates/index.html index 219fec12..9df80376 100644 --- a/templates/index.html +++ b/templates/index.html @@ -86,7 +86,18 @@
- +
- +
+
+ + + {mod?} {body} +
+ Delete Post [ + ] Password + + +
+
Pages: {pages: [{pages[num]}]{!%last? } } diff --git a/templates/thread.html b/templates/thread.html index d6a48213..f8f71640 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -70,7 +70,18 @@
+
+ + + {mod?} {body} +
+ Delete Post [ + ] Password + + +
+
[Return.]

Copyright © 2010 OmegaSDG

From ec34fa8076985bf16cf82675fa490860214a486d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 21 Jan 2011 13:14:11 +1100 Subject: [PATCH 200/218] delete --- inc/config.php | 2 ++ post.php | 65 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 1fe6efaa..0cdd2934 100644 --- a/inc/config.php +++ b/inc/config.php @@ -84,6 +84,8 @@ define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true); define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); + define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true); + define('ERROR_INVALIDPASSWORD', 'Wrong password…', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); diff --git a/post.php b/post.php index 306c050b..ec21d66f 100644 --- a/post.php +++ b/post.php @@ -20,7 +20,70 @@ $_POST = strip_array($_POST); } - if(isset($_POST['post'])) { + if(isset($_POST['delete'])) { + // Delete + + if( !isset($_POST['board']) || + !isset($_POST['password']) + ) + error(ERROR_BOT); + + $password = $_POST['password']; + + if(empty($password)) + error(ERROR_INVALIDPASSWORD); + + $delete = Array(); + foreach($_POST as $post => $value) { + if(preg_match('/^delete_(\d+)$/', $post, $m)) { + $delete[] = (int)$m[1]; + } + } + + sql_open(); + + // Check if banned + checkBan(); + + if(BLOCK_TOR && isTor()) + error(ERROR_TOR); + + // Check if board exists + if(!openBoard($_POST['board'])) + error(ERROR_NOBOARD); + + if(empty($delete)) + error(ERROR_NODELETE); + + foreach($delete as &$id) { + $query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { + if(!empty($password) && $post['password'] != $password) + error(ERROR_INVALIDPASSWORD); + + if(isset($_POST['file'])) { + // Delete just the file + deleteFile($id); + } else { + // Delete entire post + deletePost($id); + } + } + } + + buildIndex(); + + sql_close(); + + $is_mod = isset($_POST['mod']) && $_POST['mod']; + $root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT; + + header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); + + } elseif(isset($_POST['post'])) { if( !isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['subject']) || From 67148f28463f8d4f2b7b61d38aa5d71df9658e4c Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 21 Jan 2011 13:14:55 +1100 Subject: [PATCH 201/218] ... --- default.css | 0 inc/display.php | 13 ++++++++++++- inc/functions.php | 36 ++++++++++++++++++++++++++++++++++++ inc/mod.php | 37 +------------------------------------ main.js | 23 +++++++++++++++++++++-- style.css | 13 ++++++++++++- 6 files changed, 82 insertions(+), 40 deletions(-) create mode 100644 default.css diff --git a/default.css b/default.css new file mode 100644 index 00000000..e69de29b diff --git a/inc/display.php b/inc/display.php index 66637d0d..0678cef7 100644 --- a/inc/display.php +++ b/inc/display.php @@ -110,7 +110,9 @@ global $board; $built = '
' . - '

'; + '

' . + // Delete + ''; + $built .= ' '; + // Delete + $built .= ''; + $built .= ' execute() or error(db_error($query)); } + // Remove file from post + function deleteFile($id, $remove_entirely_if_already=true) { + global $board; + + $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error(ERROR_INVALIDPOST); + } + + $post = $query->fetch(); + + $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id OR `thread` = :id", $board['uri'])); + if($post['file'] == 'deleted' && $remove_entirely_if_already) { + // Already deleted; remove file fully + $query->bindValue(':file', null, PDO::PARAM_NULL); + } else { + // Delete thumbnail + @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + + // Delete file + @unlink($board['dir'] . DIR_IMG . $post['file']); + + // Set file to 'deleted' + $query->bindValue(':file', 'deleted', PDO::PARAM_INT); + } + // Update database + + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + buildThread($post['thread']); + } + // Delete a post (reply or thread) function deletePost($id) { global $board; diff --git a/inc/mod.php b/inc/mod.php index 5e3a2c87..5a3e6157 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -173,40 +173,5 @@ '' . ''; } - - // Remove file from post - function deleteFile($id) { - global $board; - - $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL LIMIT 1", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); - } - - $post = $query->fetch(); - - $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id OR `thread` = :id", $board['uri'])); - if($post['file'] == 'deleted') { - // Already deleted; remove file fully - $query->bindValue(':file', null, PDO::PARAM_NULL); - } else { - // Delete thumbnail - @unlink($board['dir'] . DIR_THUMB . $post['thumb']); - - // Delete file - @unlink($board['dir'] . DIR_IMG . $post['file']); - - // Set file to 'deleted' - $query->bindValue(':file', 'deleted', PDO::PARAM_INT); - } - // Update database - - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - buildThread($post['thread']); - } + ?> \ No newline at end of file diff --git a/main.js b/main.js index dd46cd18..d0a82dda 100644 --- a/main.js +++ b/main.js @@ -14,9 +14,21 @@ function focusId(id) document.getElementById(id).focus(); init(); } + +function generatePassword() { + pass = ''; + chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+'; + for(i=0;i<8;i++) { + rnd = Math.floor(Math.random() * chars.length); + pass += chars.substring(rnd,rnd + 1); + } + return pass; +} + function dopost(form) { - localStorage.name = form.name.value; - localStorage.email = form.email.value; + localStorage.name = form.name.value.replace(/ ##.+$/, ''); + if(form.email.value != 'sage') + localStorage.email = form.email.value; return form.body.value != "" || (typeof form.thread != "undefined" && form.file.value != ""); } @@ -65,6 +77,13 @@ function init() newElement.appendChild(style); } + if(!localStorage.password) + localStorage.password = generatePassword(); + elements = document.getElementsByName('password'); + for(x=0;x Date: Sat, 22 Jan 2011 03:16:48 +1100 Subject: [PATCH 202/218] added yotsuba background image --- img/fade-yotsuba.png | Bin 0 -> 186 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 img/fade-yotsuba.png diff --git a/img/fade-yotsuba.png b/img/fade-yotsuba.png new file mode 100644 index 0000000000000000000000000000000000000000..80c566b9e39cf1fde2d703ba5c0d0dcd2378cb5e GIT binary patch literal 186 zcmeAS@N?(olHy`uVBq!ia0vp^j6i&Xg9%73n;^3YNJ*BsMwA5Sr Date: Sat, 22 Jan 2011 03:41:00 +1100 Subject: [PATCH 203/218] copyright update --- README.md | 2 +- templates/index.html | 2 +- templates/page.html | 2 +- templates/thread.html | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3d59f3c5..b57169ce 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ An automated installation script will be completed soon. [r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md ## License -Copyright (c) 2010 by Omega Software Development Group +Copyright (c) 2010-2011 by Omega Software Development Group Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright diff --git a/templates/index.html b/templates/index.html index 9df80376..88101984 100644 --- a/templates/index.html +++ b/templates/index.html @@ -101,6 +101,6 @@ Pages: {pages: [{pages[num]}]{!%last? } } -

Copyright © 2010 OmegaSDG

+

Copyright © 2010-2011 OmegaSDG

\ No newline at end of file diff --git a/templates/page.html b/templates/page.html index ddcac8c6..5246dd62 100644 --- a/templates/page.html +++ b/templates/page.html @@ -11,6 +11,6 @@
{subtitle?{subtitle}}

{mod?Return to dashboard}

{body}
-

Copyright © 2010 OmegaSDG

+

Copyright © 2010-2011 OmegaSDG

\ No newline at end of file diff --git a/templates/thread.html b/templates/thread.html index f8f71640..95867830 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -83,6 +83,6 @@
[Return.] -

Copyright © 2010 OmegaSDG

+

Copyright © 2010-2011 OmegaSDG

\ No newline at end of file From d448125d991d8bb179c27801c64b0debcfeb959f Mon Sep 17 00:00:00 2001 From: "Michael D. Reiley" Date: Thu, 27 Jan 2011 09:19:17 -0800 Subject: [PATCH 204/218] Updated licensing. --- LICENSE | 34 +++++++++++++++++++++------------- templates/index.html | 4 ++-- templates/page.html | 4 ++-- templates/thread.html | 4 ++-- 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/LICENSE b/LICENSE index 3c10b3ca..3a742f99 100644 --- a/LICENSE +++ b/LICENSE @@ -1,13 +1,21 @@ -Copyright (c) 2010 by Omega Software Development Group - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. \ No newline at end of file +Copyright (c) 2010-2011, Omega Software Development Group + +Permission to use, copy, modify, and/or distribute this software is granted, +provided that the following terms are obeyed. + +1. The above copyright notice, this permission notice, and these terms must +appear in all copies and modifications of this software. + +2. This software must not be utilized in any manner that is primarily intended +for or directed toward commercial advantage or private monetary compensation. + +3. Any changes to this software must be made easily publicly available in the +form of source code. + +THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. diff --git a/templates/index.html b/templates/index.html index 88101984..9cc085d1 100644 --- a/templates/index.html +++ b/templates/index.html @@ -101,6 +101,6 @@ Pages: {pages: [{pages[num]}]{!%last? } } -

Copyright © 2010-2011 OmegaSDG

+

TinyBoard Software Copyright © 2010-2011 OmegaSDG

- \ No newline at end of file + diff --git a/templates/page.html b/templates/page.html index 5246dd62..75b9ecdd 100644 --- a/templates/page.html +++ b/templates/page.html @@ -11,6 +11,6 @@
{subtitle?{subtitle}}

{mod?Return to dashboard}

{body}
-

Copyright © 2010-2011 OmegaSDG

+

TinyBoard Software Copyright © 2010-2011 OmegaSDG

- \ No newline at end of file + diff --git a/templates/thread.html b/templates/thread.html index 95867830..918d4c0b 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -83,6 +83,6 @@ [Return.] -

Copyright © 2010-2011 OmegaSDG

+

TinyBoard Software Copyright © 2010-2011 OmegaSDG

- \ No newline at end of file + From 4bcd995bea62a164dec0c7adf0c2cba3735b6a18 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 3 Feb 2011 20:28:14 +1100 Subject: [PATCH 205/218] raw html --- inc/config.php | 12 ++++++++---- post.php | 31 +++++++++++++++---------------- templates/index.html | 6 +++++- templates/thread.html | 15 ++++++++++++++- 4 files changed, 42 insertions(+), 22 deletions(-) diff --git a/inc/config.php b/inc/config.php index 0cdd2934..bf3956fe 100644 --- a/inc/config.php +++ b/inc/config.php @@ -39,6 +39,8 @@ // How long should the cookies last (in seconds) define('COOKIE_EXPIRE', 15778463, true); //6 months + // How long should moderators should remain logged in (0=browser session) (in seconds) + define('MOD_EXPIRE', 15778463, true); // Make this something long and random for security define('SALT', 'wefaw98YHEWUFuo', true); define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true); @@ -47,7 +49,7 @@ define('LURKTIME', 30, true); // How many seconds between each post - define('FLOOD_TIME', 4, true); + define('FLOOD_TIME', 10, true); // How many seconds between each post with exactly the same content and same IP define('FLOOD_TIME_IP_SAME', 120, true); // Same as above but different IP address @@ -108,8 +110,8 @@ define('REPLY_LIMIT', 250, true); // For resizing, max values - define('THUMB_WIDTH', 250, true); - define('THUMB_HEIGHT', 250, true); + define('THUMB_WIDTH', 225, true); + define('THUMB_HEIGHT', 225, true); // Store image hash in the database for r9k-like boards implementation soon // Function name for hashing @@ -118,7 +120,7 @@ define('BLOCK_TOR', true, true); // Typically spambots try to post a lot of links. Refuse a post with X standalone links? - define('MAX_LINKS', 15, true); + define('MAX_LINKS', 20, true); // Maximum image upload size in bytes define('MAX_FILESIZE', 10*1024*1024, true); // 10MB @@ -236,6 +238,8 @@ define('MOD_POSTINLOCKED', MOD_MOD, true); // Post bypass unoriginal content check define('MOD_POSTUNORIGINAL', MOD_MOD, true); + // Raw HTML posting + define('MOD_RAWHTML', MOD_MOD, true); /* Administration */ // Display the contents of instant-config.php diff --git a/post.php b/post.php index ec21d66f..62260e1b 100644 --- a/post.php +++ b/post.php @@ -99,9 +99,9 @@ $post['thread'] = round($_POST['thread']); } else $OP = true; - if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || - (!$OP && $_POST['post'] == BUTTON_REPLY))) - error(ERROR_BOT); + //if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || + // (!$OP && $_POST['post'] == BUTTON_REPLY))) + // error(ERROR_BOT); // Check the referrer if($OP) { @@ -151,7 +151,7 @@ $post['email'] = utf8tohtml($_POST['email']); $post['body'] = $_POST['body']; $post['password'] = $_POST['password']; - $post['filename'] = $_FILES['file']['name']; + $post['filename'] = get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']; $post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']); $post['mod'] = isset($_POST['mod']) && $_POST['mod']; @@ -167,9 +167,11 @@ $post['sticky'] = $OP && isset($_POST['sticky']); $post['locked'] = $OP && isset($_POST['lock']); + $post['raw'] = isset($_POST['raw']); if($post['sticky'] && $mod['type'] < MOD_STICKY) error(ERROR_NOACCESS); if($post['locked'] && $mod['type'] < MOD_LOCK) error(ERROR_NOACCESS); + if($post['raw'] && $mod['type'] < MOD_RAWHTML) error(ERROR_NOACCESS); } // Check if thread is locked @@ -208,7 +210,7 @@ if($post['has_file']) { $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); - $post['file_id'] = rand(0, 1000000000); + $post['file_id'] = time() . rand(100, 999); $post['file'] = $board['dir'] . DIR_IMG . $post['file_id'] . '.' . $post['extension']; $post['thumb'] = $board['dir'] . DIR_THUMB . $post['file_id'] . '.png'; $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; @@ -216,7 +218,7 @@ } // Check string lengths - if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name')); + if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name')); if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); @@ -227,7 +229,9 @@ $post['trip'] .= ' ## ' . $post['mod_tag'] . ''; $post['body_nomarkup'] = $post['body']; - markup($post['body']); + + if(!($mod && $post['raw'])) + markup($post['body']); // Check for a flood if(checkFlood($post)) { @@ -415,14 +419,10 @@ unlink($post['zip']); } - if(numPosts($OP?$id:$post['thread']) > REPLY_LIMIT) { - deletePost($OP?$id:$post['thread']); - } else { - buildThread(($OP?$id:$post['thread'])); - - if(!$OP && $post['email'] != 'sage') { - bumpThread($post['thread']); - } + buildThread(($OP?$id:$post['thread'])); + + if(!$OP && strtolower($post['email']) != 'sage' && (REPLY_LIMIT == 0 || numPosts($post['thread']) < REPLY_LIMIT)) { + bumpThread($post['thread']); } if($OP) @@ -431,7 +431,6 @@ buildIndex(); sql_close(); - $root = $post['mod'] ? ROOT . FILE_MOD . '?/' : ROOT; if(ALWAYS_NOKO || $noko) { diff --git a/templates/index.html b/templates/index.html index 88101984..d24f5b28 100644 --- a/templates/index.html +++ b/templates/index.html @@ -21,7 +21,7 @@ Name
- +
- +
+ Flags + +
+
+ +
+
Password From 5b8ace603e75c736d62fbbe572696cfc2729d6d7 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Thu, 3 Feb 2011 20:31:32 +1100 Subject: [PATCH 206/218] Raw HTML posting --- templates/index.html | 2 +- templates/thread.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/index.html b/templates/index.html index 6cc87fe9..142316fd 100644 --- a/templates/index.html +++ b/templates/index.html @@ -107,4 +107,4 @@ }

TinyBoard Software Copyright © 2010-2011 OmegaSDG

- + \ No newline at end of file diff --git a/templates/thread.html b/templates/thread.html index bd89299d..bc11f1a8 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -98,4 +98,4 @@ [Return.]

TinyBoard Software Copyright © 2010-2011 OmegaSDG

- + \ No newline at end of file From a3d22a79b7fc41f566f3ee07e1be4cc5b2108163 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 5 Feb 2011 15:43:42 +1100 Subject: [PATCH 207/218] Delete by IP --- mod.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/mod.php b/mod.php index 04b758f6..c67bfd66 100644 --- a/mod.php +++ b/mod.php @@ -357,14 +357,21 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); - $query->bindValue(':ip', $ip); + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = (SELECT `ip` FROM `posts_%s` WHERE `id` = :id)", $board['uri'], $board['uri'])); + $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); - //if(isset($_SERVER['HTTP_REFERER'])) - // header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); - //else - // header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + if($query->rowCount() < 1) + error(ERROR_INVALIDPOST); + + while($post = $query->fetch()) { + deletePost($post['id'], false); + } + + if(isset($_SERVER['HTTP_REFERER'])) + header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + else + header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); } elseif(preg_match('/^\/ban$/', $query)) { // Ban page From 6994b6a2f5f84ead4beb87a9f2fd7cb846a2b52d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 7 Feb 2011 00:37:26 +1100 Subject: [PATCH 208/218] Fix internal links for moderator interface --- inc/display.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/inc/display.php b/inc/display.php index 0678cef7..8423da0f 100644 --- a/inc/display.php +++ b/inc/display.php @@ -72,6 +72,15 @@ $this->ip = $ip; $this->root = $root; $this->mod = $mod; + + if($this->mod) + // Fix internal links + // Very complicated regex + $this->body = preg_replace( + '/= MOD_SHOW_CONFIG) { + $fieldset['Administration'] .= '
  • Ban list
    • '; + } if($mod['type'] >= MOD_SHOW_CONFIG) { $fieldset['Administration'] .= '
  • Show configuration
    • '; } @@ -88,6 +101,90 @@ //,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ ) ); + } elseif(preg_match('/^\/bans$/', $query)) { + if($mod['type'] < MOD_VIEW_BANLIST) error(ERROR_NOACCESS); + + if(MOD_VIEW_BANEXPIRED) { + $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } else { + // Filter out expired bans + $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + + if($query->rowCount() < 1) { + $body = '(There are no active bans.)'; + } else { + $body = '
    '; + $body .= ''; + + while($ban = $query->fetch()) { + $body .= + '' . + + '' . + + // Reason + '' . + + // Set + '' . + + // Expires + '' . + + // Staff + '' . + + '' . + + ''; + } + + $body .= '
    IP addressReasonSetExpiresStaffActions
    ' . + + // Checkbox + ' ' . + + // IP address + ''. $ban['ip'] . '' . $ban['reason'] . '' . date(POST_DATE, $ban['set']) . '' . + ($ban['expires'] == 0 ? + 'Never' + : + date(POST_DATE, $ban['expires']) + ) . + '' . + ($mod['type'] < MOD_VIEW_BANSTAFF ? + (MOD_VIEW_BANQUESTIONMARK ? + '?' + : + ($ban['type'] == MOD_JANITOR ? 'Janitor' : + ($ban['type'] == MOD_MOD ? 'Mod' : + ($ban['type'] == MOD_ADMIN ? 'Admin' : + '?'))) + ) + : + $ban['username'] + ) . + '
    '; + } + + echo Element('page.html', Array( + 'index'=>ROOT, + 'title'=>'Ban list', + 'body'=>$body, + 'mod'=>true + ) + ); } elseif(preg_match('/^\/config$/', $query)) { if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS); From 616c4179c96daa28d53341c09fccc15e87eb246b Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Mon, 7 Feb 2011 00:40:06 +1100 Subject: [PATCH 210/218] fixed small mistake --- mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod.php b/mod.php index c16676ad..43dd8d26 100644 --- a/mod.php +++ b/mod.php @@ -79,7 +79,7 @@ // Boards $fieldset['Boards'] .= ulBoards(); - if($mod['type'] >= MOD_SHOW_CONFIG) { + if($mod['type'] >= MOD_VIEW_BANLIST) { $fieldset['Administration'] .= '
  • Ban list
    • '; } if($mod['type'] >= MOD_SHOW_CONFIG) { From 0346862645aa0b9a8ba0f0d929b336b08ff8fcf4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 11 Feb 2011 22:44:49 +1100 Subject: [PATCH 211/218] Corrected spelling of "Tinyboard" and updated license in the README --- README.md | 29 ++++++++++++++++++----------- templates/index.html | 2 +- templates/page.html | 2 +- templates/thread.html | 2 +- 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index b57169ce..bad204dc 100644 --- a/README.md +++ b/README.md @@ -32,17 +32,24 @@ An automated installation script will be completed soon. [r]: http://github.com/savetheinternet/Tinyboard/blob/master/README.md ## License -Copyright (c) 2010-2011 by Omega Software Development Group +Copyright (c) 2010-2011, Omega Software Development Group -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. +Permission to use, copy, modify, and/or distribute this software is granted, +provided that the following terms are obeyed. -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +1. The above copyright notice, this permission notice, and these terms must +appear in all copies and modifications of this software. +2. This software must not be utilized in any manner that is primarily intended +for or directed toward commercial advantage or private monetary compensation. + +3. Any changes to this software must be made easily publicly available in the +form of source code. + +THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. \ No newline at end of file diff --git a/templates/index.html b/templates/index.html index 142316fd..424cf21b 100644 --- a/templates/index.html +++ b/templates/index.html @@ -105,6 +105,6 @@ Pages: {pages: [{pages[num]}]{!%last? } } -

    TinyBoard Software Copyright © 2010-2011 OmegaSDG

    +

    Tinyboard Software Copyright © 2010-2011 OmegaSDG

    \ No newline at end of file diff --git a/templates/page.html b/templates/page.html index 75b9ecdd..41f0d4e6 100644 --- a/templates/page.html +++ b/templates/page.html @@ -11,6 +11,6 @@
    {subtitle?{subtitle}}

    {mod?Return to dashboard}

    {body}
    -

    TinyBoard Software Copyright © 2010-2011 OmegaSDG

    +

    Tinyboard Software Copyright © 2010-2011 OmegaSDG

    diff --git a/templates/thread.html b/templates/thread.html index bc11f1a8..4fff9b88 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -96,6 +96,6 @@ [Return.] -

    TinyBoard Software Copyright © 2010-2011 OmegaSDG

    +

    Tinyboard Software Copyright © 2010-2011 OmegaSDG

    \ No newline at end of file From c34ea2e3af01d9a688fb14b3da550aa96615f312 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 11 Feb 2011 23:02:30 +1100 Subject: [PATCH 212/218] a Fixed delete by IP, plus a bunch of small stuff --- inc/functions.php | 12 ++++++++---- inc/mod.php | 12 +++++++++++- main.js | 7 +++++-- mod.php | 39 ++++++++++++++++++++++++++++++++++++++- post.php | 2 +- 5 files changed, 63 insertions(+), 9 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index c9b85ad4..6901de62 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -299,7 +299,7 @@ } // Delete a post (reply or thread) - function deletePost($id) { + function deletePost($id, $error_if_doesnt_exist=true) { global $board; // Select post and replies (if thread) in one query @@ -308,7 +308,9 @@ $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); + if($error_if_doesnt_exist) + error(ERROR_INVALIDPOST); + else return false; } // Delete posts and maybe replies @@ -337,6 +339,8 @@ if(isset($rebuild)) { buildThread($rebuild); } + + return true; } function clean() { @@ -370,7 +374,7 @@ while($th = $query->fetch()) { $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); - $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); + $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri'])); $posts->bindValue(1, $th['id']); $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); @@ -859,7 +863,7 @@ switch($type) { case 'jpg': case 'jpeg': - if(!$image = imagecreatefromjpeg($source_pic)) { + if(!$image = @imagecreatefromjpeg($source_pic)) { unlink($source_pic); error(ERR_INVALIDIMG); } diff --git a/inc/mod.php b/inc/mod.php index 5a3e6157..115c595a 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -20,7 +20,7 @@ $query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); - $query->execute(); + $query->execute() or error(db_error($query)); if($user = $query->fetch()) { return $mod = Array( @@ -56,6 +56,16 @@ unset($_SESSION['mod']); } + function modLog($action) { + global $mod; + $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)"); + $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':text', $action); + $query->execute() or error(db_error($query)); + } + if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { // Should be username:session hash $cookie = explode(':', $_COOKIE['mod']); diff --git a/main.js b/main.js index d0a82dda..038713cd 100644 --- a/main.js +++ b/main.js @@ -6,8 +6,11 @@ function highlightReply(id) if (divs[i].className.indexOf('post') != -1) divs[i].className = divs[i].className.replace(/highlighted/, ''); } - if (id) - document.getElementById('reply_'+id).className += ' highlighted'; + if (id) { + post = document.getElementById('reply_'+id); + if(post) + post.className += ' highlighted'; + } } function focusId(id) { diff --git a/mod.php b/mod.php index 43dd8d26..12b730a0 100644 --- a/mod.php +++ b/mod.php @@ -43,6 +43,8 @@ if(!login($_POST['username'], $_POST['password'])) loginForm(ERROR_INVALID, $_POST['username']); + modLog("Logged in."); + // Login successful // Set cookies setCookies(); @@ -295,6 +297,9 @@ } $query->execute() or error(db_error($query)); + // Record the action + modLog("Created a new board: {$b['title']}"); + // Open the board openBoard($b['uri']) or error("Couldn't open board after creation."); @@ -356,6 +361,10 @@ // Delete post deleteFile($post); + + // Record the action + modLog("Removed file from post #{$post}"); + // Rebuild board buildIndex(); @@ -377,6 +386,10 @@ // Delete post deletePost($post); + + // Record the action + modLog("Deleted post #{$post}"); + // Rebuild board buildIndex(); @@ -399,8 +412,12 @@ $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { + // Record the action + modLog("Unstickied post #{$post}"); $query->bindValue(':sticky', 0, PDO::PARAM_INT); } else { + // Record the action + modLog("Stickied post #{$post}"); $query->bindValue(':sticky', 1, PDO::PARAM_INT); } @@ -429,8 +446,12 @@ $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { + // Record the action + modLog("Unlocked post #{$post}"); $query->bindValue(':locked', 0, PDO::PARAM_INT); } else { + // Record the action + modLog("Locked post #{$post}"); $query->bindValue(':locked', 1, PDO::PARAM_INT); } @@ -454,10 +475,22 @@ if(!openBoard($boardName)) error(ERROR_NOBOARD); - $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = (SELECT `ip` FROM `posts_%s` WHERE `id` = :id)", $board['uri'], $board['uri'])); + $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); + if(!$post = $query->fetch()) + error(ERROR_INVALIDPOST); + + $ip = $post['ip']; + + // Record the action + modLog("Deleted all posts by IP address: #{$ip}"); + + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + if($query->rowCount() < 1) error(ERROR_INVALIDPOST); @@ -529,6 +562,10 @@ } else { $query->bindValue(':reason', null, PDO::PARAM_NULL); } + + // Record the action + modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}"); + $query->execute() or error(db_error($query)); // Delete too diff --git a/post.php b/post.php index 62260e1b..38599222 100644 --- a/post.php +++ b/post.php @@ -221,7 +221,7 @@ if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name')); if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); - if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); + if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); From 5048f0109848761737e3ad146ba45af907fd50b0 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Fri, 11 Feb 2011 23:03:23 +1100 Subject: [PATCH 213/218] Added "modlogs" table --- install.sql | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/install.sql b/install.sql index 7e1af765..6321fd3a 100644 --- a/install.sql +++ b/install.sql @@ -125,4 +125,11 @@ CREATE TABLE `robot` ( CREATE TABLE `mutes` ( `ip` VARCHAR( 15 ) NOT NULL , `time` INT NOT NULL -) ENGINE = MYISAM ; \ No newline at end of file +) ENGINE = MYISAM ; + +CREATE TABLE `modlogs` ( +`mod` INT NOT NULL , +`ip` VARCHAR( 15 ) NOT NULL , +`time` INT NOT NULL , +`text` TEXT NOT NULL +) ENGINE = INNODB; \ No newline at end of file From b57d600c368dafa267e137ec1570b044f7247b65 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 12 Feb 2011 16:16:24 +1100 Subject: [PATCH 214/218] deleted test.php --- test.php | 112 ------------------------------------------------------- 1 file changed, 112 deletions(-) delete mode 100644 test.php diff --git a/test.php b/test.php deleted file mode 100644 index 66b78b7e..00000000 --- a/test.php +++ /dev/null @@ -1,112 +0,0 @@ -"; - } - function check($title, $test) { - global $body, $count; - $count[$test]++; - $body .= '
    ' . $title . '' . image($test) . '
    ' . $text . '
    '; - - $extensions = Array('mysql', 'gd'); - - // Extensions - title('Extensions'); - foreach($extensions as &$ext) { - if(extension_loaded($ext)) { - $body .= check($ext, 'ok'); - } else { - $body .= check($ext, 'error'); - $todo[] = 'Install module "' . $ext . '"'; - } - } - - // Database - title('Database'); - - if(extension_loaded('mysql')) { - if($sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD)) { - $body .= check('Connection to server.', 'ok'); - if(@mysql_select_db(MY_DATABASE, $sql)) - $body .= check('Select database.', 'ok'); - else { - $body .= check('Select database.', 'error'); - $todo[] = 'instance-config.php: Check database configuration.'; - } - } else { - $body .= check('Connection to server.', 'error'); - $todo[] = 'instance-config.php: Check database configuration.'; - } - } - - // Configuration - title('Configuration'); - $root = dirname($_SERVER['REQUEST_URI']) . (dirname($_SERVER['REQUEST_URI']) == '/' ? '' : '/'); - if(ROOT != $root) { - $body .= check('Correct document root.', 'error'); - $todo[] = "instance-config.php: Change ROOT to '{$root}'"; - } else - $body .= check('Correct document root.', 'ok'); - - // Permissions - title('Permissions'); - - $directories = Array(DIR_IMG, DIR_THUMB, DIR_RES, '.'); - foreach($directories as $dir) { - if(file_exists($dir)) { - if(is_writable($dir) && is_readable($dir)) { - $body .= check($dir, 'ok'); - } else { - $body .= check($dir, 'error'); - $todo[] = 'CHMOD ' . $dir . ' to allow PHP to read and write.'; - } - } else { - $body .= check($dir, 'error'); - $todo[] = 'Create directory: ' . $dir; - } - } - - // Other - title('Other'); - if(get_magic_quotes_gpc()) { - $body .= check('magic_quotes_gpc', 'warning'); - $todo[] = 'Recommended: Disable magic_quotes_gpc in your PHP configuration.'; - } else - $body .= check('magic_quotes_gpc', 'ok'); - - $body .= '
    '; - - if(!empty($todo)) { - $body .= '
    ';
-		foreach($todo as $do)
-			$body .= "{$do}\n";
-		$body .= '
    '; - } - - if(!$count['error']) { - $body .= '

    Everything seems okay.

    '; - } - - $body .= '

    Disregard me. I haven\'t been patched to work with multiple boards yet.

    '; - - die(Element('page.html', Array('index' => ROOT, 'title'=>'Tinyboard', 'subtitle'=>'Installation', 'body'=>$body))); -?> \ No newline at end of file From 3737439338629890598abff0cc9e5c04528c66a9 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Sat, 12 Feb 2011 17:25:15 +1100 Subject: [PATCH 215/218] Changed config to an array --- inc/config.php | 376 ++++++++++++++++++++-------------------- inc/database.php | 14 +- inc/display.php | 122 +++++++------ inc/functions.php | 137 ++++++++------- inc/instance-config.php | 47 +++-- inc/template.php | 2 +- inc/user.php | 12 +- mod.php | 156 ++++++++--------- post.php | 265 +++++++--------------------- 9 files changed, 524 insertions(+), 607 deletions(-) diff --git a/inc/config.php b/inc/config.php index f4040570..4fe7a988 100644 --- a/inc/config.php +++ b/inc/config.php @@ -8,318 +8,326 @@ * your instance-config.php * */ - + + $config = Array( + 'db' => Array(), + 'cookies' => Array(), + 'error' => Array(), + 'dir' => Array(), + 'mod' => Array() + ); // Database stuff + // SQL driver ("mysql", "pgsql", "sqlite", "dblib", etc) // http://www.php.net/manual/en/pdo.drivers.php - define('DB_TYPE', 'mysql', true); + $config['db']['type'] = 'mysql'; // Hostname or IP address - define('DB_SERVER', 'localhost', true); + $config['db']['server'] = 'localhost'; // Login - define('DB_USER', '', true); - define('DB_PASSWORD', '', true); - // TinyBoard database - define('DB_DATABASE', '', true); + $config['db']['user'] = ''; + $config['db']['password'] = ''; + // Tinyboard database + $config['db']['database'] = ''; // Anything more to add to the DSN string (eg. port=xxx;foo=bar) - define('DB_DSN', '', true); + $config['db']['dsn'] = ''; // The name of the session cookie (PHP's $_SESSION) - define('SESS_COOKIE', 'imgboard', true); + $config['cookies']['session']= 'imgboard'; - // Used to safely determine when the user was first seen, to prevent floods. - // time() - define('TIME_COOKIE', 'arrived', true); - // HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification. - define('HASH_COOKIE', 'hash', true); + // Used to safely determine when the user was first seen, to prevent floods. Contains a UNIX timestamp. + $config['cookies']['time'] = 'arrived'; + // Contains an MD5 hash of $config['cookies']['time'] for verification. + $config['cookies']['hash'] = 'hash'; // Used for moderation login - define('MOD_COOKIE', 'mod', true); - // Where to set the 'path' parameter to ROOT when creating cookies. Recommended. - define('JAIL_COOKIES', true, true); - + $config['cookies']['mod'] = 'mod'; + // Where to set the 'path' parameter to $config['root'] when creating cookies. Recommended. + $config['cookies']['jail'] = true; // How long should the cookies last (in seconds) - define('COOKIE_EXPIRE', 15778463, true); //6 months - // How long should moderators should remain logged in (0=browser session) (in seconds) - define('MOD_EXPIRE', 15778463, true); + $config['cookies']['expire']= 15778463; //6 months // Make this something long and random for security - define('SALT', 'wefaw98YHEWUFuo', true); - define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true); + $config['cookies']['salt'] = 'wefaw98YHEWUFuo'; + // How long should moderators should remain logged in (0=browser session) (in seconds) + $config['mod']['expire'] = 15778463; //6 months + // Used to salt secure tripcodes (##trip) + $config['secure_trip_salt'] = '@#$&^@#)$(*&@!_$(&329-8347'; // How many seconds before you can post, after the first visit - define('LURKTIME', 30, true); - + $config['lurktime'] = 30; // How many seconds between each post - define('FLOOD_TIME', 10, true); + $config['flood_time'] = 10; // How many seconds between each post with exactly the same content and same IP - define('FLOOD_TIME_IP_SAME', 120, true); + $config['flood_time_ip'] = 120; // Same as above but different IP address - define('FLOOD_TIME_SAME', 30, true); + $config['flood_time_same'] = 30; // Do you need a body for your non-OP posts? - define('FORCE_BODY', true, true); + $config['force_body'] = true; // Max body length - define('MAX_BODY', 1800, true); - - define('THREADS_PER_PAGE', 10, true); - define('MAX_PAGES', 10, true); - define('THREADS_PREVIEW', 5, true); + $config['max_body'] = 1800; + + $config['threads_per_page'] = 10; + $config['max_pages'] = 10; + $config['threads_preview'] = 5; // For development purposes. Turns 'display_errors' on. Not recommended for production. - define('VERBOSE_ERRORS', true, true); + $config['verbose_errors'] = true; // Error messages - define('ERROR_LURK', 'Lurk some more before posting.', true); - define('ERROR_BOT', 'You look like a bot.', true); - define('ERROR_TOOLONG', 'The %s field was too long.', true); - define('ERROR_TOOLONGBODY', 'The body was too long.', true); - define('ERROR_TOOSHORTBODY', 'The body was too short or empty.', true); - define('ERROR_NOIMAGE', 'You must upload an image.', true); - define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); - define('ERROR_FILEEXT', 'Unsupported image format.', true); - define('ERROR_NOBOARD', 'Invalid board!', true); - define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); - define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true); - define('ERROR_NOPOST', 'You didn\'t make a post.', true); - define('ERROR_FLOOD', 'Flood detected; Post discared.', true); - define('ERROR_UNORIGINAL', 'Unoriginal content!', true); - define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true); - define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true); - define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); - define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); - define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true); - define('ERROR_INVALIDPASSWORD', 'Wrong password…', true); - define('ERR_INVALIDIMG','Invalid image.', true); - define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
    Your file\'s size: %filesz% bytes', true); - define('ERR_MAXSIZE', 'The file was too big.', true); - define('ERR_INVALIDZIP', 'Invalid archive!', true); + $config['error']['lurk'] = 'Lurk some more before posting.'; + $config['error']['bot'] = 'You look like a bot.'; + $config['error']['toolong'] = 'The %s field was too long.'; + $config['error']['toolong_body'] = 'The body was too long.'; + $config['error']['tooshort_body'] = 'The body was too short or empty.'; + $config['error']['noimage'] = 'You must upload an image.'; + $config['error']['nomove'] = 'The server failed to handle your upload.'; + $config['error']['fileext'] = 'Unsupported image format.'; + $config['error']['noboard'] = 'Invalid board!'; + $config['error']['nonexistant'] = 'Thread specified does not exist.'; + $config['error']['locked'] = 'Thread locked. You may not reply at this time.'; + $config['error']['nopost'] = 'You didn\'t make a post.'; + $config['error']['flood'] = 'Flood detected; Post discared.'; + $config['error']['unoriginal'] = 'Unoriginal content!'; + $config['error']['muted'] = 'Unoriginal content! You have been muted for %d seconds.'; + $config['error']['youaremuted'] = 'You are muted! Expires in %d seconds.'; + $config['error']['tor'] = 'Hmm… That looks like a Tor exit node.'; + $config['error']['toomanylinks'] = 'Too many links; flood detected.'; + $config['error']['nodelete'] = 'You didn\'t select anything to delete.'; + $config['error']['invalidpassword'] = 'Wrong password…'; + $config['error']['invalidimg'] = 'Invalid image.'; + $config['error']['filesize'] = 'Maximum file size: %maxsz% bytes
    Your file\'s size: %filesz% bytes'; + $config['error']['maxsize'] = 'The file was too big.'; + $config['error']['invalidzip'] = 'Invalid archive!'; // Moderator errors - define('ERROR_INVALID', 'Invalid username and/or password.', true); - define('ERROR_NOTAMOD', 'You are not a mod…', true); - define('ERROR_INVALIDAFTER', 'Invalid username and/or password. Your user may have been deleted or changed.', true); - define('ERROR_MALFORMED','Invalid/malformed cookies.', true); - define('ERROR_MISSEDAFIELD', 'Your browser didn\'t submit an input when it should have.', true); - define('ERROR_REQUIRED', 'The %s field is required.', true); - define('ERROR_INVALIDFIELD', 'The %s field was invalid.', true); - define('ERROR_BOARDEXISTS', 'There is already a %s board.', true); - define('ERROR_NOACCESS', 'You don\'t have permission to do that.', true); - define('ERROR_INVALIDPOST', 'That post doesn\'t exist…', true); - define('ERROR_404', 'Page not found.', true); + $config['error']['invalid'] = 'Invalid username and/or password.'; + $config['error']['notamod'] = 'You are not a mod…'; + $config['error']['invalidafter'] = 'Invalid username and/or password. Your user may have been deleted or changed.'; + $config['error']['malformed'] = 'Invalid/malformed cookies.'; + $config['error']['missedafield'] = 'Your browser didn\'t submit an input when it should have.'; + $config['error']['required'] = 'The %s field is required.'; + $config['error']['invalidfield'] = 'The %s field was invalid.'; + $config['error']['boardexists'] = 'There is already a %s board.'; + $config['error']['noaccess'] = 'You don\'t have permission to do that.'; + $config['error']['invalidpost'] = 'That post doesn\'t exist…'; + $config['error']['404'] = 'Page not found.'; // Reply limit (deletes thread when this is reached) - define('REPLY_LIMIT', 250, true); + $config['reply_limit'] = 250; // For resizing, max values - define('THUMB_WIDTH', 225, true); - define('THUMB_HEIGHT', 225, true); + $config['thumb_width'] = 255; + $config['thumb_height'] = 255; // Store image hash in the database for r9k-like boards implementation soon // Function name for hashing // sha1_file, md5_file, etc. - define('FILE_HASH', 'sha1_file', true); + $config['file_hash'] = 'sha1_file'; - define('BLOCK_TOR', true, true); + $config['block_tor'] = true; // Typically spambots try to post a lot of links. Refuse a post with X standalone links? - define('MAX_LINKS', 20, true); + $config['max_links'] = 20; // Maximum image upload size in bytes - define('MAX_FILESIZE', 10*1024*1024, true); // 10MB + $config['max_filesize'] = 10*1024*1024; // 10MB // Maximum image dimensions - define('MAX_WIDTH', 10000, true); - define('MAX_HEIGHT', MAX_WIDTH, true); - - /* When you upload a ZIP as a file, all the images inside the archive - * get dumped into the thread as replies. - * Extremely beta and not recommended yet. - */ - define('ALLOW_ZIP', false, true); + $config['max_width'] = 1000; + $config['max_height'] = $config['max_width']; // 1:1 /** Redraw the image using GD functions to strip any excess data (commonly ZIP archives) - WARNING: Very beta. Currently strips animated GIFs too :( + WARNING: Currently strips animated GIFs too :( **/ - define('REDRAW_IMAGE', false, true); + $config['redraw_image'] = false; // Redrawing configuration - define('JPEG_QUALITY', 100, true); - define('REDRAW_GIF', false, true); - - // Display the aspect ratio in a post's file info - define('SHOW_RATIO', true, true); - - define('DIR_IMG', 'src/', true); - define('DIR_THUMB', 'thumb/', true); - define('DIR_RES', 'res/', true); - define('DIR_STATIC', 'static/', true); + $config['jpeg_quality'] = 100; + // Temporary fix for the animation-stripping bug + $config['redraw_gifs'] = false; - // Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown. - define('DIR_TEMPLATE', getcwd() . '/templates', true); + // Display the aspect ratio in a post's file info + $config['show_ratio'] = true; // The root directory, including the trailing slash, for Tinyboard. // examples: '/', 'http://boards.chan.org/', '/chan/' - define('ROOT', '/', true); - + $config['root'] = '/'; + + $config['dir']['img'] = 'src/'; + $config['dir']['thumb'] = 'thumb/'; + $config['dir']['res'] = 'res/'; + // For load balancing, having a seperate server (and domain/subdomain) for serving static content is possible. + // This can either be a directory or a URL (eg. http://static.example.org/) + $config['dir']['static'] = $config['root'] . 'static/'; + // Where to store the .html templates. This folder and templates must exist or fatal errors will be thrown. + $config['dir']['template'] = getcwd() . '/templates'; // Static images // These can be URLs OR base64 (data URI scheme) - define('IMAGE_STICKY', ROOT . DIR_STATIC . 'sticky.gif', true); - define('IMAGE_LOCKED', ROOT . DIR_STATIC . 'locked.gif', true); - define('DELETED_IMAGE', ROOT . DIR_STATIC . 'deleted.png', true); - define('ZIP_IMAGE', ROOT . DIR_STATIC . 'zip.png', true); + $config['image_sticky'] = $config['dir']['static'] . 'sticky.gif'; + $config['image_locked'] = $config['dir']['static'] . 'locked.gif'; + $config['image_deleted'] = $config['dir']['static'] . 'deleted.png'; + $config['image_zip'] = $config['dir']['static'] . 'zip.png'; // If for some reason the folders and static HTML index files aren't in the current working direcotry, // enter the directory path here. Otherwise, keep it false. - define('ROOT_FILE', false, true); + $config['root_file'] = false; - define('POST_URL', ROOT . 'post.php', true); - define('FILE_INDEX', 'index.html', true); - define('FILE_PAGE', '%d.html', true); - define('FILE_MOD', 'mod.php', true); + $config['file_index'] = 'index.html'; + $config['file_page'] = '%d.html'; + $config['file_mod'] = 'mod.php'; // Multi-board (%s is board abbreviation) - define('BOARD_PATH', '%s/', true); + $config['board_path'] = '%s/'; // The HTTP status code to use when redirecting. // Should be 3xx (redirection). http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html // "302" is recommended. - define('REDIRECT_HTTP', 302, true); + $config['redirect_http'] = 302; + // TODO: Put this in per-board instance-config instead // Robot stuff // Strip repeating characters when making hashes - define('ROBOT_ENABLE', true, true); - define('ROBOT_BOARD', 'r9k', true); - define('ROBOT_STRIP_REPEATING', true, true); + $config['robot_enable'] = false; + $config['robot_strip_repeating'] = true; + // Enable mutes - define('ROBOT_MUTE', true, true); - define('ROBOT_MUTE_HOUR', 50, true); // How many mutes X hours ago to include in the algorithm - define('ROBOT_MUTE_MULTIPLIER', 2, true); - define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true); + // Tinyboard uses ROBOT9000's original 2^x implementation + $config['robot_mute'] = true; + // How many mutes x hours ago to include in the algorithm + $config['robot_mute_hour'] = 50; + // If you want to alter the algorithm a bit. Default value is 2. n^x + $config['robot_mute_multiplier'] = 2; + $config['robot_mute_descritpion'] = 'You have been muted for unoriginal content.'; /* Mod stuff */ // Whether or not to lock moderator sessions to the IP address that was logged in with. - define('MOD_LOCK_IP', true, true); + $config['mod']['lock_ip'] = true; // The page that is first shown when a moderator logs in. Defaults to the dashboard. - define('MOD_DEFAULT', '/', true); - // Don't even display MySQL password to administrators (in the configuration page) - define('MOD_NEVER_REAL_PASSWORD', true, true); + $config['mod']['default'] = '/'; + // Don't even display MySQL password to administrators (in the configuration page). + $config['mod']['never_reveal_password'] = true; // Do a DNS lookup on IP addresses to get their hostname on the IP summary page - define('MOD_DNS_LOOKUP', true, true); + $config['mod']['dns_lookup'] = true; // Show ban form on the IP summary page - define('MOD_IP_BANFORM', true, true); + $config['mod']['ip_banform'] = true; // How many recent posts, per board, to show in the IP summary page - define('MOD_IP_RECENTPOSTS', 5, true); + $config['mod']['ip_recentposts'] = 5; // Probably best not to change these: - define('MOD_JANITOR', 0, true); - define('MOD_MOD', 1, true); - define('MOD_ADMIN', 2, true); + define('JANITOR', 0, true); + define('MOD', 1, true); + define('ADMIN', 2, true); // Permissions // What level of administration you need to: /* Post Controls */ // View IP addresses - define('MOD_SHOW_IP', MOD_MOD, true); + $config['mod']['show_ip'] = MOD; // Delete a post - define('MOD_DELETE', MOD_JANITOR, true); + $config['mod']['delete'] = JANITOR; // Ban a user for a post - define('MOD_BAN', MOD_MOD, true); + $config['mod']['ban'] = MOD; // Ban and delete (one click; instant) - define('MOD_BANDELETE', MOD_BAN, true); + $config['mod']['bandelete'] = MOD; // Delete file (and keep post) - define('MOD_DELETEFILE', MOD_JANITOR, true); + $config['mod']['deletefile'] = JANITOR; // Delete all posts by IP - define('MOD_DELETEBYIP', MOD_BAN, true); + $config['mod']['deletebyip'] = MOD; // Sticky a thread - define('MOD_STICKY', MOD_MOD, true); + $config['mod']['sticky'] = MOD; // Lock a thread - define('MOD_LOCK', MOD_MOD, true); + $config['mod']['lock'] = MOD; // Post in a locked thread - define('MOD_POSTINLOCKED', MOD_MOD, true); + $config['mod']['postinlocked'] = MOD; // Post bypass unoriginal content check - define('MOD_POSTUNORIGINAL', MOD_MOD, true); + $config['mod']['postunoriginal'] = MOD; // Raw HTML posting - define('MOD_RAWHTML', MOD_MOD, true); + $config['mod']['rawhtml'] = MOD; /* Administration */ - // Display the contents of instant-config.php - define('MOD_SHOW_CONFIG', MOD_ADMIN, true); + // Display the contents of instance-config.php + $config['mod']['show_config'] = ADMIN; // View list of bans - define('MOD_VIEW_BANLIST', MOD_MOD, true); + $config['mod']['view_banlist'] = MOD; // View the username of the mod who made a ban - define('MOD_VIEW_BANSTAFF', MOD_MOD, true); - // If the moderator doesn't fit the MOD_VIEW_BANSTAFF (previous) permission, + $config['mod']['view_banstaff'] = MOD; + // If the moderator doesn't fit the $config['mod']['view_banstaff''] (previous) permission, // show him just a "?" instead. Otherwise, it will be "Mod" or "Admin" - define('MOD_VIEW_BANQUESTIONMARK', false, true); + $config['mod']['view_banquestionmark'] = false; // Show expired bans in the ban list (they are kept in cache until the culprit returns) - define('MOD_VIEW_BANEXPIRED', true, true); + $config['mod']['view_banexpired'] = true; // Create a new board - define('MOD_NEWBOARD', MOD_ADMIN, true); + $config['mod']['newboard'] = ADMIN; // Mod links (full HTML) // Correspond to above permission directives - define('MOD_LINK_DELETE', '[D]', true); - define('MOD_LINK_BAN', '[B]', true); - define('MOD_LINK_BANDELETE', '[B&D]', true); - define('MOD_LINK_DELETEFILE', '[F]', true); - define('MOD_LINK_DELETEBYIP', '[D+]', true); - define('MOD_LINK_STICKY', '[Sticky]', true); - define('MOD_LINK_DESTICKY', '[-Sticky]', true); - define('MOD_LINK_LOCK', '[Lock]', true); - define('MOD_LINK_UNLOCK', '[-Lock]', true); + $config['mod']['link_delete'] = '[D]'; + $config['mod']['link_ban'] = '[B]'; + $config['mod']['link_bandelete'] = '[B&D]'; + $config['mod']['link_deletefile'] = '[F]'; + $config['mod']['link_deletebyip'] = '[D+]'; + $config['mod']['link_sticky'] = '[Sticky]'; + $config['mod']['link_desticky'] = '[-Sticky]'; + $config['mod']['link_lock'] = '[Lock]'; + $config['mod']['link_unlock'] = '[-Lock]'; + // A small file in the main directory indicating that the script has been ran and the board(s) have been generated. // This keeps the script from querying the database and causing strain when not needed. - define('HAS_INSTALLED', '.installed', true); + $config['has_installed'] = '.installed'; - // Name of the boards. Typically '/%s/' (/b/, /mu/, etc) - // BOARD_ABBREVIATION - BOARD_TITLE - define('BOARD_ABBREVIATION', '/%s/', true); + // Name of the boards. Usually '/%s/' (/b/, /mu/, etc) + // $config['board_abbreviation'] - BOARD_TITLE + $config['board_abbreviation'] = '/%s/'; // Automatically convert things like "..." to Unicode characters ("…") - define('AUTO_UNICODE', true, true); + $config['auto_unicode'] = true; // Use some Wiki-like syntax (''em'', '''strong''', ==Heading==, etc) - define('WIKI_MARKUP', true, true); + $config['wiki_markup'] = true; // Whether to turn URLs into functional links - define('MARKUP_URLS', true, true); + $config['markup_urls'] = true; // Complex regular expression to catch URLs - define('URL_REGEX', '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+)?)?' . '/', true); + $config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(\/([\w\-~\.#\/?=&;:+%]+)?)?' . '/'; // Allowed file extensions - $allowed_ext = Array('jpg', 'jpeg', 'bmp', 'gif', 'png', true); - - define('BUTTON_NEWTOPIC', 'New Topic', true); - define('BUTTON_REPLY', 'New Reply', true); + $config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); + + // The names on the post buttons. (On most imageboards, these are both "Post".) + $config['button_newtopic'] = 'New Topic'; + $config['button_reply'] = 'New Reply'; // The string passed to date() for post times // http://php.net/manual/en/function.date.php - define('POST_DATE', 'm/d/y (D) H:i:s', true); + $config['post_date'] = 'm/d/y (D) H:i:s'; - define('ALWAYS_NOKO', false, true); + // Always act as if they had typed "noko" in the email field no mattter what + $config['always_noko'] = false; - define('URL_MATCH', '/^' . - (preg_match(URL_REGEX, ROOT) ? '' : + $config['url_match'] = '/^' . + (preg_match($config['url_regex'], $config['root']) ? '' : (@$_SERVER['HTTPS']?'https':'http') . ':\/\/'.$_SERVER['HTTP_HOST']) . - preg_quote(ROOT, '/') . + preg_quote($config['root'], '/') . '(' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . '|' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . - preg_quote(FILE_INDEX, '/') . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . + preg_quote($config['file_index'], '/') . '|' . - str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . - str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . + str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . '|' . - preg_quote(FILE_MOD, '/') . + preg_quote($config['file_mod'], '/') . '\?\/.+' . - ')$/i', true); + ')$/i'; - if(ROOT_FILE) { - chdir(ROOT_FILE); + if($config['root_file']) { + chdir($config['root_file']); } - if(VERBOSE_ERRORS) { + if($config['verbose_errors']) { error_reporting(E_ALL); ini_set('display_errors', 1); } + ?> \ No newline at end of file diff --git a/inc/database.php b/inc/database.php index dca1fbd1..21fabe71 100644 --- a/inc/database.php +++ b/inc/database.php @@ -1,20 +1,20 @@ getMessage(); // Remove any sensitive information - $message = str_replace(DB_USER, 'hidden', $message); - $message = str_replace(DB_PASSWORD, 'hidden', $message); + $message = str_replace($config['db']['user'], 'hidden', $message); + $message = str_replace($config['db']['password'], 'hidden', $message); // Print error error('Database error: ' . $message); diff --git a/inc/display.php b/inc/display.php index 8423da0f..acf77e39 100644 --- a/inc/display.php +++ b/inc/display.php @@ -20,30 +20,32 @@ } function error($message) { - global $board, $mod; + global $board, $mod, $config; if(function_exists('sql_close')) sql_close(); die(Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'Error', 'subtitle'=>'An error has occured.', 'body'=>"
    " . "

    $message

    " . (isset($board) ? - "

    Go back.

    " : ''). + "

    Go back.

    " : ''). "
    " ))); } function loginForm($error=false, $username=false) { + global $config; + if(function_exists('sql_close')) sql_close(); die(Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'Login', 'body'=>Element('login.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'error'=>$error, 'username'=>$username ) @@ -52,7 +54,10 @@ } class Post { - public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT, $mod=false) { + public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=null, $mod=false) { + global $config; + if(!isset($root)) $root = $config['root']; + $this->id = $id; $this->thread = $thread; $this->subject = utf8tohtml($subject); @@ -77,13 +82,13 @@ // Fix internal links // Very complicated regex $this->body = preg_replace( - '/'; // Delete - if($this->mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; + if($this->mod['type'] >= $config['mod']['delete']) + $built .= ' ' . $config['mod']['link_delete'] . ''; // Delete all posts by IP - if($this->mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + if($this->mod['type'] >= $config['mod']['deletebyip']) + $built .= ' ' . $config['mod']['link_deletebyip'] . ''; // Ban - if($this->mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; + if($this->mod['type'] >= $config['mod']['ban']) + $built .= ' ' . $config['mod']['link_ban'] . ''; // Ban & Delete - if($this->mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; + if($this->mod['type'] >= $config['mod']['bandelete']) + $built .= ' ' . $config['mod']['link_bandelete'] . ''; // Delete file (keep post) - if(!empty($this->file) && $this->mod['type'] >= MOD_DELETEFILE) - $built .= ' ' . MOD_LINK_DELETEFILE . ''; + if(!empty($this->file) && $this->mod['type'] >= $config['mod']['deletefile']) + $built .= ' ' . $config['mod']['link_deletefile'] . ''; $built .= ''; } @@ -116,7 +121,7 @@ } public function build($index=false) { - global $board; + global $board, $config; $built = '
    ' . '

    ' . @@ -135,7 +140,7 @@ . (!empty($this->trip) ? ' '.$this->trip.'':''); // IP Address - if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) { + if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) { $built .= ' [' . $this->ip . ']'; } @@ -144,7 +149,7 @@ $built .= ''; // Date/time - $built .= ' ' . date(POST_DATE, $this->time); + $built .= ' ' . date($config['post_date'], $this->time); // End delete $built .= ''; @@ -152,20 +157,20 @@ $built .= ' No.' . + ' href="' . $this->root . $board['dir'] . $config['dir']['res'] . $this->thread . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . '

    '; // File info if(!empty($this->file) && $this->file != 'deleted') { - $built .= '

    File: ' . $this->file . ' (' . + $built .= '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions $this->filex . 'x' . $this->filey; // Aspect Ratio - if(SHOW_RATIO) { + if($config['show_ratio']) { $fraction = fraction($this->filex, $this->filey, ':'); $built .= ', ' . $fraction; } @@ -173,9 +178,9 @@ $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; } elseif($this->file == 'deleted') { - $built .= ''; + $built .= ''; } $built .= $this->postControls(); @@ -189,7 +194,10 @@ class Thread { public $omitted = 0; - public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $root=ROOT, $mod=false) { + public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $root=null, $mod=false) { + global $config; + if(!isset($root)) $root = $config['root']; + $this->id = $id; $this->subject = utf8tohtml($subject); $this->email = $email; @@ -217,7 +225,7 @@ // Fix internal links // Very complicated regex $this->body = preg_replace( - '/'; // Delete - if($this->mod['type'] >= MOD_DELETE) - $built .= ' ' . MOD_LINK_DELETE . ''; + if($this->mod['type'] >= $config['mod']['delete']) + $built .= ' ' . $config['mod']['link_delete'] . ''; // Delete all posts by IP - if($this->mod['type'] >= MOD_DELETEBYIP) - $built .= ' ' . MOD_LINK_DELETEBYIP . ''; + if($this->mod['type'] >= $config['mod']['deletebyip']) + $built .= ' ' . $config['mod']['link_deletebyip'] . ''; // Ban - if($this->mod['type'] >= MOD_BAN) - $built .= ' ' . MOD_LINK_BAN . ''; + if($this->mod['type'] >= $config['mod']['ban']) + $built .= ' ' . $config['mod']['link_ban'] . ''; // Ban & Delete - if($this->mod['type'] >= MOD_BANDELETE) - $built .= ' ' . MOD_LINK_BANDELETE . ''; + if($this->mod['type'] >= $config['mod']['bandelete']) + $built .= ' ' . $config['mod']['link_bandelete'] . ''; // Stickies - if($this->mod['type'] >= MOD_STICKY) + if($this->mod['type'] >= $config['mod']['sticky']) if($this->sticky) - $built .= ' ' . MOD_LINK_DESTICKY . ''; + $built .= ' ' . $config['mod']['link_desticky'] . ''; else - $built .= ' ' . MOD_LINK_STICKY . ''; + $built .= ' ' . $config['mod']['link_sticky'] . ''; // Lock - if($this->mod['type'] >= MOD_LOCK) + if($this->mod['type'] >= $config['mod']['lock']) if($this->locked) - $built .= ' ' . MOD_LINK_UNLOCK . ''; + $built .= ' ' . $config['mod']['link_unlock'] . ''; else - $built .= ' ' . MOD_LINK_LOCK . ''; + $built .= ' ' . $config['mod']['link_lock'] . ''; $built .= ''; @@ -270,22 +278,22 @@ } public function build($index=false) { - global $board; + global $board, $config; - $built = '

    File: ' . $this->file . ' (' . + $built = '

    File: ' . $this->file . ' (' . // Filesize format_bytes($this->filesize) . ', ' . // File dimensions $this->filex . 'x' . $this->filey; // Aspect Ratio - if(SHOW_RATIO) { + if($config['show_ratio']) { $fraction = fraction($this->filex, $this->filey, ':'); $built .= ', ' . $fraction; } // Filename $built .= ', ' . $this->filename . ')

    ' . // Thumbnail - ''; + ''; $built .= '

    '; @@ -304,7 +312,7 @@ . (!empty($this->trip) ? ' '.$this->trip.'':''); // IP Address - if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) { + if($this->mod && $this->mod['type'] >= $config['mod']['show_ip']) { $built .= ' [' . $this->ip . ']'; } @@ -313,7 +321,7 @@ $built .= ''; // Date/time - $built .= ' ' . date(POST_DATE, $this->time); + $built .= ' ' . date($config['post_date'], $this->time); // End delete $built .= ''; @@ -321,15 +329,15 @@ $built .= ' No.' . + ' href="' . $this->root . $board['dir'] . $config['dir']['res'] . $this->id . '.html' . '#' . $this->id . '">No.' . // JavaScript cite - ''.$this->id.'' . + ''.$this->id.'' . // Sticky - ($this->sticky ? '' : '') . + ($this->sticky ? '' : '') . // Locked - ($this->locked ? '' : '') . + ($this->locked ? '' : '') . // [Reply] - ($index ? '[Reply]' : '') . + ($index ? '[Reply]' : '') . // Mod controls $this->postControls() . diff --git a/inc/functions.php b/inc/functions.php index 6901de62..cc2a02f8 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -9,7 +9,7 @@ } function setupBoard($array) { - global $board; + global $board, $config; $board = Array( 'id' => $array['id'], @@ -17,13 +17,13 @@ 'name' => $array['title'], 'title' => $array['subtitle']); - $board['dir'] = sprintf(BOARD_PATH, $board['uri']); - $board['url'] = sprintf(BOARD_ABBREVIATION, $board['uri']); + $board['dir'] = sprintf($config['board_path'], $board['uri']); + $board['url'] = sprintf($config['board_abbreviation'], $board['uri']); if(!file_exists($board['dir'])) mkdir($board['dir'], 0777); - if(!file_exists($board['dir'] . DIR_IMG)) @mkdir($board['dir'] . DIR_IMG, 0777) or error("Couldn't create " . DIR_IMG . ". Check permissions.", true); - if(!file_exists($board['dir'] . DIR_THUMB)) @mkdir($board['dir'] . DIR_THUMB, 0777) or error("Couldn't create " . DIR_THUMB . ". Check permissions.", true); - if(!file_exists($board['dir'] . DIR_RES)) @mkdir($board['dir'] . DIR_RES, 0777) or error("Couldn't create " . DIR_RES . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['img'])) @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $config['dir']['img'] . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['thumb'])) @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $config['dir']['thumb'] . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['res'])) @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $config['dir']['res'] . ". Check permissions.", true); } function openBoard($uri) { @@ -46,14 +46,14 @@ } function checkFlood($post) { - global $board; + global $board, $config; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':body', $post['body'], PDO::PARAM_INT); - $query->bindValue(':floodtime', time()-FLOOD_TIME, PDO::PARAM_INT); - $query->bindValue(':floodsameiptime', time()-FLOOD_TIME_IP_SAME, PDO::PARAM_INT); - $query->bindValue(':floodsametime', time()-FLOOD_TIME_SAME, PDO::PARAM_INT); + $query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT); + $query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT); + $query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); return (bool)$query->fetch(); @@ -81,6 +81,8 @@ } function checkBan() { + global $config; + if(!isset($_SERVER['REMOTE_ADDR'])) { // Server misconfiguration return; @@ -157,7 +159,7 @@ // Show banned page and exit die(Element('page.html', Array( - 'index' => ROOT, + 'index' => $config['root'], 'title' => 'Banned', 'subtitle' => 'You are banned!', 'body' => $body @@ -264,14 +266,14 @@ // Remove file from post function deleteFile($id, $remove_entirely_if_already=true) { - global $board; + global $board, $config; $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NOT NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); + error($config['error']['invalidpost']); } $post = $query->fetch(); @@ -282,10 +284,10 @@ $query->bindValue(':file', null, PDO::PARAM_NULL); } else { // Delete thumbnail - @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + @unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); // Delete file - @unlink($board['dir'] . DIR_IMG . $post['file']); + @unlink($board['dir'] . $config['dir']['img'] . $post['file']); // Set file to 'deleted' $query->bindValue(':file', 'deleted', PDO::PARAM_INT); @@ -300,7 +302,7 @@ // Delete a post (reply or thread) function deletePost($id, $error_if_doesnt_exist=true) { - global $board; + global $board, $config; // Select post and replies (if thread) in one query $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); @@ -309,7 +311,7 @@ if($query->rowCount() < 1) { if($error_if_doesnt_exist) - error(ERROR_INVALIDPOST); + error($config['error']['invalidpost']); else return false; } @@ -317,18 +319,18 @@ while($post = $query->fetch()) { if(!$post['thread']) { // Delete thread HTML page - @unlink($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $post['id'])); + @unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); } elseif($query->rowCount() == 1) { // Rebuild thread $rebuild = $post['thread']; } if($post['thumb']) { // Delete thumbnail - @unlink($board['dir'] . DIR_THUMB . $post['thumb']); + @unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); } if($post['file']) { // Delete file - @unlink($board['dir'] . DIR_IMG . $post['file']); + @unlink($board['dir'] . $config['dir']['img'] . $post['file']); } } @@ -344,8 +346,8 @@ } function clean() { - global $board; - $offset = round(MAX_PAGES*THREADS_PER_PAGE); + global $board, $config; + $offset = round($config['max_pages']*$config['threads_per_page']); // I too wish there was an easier way of doing this... $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); @@ -358,74 +360,75 @@ } function index($page, $mod=false) { - global $board; + global $board, $config; $body = ''; - $offset = round($page*THREADS_PER_PAGE-THREADS_PER_PAGE); + $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); sql_open(); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT ?,?", $board['uri'])); $query->bindValue(1, $offset, PDO::PARAM_INT); - $query->bindValue(2, THREADS_PER_PAGE, PDO::PARAM_INT); + $query->bindValue(2, $config['threads_per_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowcount() < 1 && $page > 1) return false; while($th = $query->fetch()) { - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : ROOT, $mod); + $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $mod ? '?/' : $config['root'], $mod); $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `id` DESC LIMIT ?", $board['uri'])); $posts->bindValue(1, $th['id']); - $posts->bindValue(2, THREADS_PREVIEW, PDO::PARAM_INT); + $posts->bindValue(2, $config['threads_preview'], PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); - if($posts->rowCount() == THREADS_PREVIEW) { + if($posts->rowCount() == $config['threads_preview']) { $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = ?", $board['uri'])); $count->bindValue(1, $th['id']); $count->execute() or error(db_error($count)); $count = $count->fetch(); - $omitted = $count['num'] - THREADS_PREVIEW; + $omitted = $count['num'] - $config['threads_preview']; $thread->omitted = $omitted; unset($count); unset($omitted); } while($po = $posts->fetch()) { - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT, $mod)); + $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : $config['root'], $mod)); } $thread->posts = array_reverse($thread->posts); $body .= $thread->build(true); } - return Array('button'=>BUTTON_NEWTOPIC, 'board'=>$board, 'body'=>$body, 'post_url' => POST_URL, 'index' => ROOT); + return Array('button'=>$config['button_newtopic'], 'board'=>$board, 'body'=>$body, 'post_url' => $config['post_url'], 'index' => $config['root']); } function getPages($mod=false) { - global $board; + global $board, $config; // Count threads $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); $count = current($query->fetch()); - $count = floor((THREADS_PER_PAGE + $count - 1) / THREADS_PER_PAGE); + $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); $pages = Array(); - for($x=0;$x<$count && $x $x+1, 'link' => $x==0 ? ($mod ? '?/' : ROOT) . $board['dir'] . FILE_INDEX : ($mod ? '?/' : ROOT) . $board['dir'] . sprintf(FILE_PAGE, $x+1)); + for($x=0;$x<$count && $x<$config['max_pages'];$x++) { + $pages[] = Array('num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1)); } return $pages; } function makerobot($body) { + global $config; $body = strtolower($body); // Leave only letters $body = preg_replace('/[^a-z]/i', '', $body); // Remove repeating characters - if(ROBOT_STRIP_REPEATING) + if($config['robot_strip_repeating']) $body = preg_replace('/(.)\\1+/', '$1', $body); return sha1($body); @@ -468,6 +471,7 @@ } function muteTime() { + global $config; // Find number of mutes in the past X hours $query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); $query->bindValue(':time', time()-(ROBOT_MUTE_HOUR*3600), PDO::PARAM_INT); @@ -476,7 +480,7 @@ $result = $query->fetch(); if($result['count'] == 0) return 0; - return pow(ROBOT_MUTE_MULTIPLIER, $result['count']); + return pow($config['robot_mute_multiplier'], $result['count']); } function mute() { @@ -504,7 +508,7 @@ if($mute['time'] + $mutetime > time()) { // Not expired yet - error(sprintf(ERROR_YOUAREMUTED, $mute['time'] + $mutetime - time())); + error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); } else { // Already expired return; @@ -513,14 +517,14 @@ } function buildIndex() { - global $board; + global $board, $config; sql_open(); $pages = getPages(); $page = 1; - while($page <= MAX_PAGES && $content = index($page)) { - $filename = $board['dir'] . ($page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page)); + while($page <= $config['max_pages'] && $content = index($page)) { + $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); if(file_exists($filename)) $md5 = md5_file($filename); $content['pages'] = $pages; @@ -531,9 +535,9 @@ } $page++; } - if($page < MAX_PAGES) { - for(;$page<=MAX_PAGES;$page++) { - $filename = $page==1 ? FILE_INDEX : sprintf(FILE_PAGE, $page); + if($page < $config['max_pages']) { + for(;$page<=$config['max_pages'];$page++) { + $filename = $page==1 ? $config['file_index'] : sprintf($config['file_page'], $page); @unlink($filename); } } @@ -566,17 +570,17 @@ } function markup(&$body) { - global $board; + global $board, $config; $body = utf8tohtml($body, true); - if(MARKUP_URLS) { - $body = preg_replace(URL_REGEX, "$0", $body, -1, $num_links); - if($num_links > MAX_LINKS) - error(ERROR_TOOMANYLINKS); + if($config['markup_urls']) { + $body = preg_replace($config['url_regex'], "$0", $body, -1, $num_links); + if($num_links > $config['max_links']) + error($config['error']['toomanylinks']); } - if(AUTO_UNICODE) { + if($config['auto_unicode']) { $body = str_replace('...', '…', $body); $body = str_replace('<--', '←', $body); @@ -603,7 +607,7 @@ $query->execute() or error(db_error($query)); if($post = $query->fetch()) { - $replacement = '>>' . $cite . ''; + $replacement = '>>' . $cite . ''; } else { $replacement = ">>{$cite}"; } @@ -630,7 +634,7 @@ $body = preg_replace("/(^|\n)([\s]+)?(>)([^\n]+)?($|\n)/m", '$1$2$3$4$5', $body); - if(WIKI_MARKUP) { + if($config['wiki_markup']) { $body = preg_replace("/(^|\n)==(.+?)==\n?/m", "

    $2

    ", $body); $body = preg_replace("/'''(.+?)'''/m", "$1", $body); $body = preg_replace("/''(.+?)''/m", "$1", $body); @@ -679,7 +683,7 @@ } function buildThread($id, $return=false, $mod=false) { - global $board; + global $board, $config; $id = round($id); $query = prepare(sprintf("SELECT `id`,`thread`,`subject`,`name`,`email`,`trip`,`body`,`time`,`thumb`,`thumbwidth`,`thumbheight`,`file`,`filewidth`,`fileheight`,`filesize`,`filename`,`ip`,`sticky`,`locked` FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`time`", $board['uri'])); @@ -688,33 +692,34 @@ while($post = $query->fetch()) { if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $mod ? '?/' : ROOT, $mod); + $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $mod ? '?/' : $config['root'], $mod); } else { - $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod)); + $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod)); } } // Check if any posts were found - if(!isset($thread)) error(ERROR_NONEXISTANT); + if(!isset($thread)) error($config['error']['nonexistant']); $body = Element('thread.html', Array( - 'button'=>BUTTON_REPLY, + 'button'=>$config['button_reply'], 'board'=>$board, 'body'=>$thread->build(), - 'post_url' => POST_URL, - 'index' => ROOT, + 'post_url' => $config['post_url'], + 'index' => $config['root'], 'id' => $id, 'mod' => $mod, - 'return' => ($mod ? '?' . $board['url'] . FILE_INDEX : ROOT . $board['uri'] . '/' . FILE_INDEX) + 'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index']) )); if($return) return $body; else - @file_put_contents($board['dir'] . DIR_RES . sprintf(FILE_PAGE, $id), $body) or error("Couldn't write to file."); + @file_put_contents($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $id), $body) or error("Couldn't write to file."); } function generate_tripcode ( $name, $length = 10 ) { + global $config; $name = stripslashes ( $name ); $t = explode('#', $name); $nameo = $t[0]; @@ -730,7 +735,7 @@ $salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' ); if ( isset ( $t[2] ) ) { // secure - $trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) ); + $trip = '!!' . substr ( crypt ( $trip, $config['secure_trip_salt'] ), ( -1 * $length ) ); } else { // insecure $trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) ); @@ -865,25 +870,25 @@ case 'jpeg': if(!$image = @imagecreatefromjpeg($source_pic)) { unlink($source_pic); - error(ERR_INVALIDIMG); + error($config['error']['invalidimg']); } break; case 'png': if(!$image = @imagecreatefrompng($source_pic)) { unlink($source_pic); - error(ERR_INVALIDIMG); + error($config['error']['invalidimg']); } break; case 'gif': if(!$image = @imagecreatefromgif($source_pic)) { unlink($source_pic); - error(ERR_INVALIDIMG); + error($config['error']['invalidimg']); } break; case 'bmp': if(!$image = @imagecreatefrombmp($source_pic)) { unlink($source_pic); - error(ERR_INVALIDIMG); + error($config['error']['invalidimg']); } break; default: diff --git a/inc/instance-config.php b/inc/instance-config.php index 88178f2c..864a956c 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -11,14 +11,41 @@ // Database stuff - define('DB_TYPE', 'mysql'); - define('DB_SERVER', 'localhost'); - define('DB_USER', ''); - define('DB_PASSWORD', ''); - define('DB_DATABASE', ''); - - define('ROOT', '/'); - -// define('FOO', 'bar'); - + $config['db']['type'] = 'mysql'; + $config['db']['server'] = 'localhost'; + $config['db']['user'] = ''; + $config['db']['password'] = ''; + $config['db']['database'] = ''; + + $config['root'] = '/'; + + + + // The following looks ugly. I will find a better place to put this code soon. + $config['post_url'] = $config['root'] . 'post.php'; + + $config['url_match'] = '/^' . + (preg_match($config['url_regex'], $config['root']) ? '' : + (@$_SERVER['HTTPS']?'https':'http') . + ':\/\/'.$_SERVER['HTTP_HOST']) . + preg_quote($config['root'], '/') . + '(' . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . + '|' . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . + preg_quote($config['file_index'], '/') . + '|' . + str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . + str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . + '|' . + preg_quote($config['file_mod'], '/') . + '\?\/.+' . + ')$/i'; + + $config['dir']['static'] = $config['root'] . 'static/'; + + $config['image_sticky'] = $config['dir']['static'] . 'sticky.gif'; + $config['image_locked'] = $config['dir']['static'] . 'locked.gif'; + $config['image_deleted'] = $config['dir']['static'] . 'deleted.png'; + $config['image_zip'] = $config['dir']['static'] . 'zip.png'; ?> \ No newline at end of file diff --git a/inc/template.php b/inc/template.php index ff65c0c3..d8961167 100644 --- a/inc/template.php +++ b/inc/template.php @@ -8,7 +8,7 @@ // Standard configuration // // Folder where the template files are kept - $templateDir = DIR_TEMPLATE; + $templateDir = $config['dir']['template']; // // Enable global things like %gentime, etc. $templateGlobals = true; diff --git a/inc/user.php b/inc/user.php index 6470d2ff..021515a2 100644 --- a/inc/user.php +++ b/inc/user.php @@ -3,10 +3,10 @@ $mod = false; // Set the session name. - session_name(SESS_COOKIE); + session_name($config['cookies']['session']); // Set session parameters - session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/'); + session_set_cookie_params(0, $config['cookies']['jail']?$config['root']:'/'); // Start the session session_start(); @@ -14,13 +14,13 @@ // Session creation time if(!isset($_SESSION['created'])) $_SESSION['created'] = time(); - if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) { + if(!isset($_COOKIE[$config['cookies']['hash']]) || !isset($_COOKIE[$config['cookies']['time']]) || $_COOKIE[$config['cookies']['hash']] != md5($_COOKIE[$config['cookies']['time']] . $config['cookies']['salt'])) { $time = time(); - setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); - setcookie(HASH_COOKIE, md5($time.SALT), $time+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + setcookie($config['cookies']['time'], $time, time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); + setcookie($config['cookies']['hash'], md5($time . $config['cookies']['salt']), $time+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); $user = Array('valid' => false, 'appeared' => $time); } else { - $user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]); + $user = Array('valid' => true, 'appeared' => $_COOKIE[$config['cookies']['time']]); } ?> \ No newline at end of file diff --git a/mod.php b/mod.php index 12b730a0..40244b4a 100644 --- a/mod.php +++ b/mod.php @@ -1,10 +1,10 @@ str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')), - 'page' => str_replace('%d', '(\d+)', preg_quote(FILE_PAGE, '/')), - 'img' => preg_quote(DIR_IMG, '/'), - 'thumb' => preg_quote(DIR_THUMB, '/'), - 'res' => preg_quote(DIR_RES, '/'), - 'index' => preg_quote(FILE_INDEX, '/') + 'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), + 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), + 'img' => preg_quote($config['dir']['img'], '/'), + 'thumb' => preg_quote($config['dir']['thumb'], '/'), + 'res' => preg_quote($config['dir']['res'], '/'), + 'index' => preg_quote($config['file_index'], '/') ); if(preg_match('/^\/?$/', $query)) { @@ -81,10 +81,10 @@ // Boards $fieldset['Boards'] .= ulBoards(); - if($mod['type'] >= MOD_VIEW_BANLIST) { + if($mod['type'] >= $config['mod']['view_banlist']) { $fieldset['Administration'] .= '
  • Ban list
    • '; } - if($mod['type'] >= MOD_SHOW_CONFIG) { + if($mod['type'] >= $config['mod']['show_config']) { $fieldset['Administration'] .= '
  • Show configuration
    • '; } @@ -97,16 +97,16 @@ } echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'Dashboard', 'body'=>$body //,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ ) ); } elseif(preg_match('/^\/bans$/', $query)) { - if($mod['type'] < MOD_VIEW_BANLIST) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']); - if(MOD_VIEW_BANEXPIRED) { + if($config['mod']['view_banexpired']) { $query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -126,7 +126,7 @@ while($ban = $query->fetch()) { $body .= '' . @@ -145,26 +145,26 @@ '' . $ban['reason'] . '' . // Set - '' . date(POST_DATE, $ban['set']) . '' . + '' . date($config['post_date'], $ban['set']) . '' . // Expires '' . ($ban['expires'] == 0 ? 'Never' : - date(POST_DATE, $ban['expires']) + date($config['post_date'], $ban['expires']) ) . '' . // Staff '' . - ($mod['type'] < MOD_VIEW_BANSTAFF ? - (MOD_VIEW_BANQUESTIONMARK ? + ($mod['type'] < $config['mod']['view_banstaff'] ? + ($config['mod']['view_banquestionmark'] ? '?' : - ($ban['type'] == MOD_JANITOR ? 'Janitor' : - ($ban['type'] == MOD_MOD ? 'Mod' : - ($ban['type'] == MOD_ADMIN ? 'Admin' : + ($ban['type'] == JANITOR ? 'Janitor' : + ($ban['type'] == MOD ? 'Mod' : + ($ban['type'] == ADMIN ? 'Admin' : '?'))) ) : @@ -181,14 +181,14 @@ } echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'Ban list', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/config$/', $query)) { - if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']); // Show instance-config.php @@ -240,14 +240,14 @@ $body = '
    Configuration' . $data . '
    '; echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'Configuration', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/new$/', $query)) { - if($mod['type'] < MOD_NEWBOARD) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']); // New board $body = ''; @@ -257,7 +257,7 @@ if( !isset($_POST['uri']) || !isset($_POST['title']) || !isset($_POST['subtitle']) - ) error(ERROR_MISSEDAFIELD); + ) error($config['error']['missedafield']); $b = Array( 'uri' => $_POST['uri'], @@ -267,24 +267,24 @@ // Check required fields if(empty($b['uri'])) - error(sprintf(ERROR_REQUIRED, 'URI')); + error(sprintf($config['error']['required'], 'URI')); if(empty($b['title'])) - error(sprintf(ERROR_REQUIRED, 'title')); + error(sprintf($config['error']['required'], 'title')); // Check string lengths if(strlen($b['uri']) > 8) - error(sprintf(ERROR_TOOLONG, 'URI')); + error(sprintf($config['error']['toolong'], 'URI')); if(strlen($b['title']) > 20) - error(sprintf(ERROR_TOOLONG, 'title')); + error(sprintf($config['error']['toolong'], 'title')); if(strlen($b['subtitle']) > 40) - error(sprintf(ERROR_TOOLONG, 'subtitle')); + error(sprintf($config['error']['toolong'], 'subtitle')); if(!preg_match('/^\w+$/', $b['uri'])) - error(sprintf(ERROR_INVALIDFIELD, 'URI')); + error(sprintf($config['error']['invalidfield'], 'URI')); if(openBoard($b['uri'])) { unset($board); - error(sprintf(ERROR_BOARDEXISTS, sprintf(BOARD_ABBREVIATION, $b['uri']))); + error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); } $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); @@ -315,7 +315,7 @@ // TODO: Statistics, etc, in the dashboard. echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'New board', 'body'=>$body, 'mod'=>true @@ -328,10 +328,10 @@ // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); - if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], $mod)) { - error(ERROR_404); + if(!$page = index(empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2], $mod)) { + error($config['error']['404']); } $page['pages'] = getPages(true); $page['mod'] = true; @@ -344,20 +344,20 @@ $thread = $matches[2]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); $page = buildThread($thread, true, $mod); echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_DELETEFILE) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']); // Delete file from post $boardName = $matches[1]; $post = $matches[2]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); // Delete post deleteFile($post); @@ -371,18 +371,18 @@ // Redirect if(isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); // Delete post $boardName = $matches[1]; $post = $matches[2]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); // Delete post deletePost($post); @@ -395,18 +395,18 @@ // Redirect if(isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_STICKY) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']); // Add/remove sticky $boardName = $matches[1]; $post = $matches[3]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); @@ -429,18 +429,18 @@ // Redirect if(isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_LOCK) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']); // Lock/Unlock $boardName = $matches[1]; $post = $matches[3]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); @@ -463,9 +463,9 @@ // Redirect if(isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) { // Delete all posts by an IP @@ -473,14 +473,14 @@ $post = $matches[2]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) - error(ERROR_INVALIDPOST); + error($config['error']['invalidpost']); $ip = $post['ip']; @@ -492,16 +492,16 @@ $query->execute() or error(db_error($query)); if($query->rowCount() < 1) - error(ERROR_INVALIDPOST); + error($config['error']['invalidpost']); while($post = $query->fetch()) { deletePost($post['id'], false); } if(isset($_SERVER['HTTP_REFERER'])) - header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP); + header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/ban$/', $query)) { // Ban page @@ -509,11 +509,11 @@ if( !isset($_POST['ip']) || !isset($_POST['reason']) || !isset($_POST['length']) - ) error(ERROR_MISSEDAFIELD); + ) error($config['error']['missedafield']); // Check required fields if(empty($_POST['ip'])) - error(sprintf(ERROR_REQUIRED, 'IP address')); + error(sprintf($config['error']['required'], 'IP address')); $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); @@ -569,19 +569,19 @@ $query->execute() or error(db_error($query)); // Delete too - if($mod['type'] >= MOD_DELETE && isset($_POST['delete']) && isset($_POST['board'])) { + if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) { openBoard($_POST['board']); deletePost(round($_POST['delete'])); } // Redirect if(isset($_POST['continue'])) - header('Location: ' . $_POST['continue'], true, REDIRECT_HTTP); + header('Location: ' . $_POST['continue'], true, $config['redirect_http']); else - header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { - if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); + if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); // Ban by post $boardName = $matches[1]; @@ -589,14 +589,14 @@ $post = $matches[3]; // Open board if(!openBoard($boardName)) - error(ERROR_NOBOARD); + error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { - error(ERROR_INVALIDPOST); + error($config['error']['invalidpost']); } $post = $query->fetch(); @@ -604,7 +604,7 @@ $body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false); echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'New ban', 'body'=>$body, 'mod'=>true @@ -614,7 +614,7 @@ // View information on an IP address $ip = $matches[1]; - $host = MOD_DNS_LOOKUP ? gethostbyaddr($ip) : false; + $host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false; $body = ''; $boards = listBoards(); @@ -624,26 +624,26 @@ $temp = ''; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); - $query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT); + $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { - $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod); + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod); $temp .= $po->build(); } if(!empty($temp)) $body .= '
    Last ' . $query->rowCount() . ' posts on ' . - sprintf(BOARD_ABBREVIATION, $_board['uri']) . ' - ' . $_board['title'] . + sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . '' . $temp . '
    '; } - if(MOD_IP_BANFORM) + if($config['mod']['ip_banform']) $body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); echo Element('page.html', Array( - 'index'=>ROOT, + 'index'=>$config['root'], 'title'=>'IP: ' . $ip, 'subtitle' => $host, 'body'=>$body, @@ -651,7 +651,7 @@ ) ); } else { - error(ERROR_404); + error($config['error']['404']); } } diff --git a/post.php b/post.php index 38599222..431be0c0 100644 --- a/post.php +++ b/post.php @@ -1,10 +1,10 @@ $value) { @@ -45,15 +45,15 @@ // Check if banned checkBan(); - if(BLOCK_TOR && isTor()) - error(ERROR_TOR); + if($config['block_tor'] && isTor()) + error($config['error']['tor']); // Check if board exists if(!openBoard($_POST['board'])) - error(ERROR_NOBOARD); + error($config['error']['noboard']); if(empty($delete)) - error(ERROR_NODELETE); + error($config['error']['nodelete']); foreach($delete as &$id) { $query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); @@ -62,7 +62,7 @@ if($post = $query->fetch()) { if(!empty($password) && $post['password'] != $password) - error(ERROR_INVALIDPASSWORD); + error($config['error']['invalidpassword']); if(isset($_POST['file'])) { // Delete just the file @@ -79,9 +79,9 @@ sql_close(); $is_mod = isset($_POST['mod']) && $_POST['mod']; - $root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT; + $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; - header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); } elseif(isset($_POST['post'])) { if( !isset($_POST['name']) || @@ -90,7 +90,7 @@ !isset($_POST['body']) || !isset($_POST['board']) || !isset($_POST['password']) - ) error(ERROR_BOT); + ) error($config['error']['bot']); $post = Array('board' => $_POST['board']); @@ -99,13 +99,13 @@ $post['thread'] = round($_POST['thread']); } else $OP = true; - //if(!(($OP && $_POST['post'] == BUTTON_NEWTOPIC) || - // (!$OP && $_POST['post'] == BUTTON_REPLY))) - // error(ERROR_BOT); + if(!(($OP && $_POST['post'] == $config['button_newtopic']) || + (!$OP && $_POST['post'] == $config['button_reply']))) + error($config['error']['bot']); // Check the referrer if($OP) { - if(!isset($_SERVER['HTTP_REFERER']) || !preg_match(URL_MATCH, $_SERVER['HTTP_REFERER'])) error(ERROR_BOT); + if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']); } // TODO: Since we're now using static HTML files, we can't give them cookies on their first page view @@ -113,7 +113,7 @@ /* // Check if he has a valid cookie. - if(!$user['valid']) error(ERROR_BOT); + if(!$user['valid']) error($config['error']['bot']); // Check how long he has been here. if(time()-$user['appeared'] MAX_FILESIZE) - error(sprintf3(ERR_FILESIZE, array( + if($size > $config['max_filesize']) + error(sprintf3($config['error']['filesize'], array( 'sz'=>commaize($size), 'filesz'=>commaize($size), - 'maxsz'=>commaize(MAX_FILESIZE)))); + 'maxsz'=>commaize($config['max_filesize'])))); } - if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { - if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) { + if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { + if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) { $post['mod_tag'] = $match[3]; $post['name'] = !empty($match[2])?$match[2]:'Anonymous'; } @@ -211,19 +211,17 @@ if($post['has_file']) { $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); $post['file_id'] = time() . rand(100, 999); - $post['file'] = $board['dir'] . DIR_IMG . $post['file_id'] . '.' . $post['extension']; - $post['thumb'] = $board['dir'] . DIR_THUMB . $post['file_id'] . '.png'; - $post['zip'] = $OP && $post['has_file'] && ALLOW_ZIP && $post['extension'] == 'zip' ? $post['file'] : false; - if(!($post['zip'] || in_array($post['extension'], $allowed_ext))) error(ERROR_FILEEXT); + $post['file'] = $board['dir'] . $config['dir']['img'] . $post['file_id'] . '.' . $post['extension']; + $post['thumb'] = $board['dir'] . $config['dir']['thumb'] . $post['file_id'] . '.png'; } // Check string lengths - if(strlen($post['name']) > 50) error(sprintf(ERROR_TOOLONG, 'name')); - if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email')); - if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject')); - if(!$mod && strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY); - if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY); - if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password')); + if(strlen($post['name']) > 50) error(sprintf($config['error']['toolong'], 'name')); + if(strlen($post['email']) > 30) error(sprintf($config['error']['toolong'], 'email')); + if(strlen($post['subject']) > 40) error(sprintf($config['error']['toolong'], 'subject')); + if(!$mod && strlen($post['body']) > $config['max_body']) error($config['error']['toolongbody']); + if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error($config['error']['tooshortbody']); + if(strlen($post['password']) > 20) error(sprintf($config['error']['toolong'], 'password')); if($post['mod_tag']) $post['trip'] .= ' ## ' . $post['mod_tag'] . ''; @@ -235,26 +233,14 @@ // Check for a flood if(checkFlood($post)) { - error(ERROR_FLOOD); + error($config['error']['flood']); } if($post['has_file']) { // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…'; // Move the uploaded file - if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error(ERROR_NOMOVE); - - if($post['zip']) { - // Validate ZIP file - if(is_resource($zip = zip_open($post['zip']))) - // TODO: Check if it's not empty and has at least one (valid) image - zip_close($zip); - else - error(ERR_INVALIDZIP); - - $post['file'] = ZIP_IMAGE; - $post['extension'] = strtolower(substr($post['file'], strrpos($post['file'], '.') + 1)); - } + if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']); $size = @getimagesize($post['file']); $post['width'] = $size[0]; @@ -263,165 +249,48 @@ // Check if the image is valid if($post['width'] < 1 || $post['height'] < 1) { unlink($post['file']); - error(ERR_INVALIDIMG); + error($config['error']['invalidimg']); } - if($post['width'] > MAX_WIDTH || $post['height'] > MAX_HEIGHT) { + if($post['width'] > $config['max_width'] || $post['height'] > $config['max_height']) { unlink($post['file']); - error(ERR_MAXSIZE); + error($config['error']['maxsize']); } - $hash_function = FILE_HASH; - $post['filehash'] = $hash_function($post['file']); + $post['filehash'] = $config['file_hash']($post['file']); $post['filesize'] = filesize($post['file']); $image = createimage($post['extension'], $post['file']); - if(REDRAW_IMAGE && !$post['zip']) { - switch($post['extension']) { - case 'jpg': - case 'jpeg': - imagejpeg($image, $post['file'], JPEG_QUALITY); - break; - case 'png': - imagepng($image, $post['file'], 7); - break; - case 'gif': - if(REDRAW_GIF) - imagegif($image, $post['file']); - break; - case 'bmp': - imagebmp($image, $post['file']); - break; - default: - unlink($post['file']); - error('Unknwon file extension.'); - } - } - // Create a thumbnail - $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); + $thumb = resize($image, $post['width'], $post['height'], $post['thumb'], $config['thumb_width'], $config['thumb_height']); $post['thumbwidth'] = $thumb['width']; $post['thumbheight'] = $thumb['height']; } - if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body_nomarkup'])) { + /* + if(!($mod && $mod['type'] >= $config['mod']['postunoriginal']) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body_nomarkup'])) { if(ROBOT_MUTE) { - error(sprintf(ERROR_MUTED, mute())); + error(sprintf($config['error']['muted'], mute())); } else { - error(ERROR_UNORIGINAL); + error($config['error']['unoriginal']); } } + */ // Remove DIR_* before inserting them into the database. if($post['has_file']) { - $post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . DIR_IMG)); - $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); + $post['file'] = substr_replace($post['file'], '', 0, strlen($board['dir'] . $config['dir']['img'])); + $post['thumb'] = substr_replace($post['thumb'], '', 0, strlen($board['dir'] . $config['dir']['thumb'])); } // Todo: Validate some more, remove messy code, allow more specific configuration $id = post($post, $OP); - if($post['has_file'] && $post['zip']) { - // Open ZIP - $zip = zip_open($post['zip']); - // Read files - while($entry = zip_read($zip)) { - $filename = basename(zip_entry_name($entry)); - $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); - - if(in_array($extension, $allowed_ext)) { - if (zip_entry_open($zip, $entry, 'r')) { - // Fake post - $dump_post = Array( - 'subject' => $post['subject'], - 'email' => $post['email'], - 'name' => $post['name'], - 'trip' => $post['trip'], - 'body' => '', - 'thread' => $id, - 'password' => '', - 'has_file' => true, - 'file_id' => rand(0, 1000000000), - 'filename' => $filename - ); - - $dump_post['file'] = $board['dir'] . DIR_IMG . $dump_post['file_id'] . '.' . $extension; - $dump_post['thumb'] = $board['dir'] . DIR_THUMB . $dump_post['file_id'] . '.png'; - - // Extract the image from the ZIP - $fp = fopen($dump_post['file'], 'w+'); - fwrite($fp, zip_entry_read($entry, zip_entry_filesize($entry))); - fclose($fp); - - $size = @getimagesize($dump_post['file']); - $dump_post['width'] = $size[0]; - $dump_post['height'] = $size[1]; - - // Check if the image is valid - if($dump_post['width'] < 1 || $dump_post['height'] < 1) { - unlink($dump_post['file']); - } else { - if($dump_post['width'] > MAX_WIDTH || $dump_post['height'] > MAX_HEIGHT) { - unlink($dump_post['file']); - error(ERR_MAXSIZE); - } else { - $dump_post['filehash'] = md5_file($dump_post['file']); - $dump_post['filesize'] = filesize($dump_post['file']); - - $image = createimage($extension, $dump_post['file']); - - $success = true; - if(REDRAW_IMAGE) { - switch($extension) { - case 'jpg': - case 'jpeg': - imagejpeg($image, $dump_post['file'], JPEG_QUALITY); - break; - case 'png': - imagepng($image, $dump_post['file'], 7); - break; - case 'gif': - if(REDRAW_GIF) - imagegif($image, $dump_post['file']); - break; - case 'bmp': - imagebmp($image, $dump_post['file']); - break; - default: - $success = false; - } - } - - - // Create a thumbnail - $thumb = resize($image, $dump_post['width'], $dump_post['height'], $dump_post['thumb'], THUMB_WIDTH, THUMB_HEIGHT); - - $dump_post['thumbwidth'] = $thumb['width']; - $dump_post['thumbheight'] = $thumb['height']; - - // Remove DIR_* before inserting them into the database. - $dump_post['file'] = substr_replace($dump_post['file'], '', 0, strlen($board['dir'] . DIR_IMG)); - $dump_post['thumb'] = substr_replace($dump_post['thumb'], '', 0, strlen($board['dir'] . DIR_THUMB)); - - // Create the post - post($dump_post, false); - } - } - - // Close the ZIP - zip_entry_close($entry); - } - } - } - zip_close($zip); - unlink($post['zip']); - } - buildThread(($OP?$id:$post['thread'])); - if(!$OP && strtolower($post['email']) != 'sage' && (REPLY_LIMIT == 0 || numPosts($post['thread']) < REPLY_LIMIT)) { + if(!$OP && strtolower($post['email']) != 'sage' && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) { bumpThread($post['thread']); } @@ -431,17 +300,17 @@ buildIndex(); sql_close(); - $root = $post['mod'] ? ROOT . FILE_MOD . '?/' : ROOT; + $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; - if(ALWAYS_NOKO || $noko) { - header('Location: ' . $root . $board['dir'] . DIR_RES . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, REDIRECT_HTTP); + if($config['always_noko'] || $noko) { + header('Location: ' . $root . $board['dir'] . $config['dir']['res'] . ($OP?$id:$post['thread']) . '.html' . (!$OP?'#'.$id:''), true, $config['redirect_http']); } else { - header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); + header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); } exit; } else { - if(!file_exists(HAS_INSTALLED)) { + if(!file_exists($config['has_installed'])) { sql_open(); // Build all boards @@ -452,7 +321,7 @@ } sql_close(); - touch(HAS_INSTALLED, 0777); + touch($config['has_installed'], 0777); die(Element('page.html', Array( 'index'=>ROOT, @@ -464,7 +333,7 @@ } else { // They opened post.php in their browser manually. // Possible TODO: Redirect back to homepage. - error(ERROR_NOPOST); + error($config['error']['nopost']); } } ?> From f9865503bf9c1bfee567788a5fdd1fc08f0ef7d4 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 16 Feb 2011 14:44:20 +1100 Subject: [PATCH 216/218] New install script start --- install.php | 579 +++++++++++++++++++++------------------------------- 1 file changed, 235 insertions(+), 344 deletions(-) diff --git a/install.php b/install.php index fb171397..052f7db4 100644 --- a/install.php +++ b/install.php @@ -1,353 +1,244 @@ -Error:"; - echo "

    inc/instance-config.php already exists. Please delete it before trying to re-install.

    "; - die(); -} - -$default_values = array( - // Database stuff - array( - 'output' => "

    Database settings

    \n". - "

    Please change the following to reflect the setup of your database.

    " - ), - array( - 'name' => 'DB_TYPE', - 'html' => 'dropdown', - 'values' => array( - 'mysql' => 'MySQL', - 'dblib' => 'FreeTDS / Microsoft SQL Server / Sybase', - 'pgsql' => 'PostgreSQL', - 'sqlite' => 'SQLite' - ), - 'comment' => 'Database engine:' - ), - array( - 'name' => 'DB_SERVER', - 'html' => 'text', - 'values' => 'localhost', - 'comment' => 'Database hostname:' - ), - array( - 'name' => 'DB_USER', - 'html' => 'text', - 'values' => 'root', - 'comment' => 'Database username:' - ), - array( - 'name' => 'DB_PASSWORD', - 'html' => 'password', - 'values' => '', - 'comment' => 'Database password:' - ), - array( - 'name' => 'DB_DATABASE', - 'html' => 'text', - 'values' => 'tinyboard', - 'comment' => 'Database name (please create this database beforehand):' - ), + $config['root'], + 'title' => 'Install', + 'body' => '' + ); + + if($step == 0) { + // Agreeement + $page['body'] = ' + +

    + I have read and understood the agreement. Proceed to installation. +

    '; - // General Config - array( - 'output' => "

    General Config

    \n". - "

    General board configuration.

    " - ), - array( - 'name' => 'LURKTIME', - 'html' => 'text', - 'values' => '30', - 'comment' => 'How many seconds before you can post, after the first visit:' - ), - array( - 'name' => 'MAX_BODY', - 'html' => 'text', - 'values' => '1800', - 'comment' => 'Max body length:' - ), - array( - 'name' => 'THREADS_PER_PAGE', - 'html' => 'text', - 'values' => '10', - 'comment' => 'Threads per page:' - ), - array( - 'name' => 'MAX_PAGES', - 'html' => 'text', - 'values' => '5', - 'comment' => 'Max pages:' - ), - array( - 'name' => 'THREADS_PREVIEW', - 'html' => 'text', - 'values' => '5', - 'comment' => 'Threads Preview:' - ), - array( - 'name' => 'VERBOSE_ERRORS', - 'html' => 'bool', - 'values' => true, - 'comment' => 'Turns \'display_errors\' on. Not recommended for production.:' - ), + echo Element('page.html', $page); + } elseif($step == 1) { + $page['title'] = 'Pre-installation test'; - // Image Config - array( - 'output' => "

    Image Config

    \n". - "

    Image configuration.

    " - ), - array( - 'name' => 'THUMB_WIDTH', - 'html' => 'text', - 'values' => '200', - 'comment' => 'Maximum thumbnail width:' - ), - array( - 'name' => 'THUMB_HEIGHT', - 'html' => 'text', - 'values' => '200', - 'comment' => 'Maximum thumbnail height:' - ), - array( - 'name' => 'MAX_FILESIZE', - 'html' => 'text', - 'values' => '10485760', - 'comment' => 'Maximum file size (in bytes; default: 10MB):' - ), - array( - 'name' => 'MAX_WIDTH', - 'html' => 'text', - 'values' => '10000', - 'comment' => 'Maximum image width:' - ), - array( - 'name' => 'MAX_HEIGHT', - 'html' => 'text', - 'values' => '10000', - 'comment' => 'Maximum image height:' - ), - array( - 'name' => 'ALLOW_ZIP', - 'html' => 'bool', - 'values' => false, - 'comment' => 'When you upload a ZIP as a file, all the images inside the archive '. - 'get dumped into the thread as replies. (Extremely beta and not recommended yet.)' - ), - array( - 'name' => 'REDRAW_IMAGE', - 'html' => 'bool', - 'values' => false, - 'comment' => 'Redraw the image using GD functions to strip any excess data (WARNING: VERY BETA).' - ), - array( - 'name' => 'SHOW_RATIO', - 'html' => 'bool', - 'values' => true, - 'comment' => 'Display the aspect ratio in a post\'s file info.' - ), + $page['body'] = ''; - // Cookies - array( - 'output' => "

    Cookies

    \n". - "

    The following deals with cookie setup. ". - "You probably don't need to change it.

    " - ), - array( - 'name' => 'SESS_COOKIE', - 'html' => 'text', - 'values' => 'imgboard', - 'comment' => 'Name of the session cookie:' - ), - array( - 'name' => 'TIME_COOKIE', - 'html' => 'text', - 'values' => 'arrived', - 'comment' => 'Name of the time cookie:' - ), - array( - 'name' => 'HASH_COOKIE', - 'html' => 'text', - 'values' => 'hash', - 'comment' => 'Name of the hash cookie:' - ), - array( - 'name' => 'MOD_COOKIE', - 'html' => 'text', - 'values' => 'mod', - 'comment' => 'Name of the moderator cookie:' - ), - array( - 'name' => 'JAIL_COOKIES', - 'html' => 'text', - 'values' => 'true', - 'comment' => 'Where to set the \'path\' parameter to ROOT when creating cookies. Recommended.:' - ), - array( - 'name' => 'COOKIE_EXPIRE', - 'html' => 'text', - 'values' => '15778463', - 'comment' => 'How long should the cookies last (in seconds; default 6 months):' - ), - array( - 'name' => 'SALT', - 'html' => 'text', - 'values' => md5(rand(0,100)), - 'comment' => 'Make this something long and random for security:' - ), + function rheader($item) { + global $page, $config; + + $page['body'] .= ''; + } - ); - -$sql = array( - 'SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";', - 'CREATE TABLE IF NOT EXISTS `boards` ( - `id` smallint(6) NOT NULL AUTO_INCREMENT, - `uri` varchar(8) NOT NULL, - `title` varchar(20) NOT NULL, - `subtitle` varchar(40) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `uri` (`uri`), - UNIQUE KEY `id` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;', - 'INSERT INTO `boards` (`id`, `uri`, `title`, `subtitle`) VALUES -(1, \'b\', \'Beta\', \'In development.\');', - 'CREATE TABLE IF NOT EXISTS `posts_b` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `thread` int(11) DEFAULT NULL, - `subject` varchar(40) NOT NULL, - `email` varchar(30) NOT NULL, - `name` varchar(25) NOT NULL, - `trip` varchar(15) DEFAULT NULL, - `body` text NOT NULL, - `time` int(11) NOT NULL, - `bump` int(11) DEFAULT NULL, - `thumb` varchar(50) DEFAULT NULL, - `thumbwidth` int(11) DEFAULT NULL, - `thumbheight` int(11) DEFAULT NULL, - `file` varchar(50) DEFAULT NULL, - `filewidth` int(11) DEFAULT NULL, - `fileheight` int(11) DEFAULT NULL, - `filesize` int(11) DEFAULT NULL, - `filename` varchar(30) DEFAULT NULL, - `filehash` varchar(32) DEFAULT NULL, - `password` varchar(20) DEFAULT NULL, - `ip` varchar(15) NOT NULL, - `sticky` int(1) NOT NULL, - `locked` int(1) NOT NULL, - UNIQUE KEY `id` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;', - 'CREATE TABLE IF NOT EXISTS `mods` ( - `id` smallint(6) NOT NULL AUTO_INCREMENT, - `username` varchar(30) NOT NULL, - `password` char(40) NOT NULL COMMENT \'SHA1\', - `type` smallint(1) NOT NULL COMMENT \'0: janitor, 1: mod, 2: admin\', - PRIMARY KEY (`id`), - UNIQUE KEY `id` (`id`,`username`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;', - 'INSERT INTO `mods` (`id`, `username`, `password`, `type`) VALUES -(1, \'admin\', \'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\', 2);', - 'CREATE TABLE IF NOT EXISTS `bans` ( - `ip` varchar( 15 ) NOT NULL , - `mod` int NOT NULL COMMENT \'which mod made the ban\', - `set` int NOT NULL, - `expires` int NULL, - `reason` text NULL -) ENGINE = InnoDB;', - ); - -if (isset($_POST['submit'])) { - $date = date('H:i jS F Y (e)'); - $config_file = "'; } - if (isset($_POST[$value['name']])) { - $x = $_POST[$value['name']]; - } else { - if (is_array($value['values'])) { - $x = $value['values'][0]; - } else { - $x = $value['values']; - } + + + // Required extensions + rheader('PHP extensions'); + row('PDO', extension_loaded('pdo')); + row('GD', extension_loaded('gd')); + + // GD tests + rheader('GD tests'); + row('JPEG', function_exists('imagecreatefromjpeg')); + row('PNG', function_exists('imagecreatefrompng')); + row('GIF', function_exists('imagecreatefromgif')); + row('BMP', function_exists('imagecreatefrombmp')); + + // Database drivers + $drivers = PDO::getAvailableDrivers(); + + rheader('PDO drivers (currently installed drivers)'); + foreach($drivers as &$driver) { + row($driver, true); } - if ($value['html'] != 'bool') { - $x = "'$x'"; + + // Permissions + rheader('File permissions'); + row('root directory (' . getcwd() . ')', is_writable('.')); + + $page['body'] .= '
    ' . $item . '
    ' . $item . '
    +

    + Continue. +

    '; + + echo Element('page.html', $page); + } elseif($step == 2) { + // Basic config + $page['title'] = 'Configuration'; + + function create_salt() { + return substr(base64_encode(sha1(rand())), 0, rand(25, 31)); } - $config_file .= "define('".$value['name']."',$x,true);\n"; - } - file_put_contents('inc/instance-config.php',$config_file); - - require 'inc/functions.php'; - require 'inc/display.php'; - require 'inc/instance-config.php'; - //require 'inc/config.php'; - require 'inc/template.php'; - require 'inc/database.php'; - - sql_open(); - foreach ($sql as $query) { - query($query); - } - - echo "

    Install Complete.

    "; - die(); -} - -echo "
    "; -foreach ($default_values as $value) { - if (isset($value['output'])) { - echo $value['output']; - continue; - } - if (isset($value['error'])) { - echo "

    Error: ".htmlclean($value['error'])."

    \n"; - } - echo "

    ".$value['comment']." "; - switch ($value['html']) { - case 'text': - echo ""; - break; - case 'password': - echo ""; - break; - case 'dropdown': - echo "\n"; - break; - case 'bool': - if ($value['values']) { - echo "True
    "; - echo "False
    "; - } else { - echo "True
    "; - echo "False
    "; + + $page['body'] = ' + +

    + Database + + + + + + + + + + + +
    + +
    + Cookies + + + + + + + + + + + + + + +
    + +
    + Flood control + + + + + + + + + + + + + + + + + +
    + +
    + Images + + + + + + + + + + + + + + +
    + +
    + Display + + + + + + + + +
    + +
    + Directories + + + + + + + + + + + +
    + +
    + Miscellaneous + + +
    + +

    + +

    +
    + '; + + + echo Element('page.html', $page); } - echo "

    \n"; -} -echo "

    \n"; -echo ""; - -?> +?> \ No newline at end of file From 532cebddfae502e6541016ef196d4698ba56e069 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 16 Feb 2011 14:44:34 +1100 Subject: [PATCH 217/218] new styles --- style.css | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/style.css b/style.css index 919d51dc..4aec2b96 100644 --- a/style.css +++ b/style.css @@ -255,3 +255,19 @@ div.styles a { div.styles a.selected { text-decoration: none; } +table.test { + width: 100%; +} +table.test td, table.test th { + text-align: left; + padding: 5px; +} +table.test tr.h th { + background: #98E; +} +table.test td img { + margin: 0; +} +fieldset label { + display: block; +} \ No newline at end of file From 44d280e120a3c7e1912f101c6ce8f8dfaf963cc8 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Wed, 16 Feb 2011 14:44:42 +1100 Subject: [PATCH 218/218] ... --- inc/mod.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/inc/mod.php b/inc/mod.php index 115c595a..4e82aaeb 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -34,23 +34,23 @@ } function setCookies() { - global $mod; + global $mod, $config; if(!$mod) error('setCookies() was called for a non-moderator!'); - // MOD_COOKIE contains username:hash - setcookie(MOD_COOKIE, $mod['username'] . ':' . $mod['hash'], time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + // $config['cookies']['mod'] contains username:hash + setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); // Put $mod in the session $_SESSION['mod'] = $mod; // Lock sessions to IP addresses - if(MOD_LOCK_IP) + if($mod['lock_ip']) $_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; } function destroyCookies() { // Delete the cookies - setcookie(MOD_COOKIE, 'deleted', time()-COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); + setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); // Unset the session unset($_SESSION['mod']); @@ -71,7 +71,7 @@ $cookie = explode(':', $_COOKIE['mod']); if(count($cookie) != 2) { destroyCookies(); - error(ERROR_MALFORMED); + error($config['error']['malformed']); } // Validate session @@ -79,7 +79,7 @@ $cookie[1] != $_SESSION['mod']['hash']) { // Malformed cookies destroyCookies(); - error(ERROR_MALFORMED); + error($config['error']['malformed']); } // Open connection @@ -88,7 +88,7 @@ // Check username/password if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { destroyCookies(); - error(ERROR_INVALIDAFTER); + error($config['error']['invalidafter']); } } @@ -96,7 +96,7 @@ // Generates a