@ -1,13 +1,21 @@ |
|||||
Copyright (c) 2010 by Omega Software Development Group |
Copyright (c) 2010-2011, Omega Software Development Group <http://omegasdg.com/> |
||||
|
|
||||
Permission to use, copy, modify, and/or distribute this software for any |
Permission to use, copy, modify, and/or distribute this software is granted, |
||||
purpose with or without fee is hereby granted, provided that the above copyright |
provided that the following terms are obeyed. |
||||
notice and this permission notice appear in all copies. |
|
||||
|
1. The above copyright notice, this permission notice, and these terms must |
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
appear in all copies and modifications of this software. |
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
2. This software must not be utilized in any manner that is primarily intended |
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
for or directed toward commercial advantage or private monetary compensation. |
||||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
||||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
3. Any changes to this software must be made easily publicly available in the |
||||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
form of source code. |
||||
|
|
||||
|
THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH |
||||
|
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND |
||||
|
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, |
||||
|
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS |
||||
|
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER |
||||
|
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF |
||||
|
THIS SOFTWARE. |
||||
|
After Width: | Height: | Size: 186 B |
@ -0,0 +1,49 @@ |
|||||
|
<?php |
||||
|
|
||||
|
function sql_open() { |
||||
|
global $pdo, $config; |
||||
|
if($pdo) return true; |
||||
|
|
||||
|
$dsn = $config['db']['type'] . ':host=' . $config['db']['server'] . ';dbname=' . $config['db']['database']; |
||||
|
if(!empty($config['db']['dsn'])) |
||||
|
$dsn .= ';' . $config['db']['dsn']; |
||||
|
try { |
||||
|
return $pdo = new PDO($dsn, $config['db']['user'], $config['db']['password']); |
||||
|
} catch(PDOException $e) { |
||||
|
$message = $e->getMessage(); |
||||
|
|
||||
|
// Remove any sensitive information |
||||
|
$message = str_replace($config['db']['user'], '<em>hidden</em>', $message); |
||||
|
$message = str_replace($config['db']['password'], '<em>hidden</em>', $message); |
||||
|
|
||||
|
// Print error |
||||
|
error('Database error: ' . $message); |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
function sql_close() { |
||||
|
global $pdo; |
||||
|
$pdo = NULL; |
||||
|
} |
||||
|
|
||||
|
function prepare($query) { |
||||
|
global $pdo; |
||||
|
return $pdo->prepare($query); |
||||
|
} |
||||
|
|
||||
|
function query($query) { |
||||
|
global $pdo; |
||||
|
return $pdo->query($query); |
||||
|
} |
||||
|
|
||||
|
function db_error($PDOStatement=null) { |
||||
|
global $pdo; |
||||
|
if(isset($PDOStatement)) { |
||||
|
$err = $PDOStatement->errorInfo(); |
||||
|
return $err[2]; |
||||
|
} else { |
||||
|
$err = $pdo->errorInfo(); |
||||
|
return $err[2]; |
||||
|
} |
||||
|
} |
||||
|
?> |
@ -0,0 +1,187 @@ |
|||||
|
<?php |
||||
|
|
||||
|
// Creates a small random string for validating moderators' cookies |
||||
|
function mkhash($length=12) { |
||||
|
// The method here isn't really important, |
||||
|
// but I think this generates a relatively |
||||
|
// unique string that looks cool. |
||||
|
// If you choose to change this, make sure it cannot include a ':' character. |
||||
|
return substr(base64_encode(sha1(rand() . time(), true)), 0, $length); |
||||
|
} |
||||
|
|
||||
|
function login($username, $password, $makehash=true) { |
||||
|
global $mod; |
||||
|
|
||||
|
// SHA1 password |
||||
|
if($makehash) { |
||||
|
$password = sha1($password); |
||||
|
} |
||||
|
|
||||
|
$query = prepare("SELECT `id`,`type` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1"); |
||||
|
$query->bindValue(':username', $username); |
||||
|
$query->bindValue(':password', $password); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
if($user = $query->fetch()) { |
||||
|
return $mod = Array( |
||||
|
'id' => $user['id'], |
||||
|
'type' => $user['type'], |
||||
|
'username' => $username, |
||||
|
'password' => $password, |
||||
|
'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash() |
||||
|
); |
||||
|
} else return false; |
||||
|
} |
||||
|
|
||||
|
function setCookies() { |
||||
|
global $mod, $config; |
||||
|
if(!$mod) error('setCookies() was called for a non-moderator!'); |
||||
|
|
||||
|
// $config['cookies']['mod'] contains username:hash |
||||
|
setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); |
||||
|
|
||||
|
// Put $mod in the session |
||||
|
$_SESSION['mod'] = $mod; |
||||
|
|
||||
|
// Lock sessions to IP addresses |
||||
|
if($mod['lock_ip']) |
||||
|
$_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; |
||||
|
} |
||||
|
|
||||
|
function destroyCookies() { |
||||
|
// Delete the cookies |
||||
|
setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true); |
||||
|
|
||||
|
// Unset the session |
||||
|
unset($_SESSION['mod']); |
||||
|
} |
||||
|
|
||||
|
function modLog($action) { |
||||
|
global $mod; |
||||
|
$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)"); |
||||
|
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT); |
||||
|
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); |
||||
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
||||
|
$query->bindValue(':text', $action); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
} |
||||
|
|
||||
|
if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { |
||||
|
// Should be username:session hash |
||||
|
$cookie = explode(':', $_COOKIE['mod']); |
||||
|
if(count($cookie) != 2) { |
||||
|
destroyCookies(); |
||||
|
error($config['error']['malformed']); |
||||
|
} |
||||
|
|
||||
|
// Validate session |
||||
|
if( $cookie[0] != $_SESSION['mod']['username'] || |
||||
|
$cookie[1] != $_SESSION['mod']['hash']) { |
||||
|
// Malformed cookies |
||||
|
destroyCookies(); |
||||
|
error($config['error']['malformed']); |
||||
|
} |
||||
|
|
||||
|
// Open connection |
||||
|
sql_open(); |
||||
|
|
||||
|
// Check username/password |
||||
|
if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { |
||||
|
destroyCookies(); |
||||
|
error($config['error']['invalidafter']); |
||||
|
} |
||||
|
|
||||
|
} |
||||
|
|
||||
|
// Generates a <ul> element with a list of linked |
||||
|
// boards and their subtitles. (without the <ul> opening and ending tags) |
||||
|
function ulBoards() { |
||||
|
global $mod, $config; |
||||
|
|
||||
|
$body = ''; |
||||
|
|
||||
|
// List of boards |
||||
|
$boards = listBoards(); |
||||
|
|
||||
|
foreach($boards as &$b) { |
||||
|
$body .= '<li>' . |
||||
|
'<a href="?/' . |
||||
|
sprintf($config['board_path'], $b['uri']) . $config['file_index'] . |
||||
|
'">' . |
||||
|
sprintf($config['board_abbreviation'], $b['uri']) . |
||||
|
'</a> - ' . |
||||
|
$b['title'] . |
||||
|
(isset($b['subtitle']) ? '<span class="unimportant"> — ' . $b['subtitle'] . '</span>' : '') . |
||||
|
'</li>'; |
||||
|
} |
||||
|
|
||||
|
if($mod['type'] >= $config['mod']['newboard']) { |
||||
|
$body .= '<li style="margin-top:15px;"><a href="?/new"><strong>Create new board</strong></a></li>'; |
||||
|
} |
||||
|
return $body; |
||||
|
} |
||||
|
|
||||
|
function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false) { |
||||
|
return '<fieldset><legend>New ban</legend>' . |
||||
|
'<form action="?/ban" method="post">' . |
||||
|
($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') . |
||||
|
($delete ? '<input type="hidden" name="delete" value="' . htmlentities($delete) . '" />' : '') . |
||||
|
($board ? '<input type="hidden" name="board" value="' . htmlentities($board) . '" />' : '') . |
||||
|
'<table>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="ip">IP</label></th>' . |
||||
|
'<td><input type="text" name="ip" id="ip" size="15" maxlength="15" ' . |
||||
|
(isset($ip) ? |
||||
|
'value="' . htmlentities($ip) . '" ' : '' |
||||
|
) . |
||||
|
'/></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="reason">Reason</label></th>' . |
||||
|
'<td><textarea name="reason" id="reason" rows="5" cols="30">' . |
||||
|
htmlentities($reason) . |
||||
|
'</textarea></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="length">Length</label></th>' . |
||||
|
'<td><input type="text" name="length" id="length" size="20" maxlength="40" />' . |
||||
|
' <span class="unimportant">(eg. "2d1h30m" or "2 days")</span></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<td></td>' . |
||||
|
'<td><input name="new_ban" type="submit" value="New Ban" /></td>' . |
||||
|
'</tr>' . |
||||
|
'</table>' . |
||||
|
'</form>' . |
||||
|
'</fieldset>'; |
||||
|
} |
||||
|
|
||||
|
function form_newBoard() { |
||||
|
return '<fieldset><legend>New board</legend>' . |
||||
|
'<form action="?/new" method="post">' . |
||||
|
'<table>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="board">URI</label></th>' . |
||||
|
'<td><input type="text" name="uri" id="board" size="3" maxlength="8" />' . |
||||
|
' <span class="unimportant">(eg. "b"; "mu")</span></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="title">Title</label></th>' . |
||||
|
'<td><input type="text" name="title" id="title" size="15" maxlength="20" />' . |
||||
|
' <span class="unimportant">(eg. "Random")</span></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<th><label for="subtitle">Subtitle</label></th>' . |
||||
|
'<td><input type="text" name="subtitle" id="subtitle" size="20" maxlength="40" />' . |
||||
|
' <span class="unimportant">(optional)</span></td>' . |
||||
|
'</tr>' . |
||||
|
'<tr>' . |
||||
|
'<td></td>' . |
||||
|
'<td><input name="new_board" type="submit" value="New Board" /></td>' . |
||||
|
'</tr>' . |
||||
|
'</table>' . |
||||
|
'</form>' . |
||||
|
'</fieldset>'; |
||||
|
} |
||||
|
|
||||
|
?> |
@ -0,0 +1,244 @@ |
|||||
|
<?php |
||||
|
require 'inc/functions.php'; |
||||
|
require 'inc/display.php'; |
||||
|
require 'inc/config.php'; |
||||
|
if (file_exists('inc/instance-config.php')) { |
||||
|
require 'inc/instance-config.php'; |
||||
|
} |
||||
|
require 'inc/template.php'; |
||||
|
require 'inc/database.php'; |
||||
|
require 'inc/user.php'; |
||||
|
$step = isset($_GET['step']) ? round($_GET['step']) : 0; |
||||
|
$page = Array( |
||||
|
'index' => $config['root'], |
||||
|
'title' => 'Install', |
||||
|
'body' => '' |
||||
|
); |
||||
|
|
||||
|
if($step == 0) { |
||||
|
// Agreeement |
||||
|
$page['body'] = ' |
||||
|
<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" disabled>' . htmlentities(file_get_contents('LICENSE')) . '</textarea> |
||||
|
<p style="text-align:center"> |
||||
|
<a href="?step=1">I have read and understood the agreement. Proceed to installation.</a> |
||||
|
</p>'; |
||||
|
|
||||
|
echo Element('page.html', $page); |
||||
|
} elseif($step == 1) { |
||||
|
$page['title'] = 'Pre-installation test'; |
||||
|
|
||||
|
$page['body'] = '<table class="test">'; |
||||
|
|
||||
|
function rheader($item) { |
||||
|
global $page, $config; |
||||
|
|
||||
|
$page['body'] .= '<tr class="h"><th colspan="2">' . $item . '</th></tr>'; |
||||
|
} |
||||
|
|
||||
|
function row($item, $result) { |
||||
|
global $page, $config; |
||||
|
|
||||
|
$page['body'] .= '<tr><th>' . $item . '</th><td><img style="width:16px;height:16px" src="' . $config['dir']['static'] . ($result ? 'ok.png' : 'error.png') . '" /></td></tr>'; |
||||
|
} |
||||
|
|
||||
|
|
||||
|
// Required extensions |
||||
|
rheader('PHP extensions'); |
||||
|
row('PDO', extension_loaded('pdo')); |
||||
|
row('GD', extension_loaded('gd')); |
||||
|
|
||||
|
// GD tests |
||||
|
rheader('GD tests'); |
||||
|
row('JPEG', function_exists('imagecreatefromjpeg')); |
||||
|
row('PNG', function_exists('imagecreatefrompng')); |
||||
|
row('GIF', function_exists('imagecreatefromgif')); |
||||
|
row('BMP', function_exists('imagecreatefrombmp')); |
||||
|
|
||||
|
// Database drivers |
||||
|
$drivers = PDO::getAvailableDrivers(); |
||||
|
|
||||
|
rheader('PDO drivers <em>(currently installed drivers)</em>'); |
||||
|
foreach($drivers as &$driver) { |
||||
|
row($driver, true); |
||||
|
} |
||||
|
|
||||
|
// Permissions |
||||
|
rheader('File permissions'); |
||||
|
row('<em>root directory</em> (' . getcwd() . ')', is_writable('.')); |
||||
|
|
||||
|
$page['body'] .= '</table> |
||||
|
<p style="text-align:center"> |
||||
|
<a href="?step=2">Continue.</a> |
||||
|
</p>'; |
||||
|
|
||||
|
echo Element('page.html', $page); |
||||
|
} elseif($step == 2) { |
||||
|
// Basic config |
||||
|
$page['title'] = 'Configuration'; |
||||
|
|
||||
|
function create_salt() { |
||||
|
return substr(base64_encode(sha1(rand())), 0, rand(25, 31)); |
||||
|
} |
||||
|
|
||||
|
$page['body'] = ' |
||||
|
<form action="?step=3" method="post"> |
||||
|
<fieldset> |
||||
|
<legend>Database</legend> |
||||
|
<label for="db_type">Type:</label> |
||||
|
<select id="db_type" name="db[type]">'; |
||||
|
|
||||
|
$drivers = PDO::getAvailableDrivers(); |
||||
|
|
||||
|
foreach($drivers as &$driver) { |
||||
|
$driver_txt = $driver; |
||||
|
switch($driver) { |
||||
|
case 'cubrid': |
||||
|
$driver_txt = 'Cubrid'; |
||||
|
break; |
||||
|
case 'dblib': |
||||
|
$driver_txt = 'FreeTDS / Microsoft SQL Server / Sybase'; |
||||
|
break; |
||||
|
case 'firebird': |
||||
|
$driver_txt = 'Firebird/Interbase 6'; |
||||
|
break; |
||||
|
case 'ibm': |
||||
|
$driver_txt = 'IBM DB2'; |
||||
|
break; |
||||
|
case 'informix': |
||||
|
$driver_txt = 'IBM Informix Dynamic Server'; |
||||
|
break; |
||||
|
case 'mysql': |
||||
|
$driver_txt = 'MySQL'; |
||||
|
break; |
||||
|
case 'oci': |
||||
|
$driver_txt = 'OCI'; |
||||
|
break; |
||||
|
case 'odbc': |
||||
|
$driver_txt = 'ODBC v3 (IBM DB2, unixODBC)'; |
||||
|
break; |
||||
|
case 'pgsql': |
||||
|
$driver_txt = 'PostgreSQL'; |
||||
|
break; |
||||
|
case 'sqlite': |
||||
|
$driver_txt = 'SQLite 3'; |
||||
|
break; |
||||
|
case 'sqlite2': |
||||
|
$driver_txt = 'SQLite 2'; |
||||
|
break; |
||||
|
} |
||||
|
$page['body'] .= '<option name="' . $driver . '">' . $driver_txt . '</option>'; |
||||
|
} |
||||
|
|
||||
|
$page['body'] .= ' |
||||
|
</select> |
||||
|
|
||||
|
<label for="db_db">Database:</label> |
||||
|
<input type="text" id="db_db" name="db[database]" value="" /> |
||||
|
|
||||
|
<label for="db_user">Username:</label> |
||||
|
<input type="text" id="db_user" name="db[user]" value="" /> |
||||
|
|
||||
|
<label for="db_pass">Password:</label> |
||||
|
<input type="password" id="db_pass" name="db[password]" value="" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Cookies</legend> |
||||
|
<label for="cookies_session">Name of session cookie:</label> |
||||
|
<input type="text" id="cookies_session" name="cookies[session]" value="' . session_name() . '" /> |
||||
|
|
||||
|
<label for="cookies_time">Cookie containing a timestamp of first arrival:</label> |
||||
|
<input type="text" id="cookies_time" name="cookies[time]" value="' . $config['cookies']['time'] . '" /> |
||||
|
|
||||
|
<label for="cookies_hash">Cookie containing a hash for verification purposes:</label> |
||||
|
<input type="text" id="cookies_hash" name="cookies[hash]" value="' . $config['cookies']['hash'] . '" /> |
||||
|
|
||||
|
<label for="cookies_mod">Moderator cookie:</label> |
||||
|
<input type="text" id="cookies_mod" name="cookies[mod]" value="' . $config['cookies']['mod'] . '" /> |
||||
|
|
||||
|
<label for="cookies_salt">Secure salt:</label> |
||||
|
<input type="text" id="cookies_salt" name="cookies[salt]" value="' . create_salt() . '" size="40" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Flood control</legend> |
||||
|
<label for="flood_time">Seconds before each post:</label> |
||||
|
<input type="text" id="flood_time" name="flood_time" value="' . $config['flood_time'] . '" /> |
||||
|
|
||||
|
<label for="flood_time_ip">Seconds before you can repost something (post the exact same text):</label> |
||||
|
<input type="text" id="flood_time_ip" name="flood_time_ip" value="' . $config['flood_time_ip'] . '" /> |
||||
|
|
||||
|
<label for="flood_time_same">Same as above, but with a different IP address:</label> |
||||
|
<input type="text" id="flood_time_same" name="flood_time_same" value="' . $config['flood_time_same'] . '" /> |
||||
|
|
||||
|
<label for="max_body">Maximum post body length:</label> |
||||
|
<input type="text" id="max_body" name="max_body" value="' . $config['max_body'] . '" /> |
||||
|
|
||||
|
<label for="reply_limit">Replies in a thread before it can no longer be bumped:</label> |
||||
|
<input type="text" id="reply_limit" name="reply_limit" value="' . $config['reply_limit'] . '" /> |
||||
|
|
||||
|
<label for="max_links">Maximum number of links in a single post:</label> |
||||
|
<input type="text" id="max_links" name="max_links" value="' . $config['max_links'] . '" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Images</legend> |
||||
|
<label for="max_filesize">Maximum image filesize:</label> |
||||
|
<input type="text" id="max_filesize" name="max_filesize" value="' . $config['max_filesize'] . '" /> |
||||
|
|
||||
|
<label for="thumb_width">Thumbnail width:</label> |
||||
|
<input type="text" id="thumb_width" name="thumb_width" value="' . $config['thumb_width'] . '" /> |
||||
|
|
||||
|
<label for="thumb_height">Thumbnail height:</label> |
||||
|
<input type="text" id="thumb_height" name="thumb_height" value="' . $config['thumb_height'] . '" /> |
||||
|
|
||||
|
<label for="max_width">Maximum image width:</label> |
||||
|
<input type="text" id="max_width" name="max_width" value="' . $config['max_width'] . '" /> |
||||
|
|
||||
|
<label for="max_height">Maximum image height:</label> |
||||
|
<input type="text" id="max_height" name="max_height" value="' . $config['max_height'] . '" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Display</legend> |
||||
|
<label for="threads_per_page">Threads per page:</label> |
||||
|
<input type="text" id="threads_per_page" name="threads_per_page" value="' . $config['threads_per_page'] . '" /> |
||||
|
|
||||
|
<label for="max_pages">Page limit:</label> |
||||
|
<input type="text" id="max_pages" name="max_pages" value="' . $config['max_pages'] . '" /> |
||||
|
|
||||
|
<label for="threads_preview">Number of replies to show per thread on the index page:</label> |
||||
|
<input type="text" id="threads_preview" name="threads_preview" value="' . $config['threads_preview'] . '" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Directories</legend> |
||||
|
<label for="root">Root URI (include trailing slash):</label> |
||||
|
<input type="text" id="root" name="root" value="' . $config['root'] . '" /> |
||||
|
|
||||
|
<label for="dir_img">Image directory:</label> |
||||
|
<input type="text" id="dir_img" name="dir[img]" value="' . $config['dir']['img'] . '" /> |
||||
|
|
||||
|
<label for="dir_thumb">Thumbnail directory:</label> |
||||
|
<input type="text" id="dir_thumb" name="dir[thumb]" value="' . $config['dir']['thumb'] . '" /> |
||||
|
|
||||
|
<label for="dir_res">Thread directory:</label> |
||||
|
<input type="text" id="dir_res" name="dir[res]" value="' . $config['dir']['res'] . '" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<fieldset> |
||||
|
<legend>Miscellaneous</legend> |
||||
|
<label for="secure_trip_salt">Secure trip (##) salt:</label> |
||||
|
<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="' . create_salt() . '" size="40" /> |
||||
|
</fieldset> |
||||
|
|
||||
|
<p style="text-align:center"> |
||||
|
<input type="submit" value="Complete installation" /> |
||||
|
</p> |
||||
|
</form> |
||||
|
'; |
||||
|
|
||||
|
|
||||
|
echo Element('page.html', $page); |
||||
|
} |
||||
|
?> |
@ -0,0 +1,661 @@ |
|||||
|
<?php |
||||
|
require 'inc/functions.php'; |
||||
|
require 'inc/display.php'; |
||||
|
require 'inc/config.php'; |
||||
|
if (file_exists('inc/instance-config.php')) { |
||||
|
require 'inc/instance-config.php'; |
||||
|
} |
||||
|
require 'inc/template.php'; |
||||
|
require 'inc/database.php'; |
||||
|
require 'inc/user.php'; |
||||
|
|
||||
|
sql_open(); |
||||
|
|
||||
|
// Check if banned |
||||
|
checkBan(); |
||||
|
|
||||
|
require 'inc/mod.php'; |
||||
|
|
||||
|
// Fix some encoding issues |
||||
|
header('Content-Type: text/html; charset=utf-8', true); |
||||
|
|
||||
|
if (get_magic_quotes_gpc()) { |
||||
|
function strip_array($var) { |
||||
|
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); |
||||
|
} |
||||
|
|
||||
|
$_SESSION = strip_array($_SESSION); |
||||
|
$_GET = strip_array($_GET); |
||||
|
$_POST = strip_array($_POST); |
||||
|
} |
||||
|
|
||||
|
// If not logged in |
||||
|
if(!$mod) { |
||||
|
if(isset($_POST['login'])) { |
||||
|
// Check if inputs are set and not empty |
||||
|
if( !isset($_POST['username']) || |
||||
|
!isset($_POST['password']) || |
||||
|
empty($_POST['username']) || |
||||
|
empty($_POST['password']) |
||||
|
) loginForm($config['error']['invalid'], $_POST['username']); |
||||
|
|
||||
|
|
||||
|
if(!login($_POST['username'], $_POST['password'])) |
||||
|
loginForm($config['error']['invalid'], $_POST['username']); |
||||
|
|
||||
|
modLog("Logged in."); |
||||
|
|
||||
|
// Login successful |
||||
|
// Set cookies |
||||
|
setCookies(); |
||||
|
|
||||
|
// Redirect |
||||
|
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']); |
||||
|
|
||||
|
// Close connection |
||||
|
sql_close(); |
||||
|
} else { |
||||
|
loginForm(); |
||||
|
} |
||||
|
} else { |
||||
|
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; |
||||
|
|
||||
|
// A sort of "cache" |
||||
|
// Stops calling preg_quote and str_replace when not needed; only does it once |
||||
|
$regex = Array( |
||||
|
'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), |
||||
|
'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), |
||||
|
'img' => preg_quote($config['dir']['img'], '/'), |
||||
|
'thumb' => preg_quote($config['dir']['thumb'], '/'), |
||||
|
'res' => preg_quote($config['dir']['res'], '/'), |
||||
|
'index' => preg_quote($config['file_index'], '/') |
||||
|
); |
||||
|
|
||||
|
if(preg_match('/^\/?$/', $query)) { |
||||
|
// Dashboard |
||||
|
$fieldset = Array( |
||||
|
'Boards' => '', |
||||
|
'Administration' => '' |
||||
|
); |
||||
|
|
||||
|
// Boards |
||||
|
$fieldset['Boards'] .= ulBoards(); |
||||
|
|
||||
|
if($mod['type'] >= $config['mod']['view_banlist']) { |
||||
|
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>'; |
||||
|
} |
||||
|
if($mod['type'] >= $config['mod']['show_config']) { |
||||
|
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>'; |
||||
|
} |
||||
|
|
||||
|
// TODO: Statistics, etc, in the dashboard. |
||||
|
|
||||
|
$body = ''; |
||||
|
foreach($fieldset as $title => $data) { |
||||
|
if($data) |
||||
|
$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>"; |
||||
|
} |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'Dashboard', |
||||
|
'body'=>$body |
||||
|
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */ |
||||
|
) |
||||
|
); |
||||
|
} elseif(preg_match('/^\/bans$/', $query)) { |
||||
|
if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']); |
||||
|
|
||||
|
if($config['mod']['view_banexpired']) { |
||||
|
$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC"); |
||||
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
} else { |
||||
|
// Filter out expired bans |
||||
|
$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); |
||||
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
} |
||||
|
|
||||
|
if($query->rowCount() < 1) { |
||||
|
$body = '(There are no active bans.)'; |
||||
|
} else { |
||||
|
$body = '<form action="" method="post">'; |
||||
|
$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Set</th><th>Expires</th><th>Staff</th><th>Actions</th></tr>'; |
||||
|
|
||||
|
while($ban = $query->fetch()) { |
||||
|
$body .= |
||||
|
'<tr' . |
||||
|
($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? |
||||
|
' style="text-decoration:line-through"' |
||||
|
:'') . |
||||
|
'>' . |
||||
|
|
||||
|
'<td style="white-space: nowrap">' . |
||||
|
|
||||
|
// Checkbox |
||||
|
'<input type="checkbox" name="ban_' . $ban['ip'] . '" id="ban_' . $ban['ip'] . '" /> ' . |
||||
|
|
||||
|
// IP address |
||||
|
'<a href="?/IP/' . |
||||
|
$ban['ip'] . |
||||
|
'">'. $ban['ip'] . '</a></td>' . |
||||
|
|
||||
|
// Reason |
||||
|
'<td>' . $ban['reason'] . '</td>' . |
||||
|
|
||||
|
// Set |
||||
|
'<td style="white-space: nowrap">' . date($config['post_date'], $ban['set']) . '</td>' . |
||||
|
|
||||
|
// Expires |
||||
|
'<td style="white-space: nowrap">' . |
||||
|
($ban['expires'] == 0 ? |
||||
|
'<em>Never</em>' |
||||
|
: |
||||
|
date($config['post_date'], $ban['expires']) |
||||
|
) . |
||||
|
'</td>' . |
||||
|
|
||||
|
// Staff |
||||
|
'<td>' . |
||||
|
($mod['type'] < $config['mod']['view_banstaff'] ? |
||||
|
($config['mod']['view_banquestionmark'] ? |
||||
|
'?' |
||||
|
: |
||||
|
($ban['type'] == JANITOR ? 'Janitor' : |
||||
|
($ban['type'] == MOD ? 'Mod' : |
||||
|
($ban['type'] == ADMIN ? 'Admin' : |
||||
|
'?'))) |
||||
|
) |
||||
|
: |
||||
|
$ban['username'] |
||||
|
) . |
||||
|
'</td>' . |
||||
|
|
||||
|
'<td></td>' . |
||||
|
|
||||
|
'</tr>'; |
||||
|
} |
||||
|
|
||||
|
$body .= '</table></form>'; |
||||
|
} |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'Ban list', |
||||
|
'body'=>$body, |
||||
|
'mod'=>true |
||||
|
) |
||||
|
); |
||||
|
} elseif(preg_match('/^\/config$/', $query)) { |
||||
|
if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']); |
||||
|
|
||||
|
// Show instance-config.php |
||||
|
|
||||
|
//$data = highlight_file('inc/instance-config.php', true); |
||||
|
//if(MOD_NEVER_REAL_PASSWORD) { |
||||
|
// // Rough and dirty removal of password |
||||
|
// $data = str_replace(MY_PASSWORD, '*******', $data); |
||||
|
//} |
||||
|
|
||||
|
$constants = get_defined_constants(true); |
||||
|
$constants = $constants['user']; |
||||
|
|
||||
|
$data = ''; |
||||
|
foreach($constants as $name => $value) { |
||||
|
if(MOD_NEVER_REAL_PASSWORD && $name == 'DB_PASSWORD') |
||||
|
$value = '<em>hidden</em>'; |
||||
|
else { |
||||
|
// For some reason PHP is only giving me the first defined value (the default), so use constant() |
||||
|
$value = constant($name); |
||||
|
if(gettype($value) == 'boolean') { |
||||
|
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>'; |
||||
|
} elseif(gettype($value) == 'string') { |
||||
|
if(empty($value)) |
||||
|
$value = '<em>empty</em>'; |
||||
|
else |
||||
|
$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . '</span>'; |
||||
|
} elseif(gettype($value) == 'integer') { |
||||
|
// Show permissions in a cleaner way |
||||
|
if(preg_match('/^MOD_/', $name) && $name != 'MOD_JANITOR' && $name != 'MOD_MOD' && $name != 'MOD_ADMIN') { |
||||
|
if($value == MOD_JANITOR) |
||||
|
$value = 'Janitor'; |
||||
|
elseif($value == MOD_MOD) |
||||
|
$value = 'Mod'; |
||||
|
elseif($value == MOD_ADMIN) |
||||
|
$value = 'Admin'; |
||||
|
} |
||||
|
$value = '<span style="color:black;">' . $value . '</span>'; |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
$data .= |
||||
|
'<tr><th style="text-align:left;">' . |
||||
|
$name . |
||||
|
'</th><td>' . |
||||
|
$value . |
||||
|
'</td></tr>'; |
||||
|
} |
||||
|
|
||||
|
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>'; |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'Configuration', |
||||
|
'body'=>$body, |
||||
|
'mod'=>true |
||||
|
) |
||||
|
); |
||||
|
} elseif(preg_match('/^\/new$/', $query)) { |
||||
|
if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']); |
||||
|
|
||||
|
// New board |
||||
|
$body = ''; |
||||
|
|
||||
|
if(isset($_POST['new_board'])) { |
||||
|
// Create new board |
||||
|
if( !isset($_POST['uri']) || |
||||
|
!isset($_POST['title']) || |
||||
|
!isset($_POST['subtitle']) |
||||
|
) error($config['error']['missedafield']); |
||||
|
|
||||
|
$b = Array( |
||||
|
'uri' => $_POST['uri'], |
||||
|
'title' => $_POST['title'], |
||||
|
'subtitle' => $_POST['subtitle'] |
||||
|
); |
||||
|
|
||||
|
// Check required fields |
||||
|
if(empty($b['uri'])) |
||||
|
error(sprintf($config['error']['required'], 'URI')); |
||||
|
if(empty($b['title'])) |
||||
|
error(sprintf($config['error']['required'], 'title')); |
||||
|
|
||||
|
// Check string lengths |
||||
|
if(strlen($b['uri']) > 8) |
||||
|
error(sprintf($config['error']['toolong'], 'URI')); |
||||
|
if(strlen($b['title']) > 20) |
||||
|
error(sprintf($config['error']['toolong'], 'title')); |
||||
|
if(strlen($b['subtitle']) > 40) |
||||
|
error(sprintf($config['error']['toolong'], 'subtitle')); |
||||
|
|
||||
|
if(!preg_match('/^\w+$/', $b['uri'])) |
||||
|
error(sprintf($config['error']['invalidfield'], 'URI')); |
||||
|
|
||||
|
if(openBoard($b['uri'])) { |
||||
|
unset($board); |
||||
|
error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); |
||||
|
} |
||||
|
|
||||
|
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); |
||||
|
$query->bindValue(':uri', $b['uri']); |
||||
|
$query->bindValue(':title', $b['title']); |
||||
|
if(!empty($b['subtitle'])) { |
||||
|
$query->bindValue(':subtitle', $b['subtitle']); |
||||
|
} else { |
||||
|
$query->bindValue(':subtitle', null, PDO::PARAM_NULL); |
||||
|
} |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
// Record the action |
||||
|
modLog("Created a new board: {$b['title']}"); |
||||
|
|
||||
|
// Open the board |
||||
|
openBoard($b['uri']) or error("Couldn't open board after creation."); |
||||
|
|
||||
|
// Create the posts table |
||||
|
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error()); |
||||
|
|
||||
|
// Build the board |
||||
|
buildIndex(); |
||||
|
} |
||||
|
|
||||
|
$body .= form_newBoard(); |
||||
|
|
||||
|
// TODO: Statistics, etc, in the dashboard. |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'New board', |
||||
|
'body'=>$body, |
||||
|
'mod'=>true |
||||
|
) |
||||
|
); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { |
||||
|
// Board index |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
|
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
if(!$page = index(empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2], $mod)) { |
||||
|
error($config['error']['404']); |
||||
|
} |
||||
|
$page['pages'] = getPages(true); |
||||
|
$page['mod'] = true; |
||||
|
|
||||
|
echo Element('index.html', $page); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { |
||||
|
// View thread |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$thread = $matches[2]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
$page = buildThread($thread, true, $mod); |
||||
|
|
||||
|
echo $page; |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { |
||||
|
if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']); |
||||
|
// Delete file from post |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$post = $matches[2]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
// Delete post |
||||
|
deleteFile($post); |
||||
|
|
||||
|
// Record the action |
||||
|
modLog("Removed file from post #{$post}"); |
||||
|
|
||||
|
// Rebuild board |
||||
|
buildIndex(); |
||||
|
|
||||
|
|
||||
|
// Redirect |
||||
|
if(isset($_SERVER['HTTP_REFERER'])) |
||||
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { |
||||
|
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); |
||||
|
// Delete post |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$post = $matches[2]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
// Delete post |
||||
|
deletePost($post); |
||||
|
|
||||
|
// Record the action |
||||
|
modLog("Deleted post #{$post}"); |
||||
|
|
||||
|
// Rebuild board |
||||
|
buildIndex(); |
||||
|
|
||||
|
// Redirect |
||||
|
if(isset($_SERVER['HTTP_REFERER'])) |
||||
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { |
||||
|
if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']); |
||||
|
// Add/remove sticky |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$post = $matches[3]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); |
||||
|
$query->bindValue(':id', $post, PDO::PARAM_INT); |
||||
|
|
||||
|
if($matches[2] == 'un') { |
||||
|
// Record the action |
||||
|
modLog("Unstickied post #{$post}"); |
||||
|
$query->bindValue(':sticky', 0, PDO::PARAM_INT); |
||||
|
} else { |
||||
|
// Record the action |
||||
|
modLog("Stickied post #{$post}"); |
||||
|
$query->bindValue(':sticky', 1, PDO::PARAM_INT); |
||||
|
} |
||||
|
|
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
buildIndex(); |
||||
|
buildThread($post); |
||||
|
|
||||
|
|
||||
|
// Redirect |
||||
|
if(isset($_SERVER['HTTP_REFERER'])) |
||||
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { |
||||
|
if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']); |
||||
|
// Lock/Unlock |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$post = $matches[3]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); |
||||
|
$query->bindValue(':id', $post, PDO::PARAM_INT); |
||||
|
|
||||
|
if($matches[2] == 'un') { |
||||
|
// Record the action |
||||
|
modLog("Unlocked post #{$post}"); |
||||
|
$query->bindValue(':locked', 0, PDO::PARAM_INT); |
||||
|
} else { |
||||
|
// Record the action |
||||
|
modLog("Locked post #{$post}"); |
||||
|
$query->bindValue(':locked', 1, PDO::PARAM_INT); |
||||
|
} |
||||
|
|
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
buildIndex(); |
||||
|
buildThread($post); |
||||
|
|
||||
|
|
||||
|
// Redirect |
||||
|
if(isset($_SERVER['HTTP_REFERER'])) |
||||
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) { |
||||
|
// Delete all posts by an IP |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$post = $matches[2]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); |
||||
|
$query->bindValue(':id', $post); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
if(!$post = $query->fetch()) |
||||
|
error($config['error']['invalidpost']); |
||||
|
|
||||
|
$ip = $post['ip']; |
||||
|
|
||||
|
// Record the action |
||||
|
modLog("Deleted all posts by IP address: #{$ip}"); |
||||
|
|
||||
|
$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri'])); |
||||
|
$query->bindValue(':ip', $ip); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
if($query->rowCount() < 1) |
||||
|
error($config['error']['invalidpost']); |
||||
|
|
||||
|
while($post = $query->fetch()) { |
||||
|
deletePost($post['id'], false); |
||||
|
} |
||||
|
|
||||
|
if(isset($_SERVER['HTTP_REFERER'])) |
||||
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} elseif(preg_match('/^\/ban$/', $query)) { |
||||
|
// Ban page |
||||
|
|
||||
|
if(isset($_POST['new_ban'])) { |
||||
|
if( !isset($_POST['ip']) || |
||||
|
!isset($_POST['reason']) || |
||||
|
!isset($_POST['length']) |
||||
|
) error($config['error']['missedafield']); |
||||
|
|
||||
|
// Check required fields |
||||
|
if(empty($_POST['ip'])) |
||||
|
error(sprintf($config['error']['required'], 'IP address')); |
||||
|
|
||||
|
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)"); |
||||
|
|
||||
|
// 1yr2hrs30mins |
||||
|
// 1y2h30m |
||||
|
$expire = 0; |
||||
|
if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { |
||||
|
if(isset($m[2])) { |
||||
|
// Years |
||||
|
$expire += $m[2]*60*60*24*365; |
||||
|
} |
||||
|
if(isset($m[4])) { |
||||
|
// Weeks |
||||
|
$expire += $m[4]*60*60*24*7; |
||||
|
} |
||||
|
if(isset($m[6])) { |
||||
|
// Days |
||||
|
$expire += $m[6]*60*60*24; |
||||
|
} |
||||
|
if(isset($m[8])) { |
||||
|
// Hours |
||||
|
$expire += $m[8]*60*60; |
||||
|
} |
||||
|
if(isset($m[10])) { |
||||
|
// Minutes |
||||
|
$expire += $m[10]*60; |
||||
|
} |
||||
|
if(isset($m[12])) { |
||||
|
// Seconds |
||||
|
$expire += $m[12]; |
||||
|
} |
||||
|
} |
||||
|
if($expire) { |
||||
|
$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); |
||||
|
} else { |
||||
|
// Never expire |
||||
|
$query->bindValue(':expires', null, PDO::PARAM_NULL); |
||||
|
} |
||||
|
|
||||
|
$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); |
||||
|
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); |
||||
|
$query->bindValue(':set', time(), PDO::PARAM_INT); |
||||
|
|
||||
|
if(isset($_POST['reason'])) { |
||||
|
$query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR); |
||||
|
} else { |
||||
|
$query->bindValue(':reason', null, PDO::PARAM_NULL); |
||||
|
} |
||||
|
|
||||
|
// Record the action |
||||
|
modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}"); |
||||
|
|
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
// Delete too |
||||
|
if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) { |
||||
|
openBoard($_POST['board']); |
||||
|
deletePost(round($_POST['delete'])); |
||||
|
} |
||||
|
|
||||
|
// Redirect |
||||
|
if(isset($_POST['continue'])) |
||||
|
header('Location: ' . $_POST['continue'], true, $config['redirect_http']); |
||||
|
else |
||||
|
header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); |
||||
|
} |
||||
|
} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { |
||||
|
if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']); |
||||
|
// Ban by post |
||||
|
|
||||
|
$boardName = $matches[1]; |
||||
|
$delete = isset($matches[2]) && $matches[2] == '&delete'; |
||||
|
$post = $matches[3]; |
||||
|
// Open board |
||||
|
if(!openBoard($boardName)) |
||||
|
error($config['error']['noboard']); |
||||
|
|
||||
|
$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); |
||||
|
$query->bindValue(':id', $post, PDO::PARAM_INT); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
if($query->rowCount() < 1) { |
||||
|
error($config['error']['invalidpost']); |
||||
|
} |
||||
|
|
||||
|
$post = $query->fetch(); |
||||
|
|
||||
|
$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false); |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'New ban', |
||||
|
'body'=>$body, |
||||
|
'mod'=>true |
||||
|
) |
||||
|
); |
||||
|
} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+)$/', $query, $matches)) { |
||||
|
// View information on an IP address |
||||
|
|
||||
|
$ip = $matches[1]; |
||||
|
$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false; |
||||
|
|
||||
|
$body = ''; |
||||
|
$boards = listBoards(); |
||||
|
foreach($boards as &$_board) { |
||||
|
openBoard($_board['uri']); |
||||
|
|
||||
|
$temp = ''; |
||||
|
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); |
||||
|
$query->bindValue(':ip', $ip); |
||||
|
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); |
||||
|
$query->execute() or error(db_error($query)); |
||||
|
|
||||
|
while($post = $query->fetch()) { |
||||
|
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : $config['root'], $mod); |
||||
|
$temp .= $po->build(); |
||||
|
} |
||||
|
if(!empty($temp)) |
||||
|
$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' . |
||||
|
sprintf($config['board_path'], $_board['uri']) . $config['file_index'] . |
||||
|
'">' . |
||||
|
sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . |
||||
|
'</a></legend>' . $temp . '</fieldset>'; |
||||
|
} |
||||
|
|
||||
|
if($config['mod']['ip_banform']) |
||||
|
$body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false); |
||||
|
|
||||
|
echo Element('page.html', Array( |
||||
|
'index'=>$config['root'], |
||||
|
'title'=>'IP: ' . $ip, |
||||
|
'subtitle' => $host, |
||||
|
'body'=>$body, |
||||
|
'mod'=>true |
||||
|
) |
||||
|
); |
||||
|
} else { |
||||
|
error($config['error']['404']); |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
// Close the connection in-case it's still open |
||||
|
sql_close(); |
||||
|
?> |
||||
|
|
@ -1,3 +0,0 @@ |
|||||
<?php |
|
||||
header('Location: ../', true, 302); |
|
||||
?> |
|
@ -1,3 +0,0 @@ |
|||||
<?php |
|
||||
header('Location: ../', true, 302); |
|
||||
?> |
|
After Width: | Height: | Size: 3.7 KiB |
Before Width: | Height: | Size: 1.3 KiB After Width: | Height: | Size: 1.3 KiB |
After Width: | Height: | Size: 423 B |
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
After Width: | Height: | Size: 961 B |
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
@ -0,0 +1,28 @@ |
|||||
|
<center> |
||||
|
{error?<h2>{error}</h2>} |
||||
|
<form action="" method="post"> |
||||
|
<table style="margin-top:25px;"> |
||||
|
<tr> |
||||
|
<th> |
||||
|
Username |
||||
|
</th> |
||||
|
<td> |
||||
|
<input type="text" name="username" size="20" maxlength="30" value="{username}"> |
||||
|
</td> |
||||
|
</tr> |
||||
|
<tr> |
||||
|
<th> |
||||
|
Password |
||||
|
</th> |
||||
|
<td> |
||||
|
<input type="password" name="password" size="20" maxlength="30" value=""> |
||||
|
</td> |
||||
|
</tr> |
||||
|
<tr> |
||||
|
<td></td> |
||||
|
<td> |
||||
|
<input type="submit" name="login" value="Continue" /> |
||||
|
</td> |
||||
|
</table> |
||||
|
</form> |
||||
|
</center> |
@ -1,16 +1,16 @@ |
|||||
<!DOCTYPE html> |
<!DOCTYPE html> |
||||
<html> |
<html> |
||||
<head> |
<head> |
||||
<link rel="stylesheet" media="screen" href="{index}style.css"/> |
<link rel="stylesheet" media="screen" href="{index}style.css"/> |
||||
<title>{title}</title> |
<title>{title}</title> |
||||
<meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" /> |
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" /> |
||||
</head> |
</head> |
||||
<body> |
<body> |
||||
<h1>{title}</h1> |
<h1>{title}</h1> |
||||
<div class="title">{subtitle?{subtitle}}</div> |
<div class="title">{subtitle?{subtitle}}<p>{mod?<a href="?/">Return to dashboard</a>}</p></div> |
||||
{body} |
{body} |
||||
<hr/> |
<hr/> |
||||
<p class="unimportant" style="text-align:center;">Copyright © 2010 <a href="http://omegadev.org/">OmegaSDG</a></p> |
<p class="unimportant" style="text-align:center;">Tinyboard Software Copyright © 2010-2011 <a href="http://omegasdg.com/">OmegaSDG</a></p> |
||||
</body> |
</body> |
||||
</html> |
</html> |
@ -0,0 +1,25 @@ |
|||||
|
CREATE TABLE IF NOT EXISTS `posts_{board}` ( |
||||
|
`id` int(11) NOT NULL AUTO_INCREMENT, |
||||
|
`thread` int(11) DEFAULT NULL, |
||||
|
`subject` varchar(40) NOT NULL, |
||||
|
`email` varchar(30) NOT NULL, |
||||
|
`name` varchar(25) NOT NULL, |
||||
|
`trip` varchar(45) DEFAULT NULL, |
||||
|
`body` text NOT NULL, |
||||
|
`time` int(11) NOT NULL, |
||||
|
`bump` int(11) DEFAULT NULL, |
||||
|
`thumb` varchar(50) DEFAULT NULL, |
||||
|
`thumbwidth` int(11) DEFAULT NULL, |
||||
|
`thumbheight` int(11) DEFAULT NULL, |
||||
|
`file` varchar(50) DEFAULT NULL, |
||||
|
`filewidth` int(11) DEFAULT NULL, |
||||
|
`fileheight` int(11) DEFAULT NULL, |
||||
|
`filesize` int(11) DEFAULT NULL, |
||||
|
`filename` varchar(30) DEFAULT NULL, |
||||
|
`filehash` varchar(32) DEFAULT NULL, |
||||
|
`password` varchar(20) DEFAULT NULL, |
||||
|
`ip` varchar(15) NOT NULL, |
||||
|
`sticky` int(1) NOT NULL, |
||||
|
`locked` int(1) NOT NULL, |
||||
|
UNIQUE KEY `id` (`id`) |
||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; |
@ -1,112 +0,0 @@ |
|||||
<?php |
|
||||
define('IS_INSTALLATION', true); |
|
||||
|
|
||||
require 'inc/functions.php'; |
|
||||
require 'inc/display.php'; |
|
||||
if (file_exists('inc/instance-config.php')) { |
|
||||
require 'inc/instance-config.php'; |
|
||||
} |
|
||||
require 'inc/config.php'; |
|
||||
require 'inc/template.php'; |
|
||||
require 'inc/user.php'; |
|
||||
|
|
||||
function image($type) { |
|
||||
return "<img src=\"src/{$type}.png\" style=\"margin:0px;width:16px;height:16px;\" />"; |
|
||||
} |
|
||||
function check($title, $test) { |
|
||||
global $body, $count; |
|
||||
$count[$test]++; |
|
||||
$body .= '<tr><td style="width:100%;border-bottom:1px solid #DDD;">' . $title . '</td><td style="width:1%;white-space:nowrap;border-bottom:1px solid #DDD;">' . image($test) . '</td></tr>'; |
|
||||
} |
|
||||
function title($text) { |
|
||||
global $body; |
|
||||
$body .= '<tr><td colspan="2" style="padding-top:15px;font-weight:bold;width:100%;border-bottom:1px solid #DDD;">' . $text . '</td></tr>'; |
|
||||
} |
|
||||
|
|
||||
$count = Array('ok'=>0, 'warning'=>0, 'error'=>0); |
|
||||
$todo = Array(); |
|
||||
$body = '<table style="width:600px;margin:auto;">'; |
|
||||
|
|
||||
$extensions = Array('mysql', 'gd'); |
|
||||
|
|
||||
// Extensions |
|
||||
title('Extensions'); |
|
||||
foreach($extensions as &$ext) { |
|
||||
if(extension_loaded($ext)) { |
|
||||
$body .= check($ext, 'ok'); |
|
||||
} else { |
|
||||
$body .= check($ext, 'error'); |
|
||||
$todo[] = 'Install module "' . $ext . '"'; |
|
||||
} |
|
||||
} |
|
||||
|
|
||||
// Database |
|
||||
title('Database'); |
|
||||
|
|
||||
if(extension_loaded('mysql')) { |
|
||||
if($sql = @mysql_connect(MY_SERVER, MY_USER, MY_PASSWORD)) { |
|
||||
$body .= check('Connection to server.', 'ok'); |
|
||||
if(@mysql_select_db(MY_DATABASE, $sql)) |
|
||||
$body .= check('Select database.', 'ok'); |
|
||||
else { |
|
||||
$body .= check('Select database.', 'error'); |
|
||||
$todo[] = 'instance-config.php: Check database configuration.'; |
|
||||
} |
|
||||
} else { |
|
||||
$body .= check('Connection to server.', 'error'); |
|
||||
$todo[] = 'instance-config.php: Check database configuration.'; |
|
||||
} |
|
||||
} |
|
||||
|
|
||||
// Configuration |
|
||||
title('Configuration'); |
|
||||
$root = dirname($_SERVER['REQUEST_URI']) . (dirname($_SERVER['REQUEST_URI']) == '/' ? '' : '/'); |
|
||||
if(ROOT != $root) { |
|
||||
$body .= check('Correct document root.', 'error'); |
|
||||
$todo[] = "instance-config.php: Change ROOT to '{$root}'"; |
|
||||
} else |
|
||||
$body .= check('Correct document root.', 'ok'); |
|
||||
|
|
||||
// Permissions |
|
||||
title('Permissions'); |
|
||||
|
|
||||
$directories = Array(DIR_IMG, DIR_THUMB, DIR_RES, '.'); |
|
||||
foreach($directories as $dir) { |
|
||||
if(file_exists($dir)) { |
|
||||
if(is_writable($dir) && is_readable($dir)) { |
|
||||
$body .= check($dir, 'ok'); |
|
||||
} else { |
|
||||
$body .= check($dir, 'error'); |
|
||||
$todo[] = 'CHMOD ' . $dir . ' to allow PHP to read and write.'; |
|
||||
} |
|
||||
} else { |
|
||||
$body .= check($dir, 'error'); |
|
||||
$todo[] = 'Create directory: ' . $dir; |
|
||||
} |
|
||||
} |
|
||||
|
|
||||
// Other |
|
||||
title('Other'); |
|
||||
if(get_magic_quotes_gpc()) { |
|
||||
$body .= check('magic_quotes_gpc', 'warning'); |
|
||||
$todo[] = 'Recommended: Disable magic_quotes_gpc in your PHP configuration.'; |
|
||||
} else |
|
||||
$body .= check('magic_quotes_gpc', 'ok'); |
|
||||
|
|
||||
$body .= '</table>'; |
|
||||
|
|
||||
if(!empty($todo)) { |
|
||||
$body .= '<pre style="width:600px;margin:20px auto;">'; |
|
||||
foreach($todo as $do) |
|
||||
$body .= "{$do}\n"; |
|
||||
$body .= '</pre>'; |
|
||||
} |
|
||||
|
|
||||
if(!$count['error']) { |
|
||||
$body .= '<p style="text-align:center;">Everything seems okay.</p>'; |
|
||||
} |
|
||||
|
|
||||
$body .= '<p style="text-align:center;font-weight:bold;">Disregard me. I haven\'t been patched to work with multiple boards yet.</p>'; |
|
||||
|
|
||||
die(Element('page.html', Array('index' => ROOT, 'title'=>'Tinyboard', 'subtitle'=>'Installation', 'body'=>$body))); |
|
||||
?> |
|
@ -1,3 +0,0 @@ |
|||||
<?php |
|
||||
header('Location: ../', true, 302); |
|
||||
?> |
|
@ -0,0 +1,40 @@ |
|||||
|
body { |
||||
|
background: #ffe url('img/fade-yotsuba.png') repeat-x 50% 0%; |
||||
|
color: #800000; |
||||
|
} |
||||
|
a:link, a:visited, p.intro a.email span.name { |
||||
|
color: #0000ff; |
||||
|
} |
||||
|
a:link:hover { |
||||
|
color: #d00; |
||||
|
} |
||||
|
a.post_no { |
||||
|
color: #800000; |
||||
|
} |
||||
|
div.post.reply { |
||||
|
background: #f0e0d6; |
||||
|
border-color: #d9bfb7; |
||||
|
} |
||||
|
div.post.reply.highlighted { |
||||
|
background: #f0c0b0; |
||||
|
border-color: #d9bfb7; |
||||
|
} |
||||
|
div.post.reply p.body a { |
||||
|
color: navy; |
||||
|
} |
||||
|
p.intro span.subject { |
||||
|
color: #d00; |
||||
|
} |
||||
|
form table tr th { |
||||
|
background: #EA8; |
||||
|
} |
||||
|
div.ban h2 { |
||||
|
background: #FCA; |
||||
|
color: inherit; |
||||
|
} |
||||
|
div.ban { |
||||
|
border-color: #800; |
||||
|
} |
||||
|
div.ban p { |
||||
|
color: black; |
||||
|
} |