From c59f36f400eb718714154fa1ab125662bc7b89ea Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@n0v4.com>
Date: Wed, 19 Jan 2011 12:37:31 +1100
Subject: [PATCH] a bunch of things

---
 inc/config.php        | 21 +++++++++++++++++---
 inc/functions.php     | 35 ++++++++++++++++++++++++++++++---
 mod.php               |  2 +-
 post.php              | 45 ++++++++++++++++++++++++++++++++++++++-----
 style.css             |  4 ++++
 templates/posts.sql   |  2 +-
 templates/thread.html |  1 +
 7 files changed, 97 insertions(+), 13 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 746efb63..65346edd 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -41,7 +41,8 @@
 	define('COOKIE_EXPIRE',	15778463, true); //6 months
 	// Make this something long and random for security
 	define('SALT',			'wefaw98YHEWUFuo', true);
-
+	define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
+	
 	// How many seconds before you can post, after the first visit
 	define('LURKTIME',		30, true);
 	
@@ -51,6 +52,8 @@
 	define('FLOOD_TIME_IP_SAME',	120, true);
 	// Same as above but different IP address
 	define('FLOOD_TIME_SAME',	30, true);
+	// Do you need a body for your non-OP posts?
+	define('FORCE_BODY',	true, true);
 
 	// Max body length
 	define('MAX_BODY',		1800, true);
@@ -77,6 +80,9 @@
 	define('ERROR_NOPOST',	'You didn\'t make a post.', true);
 	define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
 	define('ERROR_UNORIGINAL', 'Unoriginal content!', true);
+	define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true);
+	define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
+	define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
 	define('ERR_INVALIDIMG','Invalid image.', true);
 	define('ERR_FILESIZE',	'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
 	define('ERR_MAXSIZE',	'The file was too big.', true);
@@ -103,7 +109,11 @@
 	// Function name for hashing
 	// sha1_file, md5_file, etc.
 	define('FILE_HASH',		'sha1_file', true);
-
+	
+	define('BLOCK_TOR',		true, true);
+	// Typically spambots try to post a lot of links. Refuse a post with X standalone links?
+	define('MAX_LINKS',		7, true);
+	
 	// Maximum image upload size in bytes
 	define('MAX_FILESIZE',	10*1024*1024, true); // 10MB
 	// Maximum image dimensions
@@ -167,8 +177,13 @@
 	// Robot stuff
 	// Strip repeating characters when making hashes
 	define('ROBOT_ENABLE', true, true);
+	define('ROBOT_BOARD', 'r9k', true);
 	define('ROBOT_STRIP_REPEATING', true, true);
-	
+	// Enable mutes
+	define('ROBOT_MUTE', true, true);
+	define('ROBOT_MUTE_MIN', 60, true);
+	define('ROBOT_MUTE_MAX', 120, true);
+	define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true);
 	
 	/* 
 		Mod stuff
diff --git a/inc/functions.php b/inc/functions.php
index 4f4a69bd..6193ab38 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -439,14 +439,43 @@
 			}
 		}
 	}
+	
+	function isDNSBL() {
+		$dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES);
+		
+		// Reverse the IP
+		$rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.');
+		$response = array();
+		foreach ($dns_black_lists as $dns_black_list) {
+			$response = (gethostbynamel($rev_ip . '.' . $dns_black_list));
+			if(!empty($response))
+				return true;
+		}
+		
+		return false;
+	}
+	
+	function isTor() {
+		return gethostbyname(
+				ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org'
+			) == '127.0.0.2';
+	}
+			
+	function ReverseIPOctets($inputip) {
+		$ipoc = explode('.', $inputip);
+		return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0];
+	}
 
 	function markup(&$body) {
 		global $board;
 		
 		$body = utf8tohtml($body, true);
 		
-		if(MARKUP_URLS)
-			$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body);
+		if(MARKUP_URLS) {
+			$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body, -1, $num_links);
+			if($num_links > MAX_LINKS)
+				error(ERROR_TOOMANYLINKS);
+		}
 			
 		if(AUTO_UNICODE) {
 			$body = str_replace('...', '…', $body);
@@ -602,7 +631,7 @@
 			$salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' );
 			if ( isset ( $t[2] ) ) {
 				// secure
-				$trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) );
+				$trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) );
 			} else {
 				// insecure
 				$trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) );
diff --git a/mod.php b/mod.php
index b4355fe4..80647471 100644
--- a/mod.php
+++ b/mod.php
@@ -464,7 +464,7 @@
 				openBoard($_board['uri']);
 				
 				$temp = '';
-				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri']));
+				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
 				$query->bindValue(':ip', $ip);
 				$query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT);
 				$query->execute() or error(db_error($query));
diff --git a/post.php b/post.php
index 40830f0f..b8724522 100644
--- a/post.php
+++ b/post.php
@@ -62,6 +62,9 @@
 		// Check if banned
 		checkBan();
 		
+		if(BLOCK_TOR && isTor())
+			error(ERROR_TOR);
+			
 		// Check if board exists
 		if(!openBoard($post['board']))
 			error(ERROR_NOBOARD);
@@ -85,6 +88,9 @@
 		$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
 		$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
 		
+		if(empty($post['body']) && FORCE_BODY)
+			error(ERROR_TOOSHORTBODY);
+		
 		if($post['mod']) {
 			require 'inc/mod.php';
 			if(!$mod) {
@@ -115,6 +121,15 @@
 					'maxsz'=>commaize(MAX_FILESIZE))));
 		}
 		
+		if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
+			if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) {
+				$post['mod_tag'] = $match[3];
+				$post['name'] = !empty($match[2])?$match[2]:'Anonymous';
+			}
+		} else {
+			$post['mod_tag'] = false;
+		}
+		
 		$trip = generate_tripcode($post['name']);
 		$post['name'] = $trip[0];
 		$post['trip'] = (isset($trip[1])?$trip[1]:'');
@@ -134,21 +149,40 @@
 		}
 		
 		// Check string lengths
-		if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
+		if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));			
 		if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
 		if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
 		if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
 		if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
 		if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
 		
+		if($post['mod_tag'])
+			$post['trip'] .= ' <a class="nametag">## ' . $post['mod_tag'] . '</a>';
+		
+		if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) {
+			if(ROBOT_MUTE) {
+				$mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN);
+				
+				$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
+				$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+				$query->bindValue(':mod', -1, PDO::PARAM_INT);
+				$query->bindValue(':set', time(), PDO::PARAM_INT);
+				$query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT);
+				$query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION);
+				$query->execute() or error(db_error($query));
+				
+				error(sprintf(ERROR_MUTED, $mutetime));
+			} else {
+				error(ERROR_UNORIGINAL);
+			}
+		}
+		
 		markup($post['body']);
 		
 		// Check for a flood
-		if(checkFlood($post))
+		if(checkFlood($post)) {
 			error(ERROR_FLOOD);
-		
-		if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body']))
-			error(ERROR_UNORIGINAL);
+		}
 		
 		if($post['has_file']) {
 			// Just trim the filename if it's too long
@@ -206,6 +240,7 @@
 						imagebmp($image, $post['file']);
 						break;
 					default:
+						unlink($post['file']);
 						error('Unknwon file extension.');
 				}
 			}
diff --git a/style.css b/style.css
index 60c36d19..058de230 100644
--- a/style.css
+++ b/style.css
@@ -146,6 +146,10 @@ p.intro span.name {
 	color: #117743;
 	font-weight: bold;
 }
+p.intro a.nametag {
+	color: #F00000;
+	margin-left: 0;
+}
 p.intro a {
 	margin-left: 8px;
 }
diff --git a/templates/posts.sql b/templates/posts.sql
index 4163f125..f8e1b6fb 100644
--- a/templates/posts.sql
+++ b/templates/posts.sql
@@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` (
   `subject` varchar(40) NOT NULL,
   `email` varchar(30) NOT NULL,
   `name` varchar(25) NOT NULL,
-  `trip` varchar(15) DEFAULT NULL,
+  `trip` varchar(45) DEFAULT NULL,
   `body` text NOT NULL,
   `time` int(11) NOT NULL,
   `bump` int(11) DEFAULT NULL,
diff --git a/templates/thread.html b/templates/thread.html
index 2fd03418..e1260ff5 100644
--- a/templates/thread.html
+++ b/templates/thread.html
@@ -71,6 +71,7 @@
 	</form>
 	<hr/>
 	{body}
+	<a href="{return}">[Return.]</a>
 	<p class="unimportant" style="text-align:center;">Copyright &copy; 2010 <a href="http://omegadev.org/">OmegaSDG</a></p>
 </body>
 </html>
\ No newline at end of file