diff --git a/inc/cache.php b/inc/cache.php index 3881672e..e29b282d 100644 --- a/inc/cache.php +++ b/inc/cache.php @@ -1,5 +1,14 @@ .%.dnsbl.httpbl.org', function($ip) { + // $config['dnsbl'][] = array('.%.dnsbl.httpbl.org', function($ip) { // $octets = explode('.', $ip); // // // days since last activity @@ -172,7 +174,7 @@ $config['spam']['hidden_inputs_min'] = 4; $config['spam']['hidden_inputs_max'] = 12; // These are fields used to confuse the bots. Make sure they aren't actually used by Tinyboard, or it won't work. - $config['spam']['hidden_input_names'] = Array( + $config['spam']['hidden_input_names'] = array( 'user', 'username', 'login', @@ -185,7 +187,7 @@ 'message' ); // Always update this when adding new valid fields to the post form, or EVERYTHING WILL BE DETECTED AS SPAM! - $config['spam']['valid_inputs'] = Array( + $config['spam']['valid_inputs'] = array( 'hash', 'board', 'thread', @@ -208,10 +210,10 @@ // Custom flood filters. Detect flood attacks and reject new posts if there's a positive match. // See http://tinyboard.org/wiki/index.php?title=Flood_filters for more information. - //$config['flood_filters'][] = Array( - // 'condition' => Array( + //$config['flood_filters'][] = array( + // 'condition' => array( // // 100 posts in the past 5 minutes (~20 p/m) - // 'posts_in_past_x_minutes' => Array(100, 5) + // 'posts_in_past_x_minutes' => array(100, 5) // ), // // Don't allow the user to post // 'action' => 'reject', @@ -220,10 +222,10 @@ //); // Another filter - //$config['flood_filters'][] = Array( - // 'condition' => Array( + //$config['flood_filters'][] = array( + // 'condition' => array( // // 10 new empty threads in the past 2 minutes - // 'threads_with_no_replies_in_past_x_minutes' => Array(10, 2), + // 'threads_with_no_replies_in_past_x_minutes' => array(10, 2), // // Allow replies, but not new threads (ie. reject topics only). // 'OP' => true // ), @@ -300,10 +302,10 @@ // Wordfilters are used to automatically replace certain words/phrases with something else. // For a normal string replacement: - // $config['wordfilters'][] = Array('cat', 'dog'); + // $config['wordfilters'][] = array('cat', 'dog'); // Advanced raplcement (regular expressions): - // $config['wordfilters'][] = Array('/cat/', 'dog', true); // 'true' means it's a regular expression + // $config['wordfilters'][] = array('/cat/', 'dog', true); // 'true' means it's a regular expression // Always act as if they had typed "noko" in the email field no mattter what $config['always_noko'] = false; @@ -333,13 +335,13 @@ */ // "Wiki" markup syntax ($config['wiki_markup'] in pervious versions): - $config['markup'][] = Array("/'''(.+?)'''/", "\$1"); - $config['markup'][] = Array("/''(.+?)''/", "\$1"); - $config['markup'][] = Array("/\*\*(.+?)\*\*/", "\$1"); - $config['markup'][] = Array("/^\s*==(.+?)==\s*$/m", "\$1"); + $config['markup'][] = array("/'''(.+?)'''/", "\$1"); + $config['markup'][] = array("/''(.+?)''/", "\$1"); + $config['markup'][] = array("/\*\*(.+?)\*\*/", "\$1"); + $config['markup'][] = array("/^\s*==(.+?)==\s*$/m", "\$1"); // Highlight PHP code wrapped in tags (PHP 5.3.0+) - // $config['markup'][] = Array( + // $config['markup'][] = array( // '/^<code>(.+)<\/code>/ms', // function($matches) { // return highlight_string(html_entity_decode($matches[1]), true); @@ -507,29 +509,29 @@ // $config['uri_stylesheets'] = 'http://static.example.org/stylesheets/'; // The default stylesheet to use - $config['default_stylesheet'] = Array('Yotsuba B', $config['stylesheets']['Yotsuba B']); + $config['default_stylesheet'] = array('Yotsuba B', $config['stylesheets']['Yotsuba B']); // Boardlinks // You can group, order and place the boardlist at the top of every page, using the following template. - //$config['boards'] = Array( - // Array('a', 'b'), - // Array('c', 'd', 'e', 'f', 'g'), - // Array('h', 'i', 'j'), - // Array('k', Array('l', 'm')), - // Array('status' => 'http://status.example.org/') + //$config['boards'] = array( + // array('a', 'b'), + // array('c', 'd', 'e', 'f', 'g'), + // array('h', 'i', 'j'), + // array('k', array('l', 'm')), + // array('status' => 'http://status.example.org/') //); // Categories // Required for the Categories theme. - //$config['categories'] = Array( - // 'Group Name' => Array('a', 'b', 'c'), - // 'Another Group' => Array('d') + //$config['categories'] = array( + // 'Group Name' => array('a', 'b', 'c'), + // 'Another Group' => array('d') //); // Custom_categories - // Optional for the Categories theme. Array of name => (title, url) groups for categories with non-board links. - //$config['custom_categories'] = Array( - // 'Links' => Array( + // Optional for the Categories theme. array of name => (title, url) groups for categories with non-board links. + //$config['custom_categories'] = array( + // 'Links' => array( // 'Tinyboard' => 'http://tinyboard.org', // 'Donate' => 'donate.html' // ) @@ -576,24 +578,24 @@ // Custom embedding (YouTube, vimeo, etc.) // It's very important that you match the full string (with ^ and $) or things will not work correctly. - $config['embedding'] = Array( - Array( + $config['embedding'] = array( + array( '/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})(&.+)?$/i', '' ), - Array( + array( '/^https?:\/\/(\w+\.)?vimeo\.com\/(\d{2,10})(\?.+)?$/i', '' ), - Array( + array( '/^https?:\/\/(\w+\.)?dailymotion\.com\/video\/([a-zA-Z0-9]{2,10})(_.+)?$/i', '' ), - Array( + array( '/^https?:\/\/(\w+\.)?metacafe\.com\/watch\/(\d+)\/([a-zA-Z0-9_\-.]+)\/(\?.+)?$/i', '
' ), - Array( + array( '/^https?:\/\/video\.google\.com\/videoplay\?docid=(\d+)([&#](.+)?)?$/i', '' ) @@ -767,14 +769,14 @@ //$config['custom_capcode']['Custom'] =' ## %s'; // "## Mod" makes everything purple, including the name and tripcode - //$config['custom_capcode']['Mod'] = Array( + //$config['custom_capcode']['Mod'] = array( // ' ## %s', // 'color:purple', // Change name style; optional // 'color:purple' // Change tripcode style; optional //); // "## Admin" makes everything red and bold, including the name and tripcode - //$config['custom_capcode']['Admin'] = Array( + //$config['custom_capcode']['Admin'] = array( // ' ## %s', // 'color:red;font-weight:bold', // Change name style; optional // 'color:red;font-weight:bold' // Change tripcode style; optional @@ -996,18 +998,18 @@ // If you use Varnish, Squid, or any similar caching reverse-proxy in front of Tinyboard, // you can configure Tinyboard to PURGE files when they're written to - //$config['purge'] = Array( - // Array('127.0.0.1', 80) - // Array('127.0.0.1', 80, 'example.org') + //$config['purge'] = array( + // array('127.0.0.1', 80) + // array('127.0.0.1', 80, 'example.org') //); // Connection timeout, in seconds $config['purge_timeout'] = 3; // Remote servers // http://tinyboard.org/wiki/index.php?title=Multiple_Servers - //$config['remote']['static'] = Array( + //$config['remote']['static'] = array( // 'host' => 'static.example.org', - // 'auth' => Array( + // 'auth' => array( // 'method' => 'plain', // 'username' => 'username', // 'password' => 'password!123' @@ -1019,11 +1021,4 @@ $config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/'; // INSANE regular expression for IPv6 addresses $config['ipv6_regex'] = '((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?'; - - - if($_SERVER['SCRIPT_FILENAME'] == str_replace('\\', '/', __FILE__)) { - // You cannot request this file directly. - header('Location: ../', true, 302); - exit; - } -?> + diff --git a/inc/database.php b/inc/database.php index b9338530..5e085b83 100644 --- a/inc/database.php +++ b/inc/database.php @@ -1,107 +1,111 @@ query = $pdo->prepare($query); - } - public function __call($function, $args) { - global $config, $debug; - - if($config['debug'] && $function == 'execute') { - $start = microtime(true); - } - - $return = call_user_func_array(Array($this->query, $function), $args); - - if($config['debug'] && $function == 'execute') { - $time = round((microtime(true) - $start) * 1000, 2) . 'ms'; - - $debug['sql'][] = Array( - 'query' => $this->query->queryString, - 'rows' => $this->query->rowCount(), - 'time' => '~' . $time - ); - } - - return $return; - } + $this->query = $pdo->prepare($query); } - - function sql_open() { - global $pdo, $config; - if($pdo) return true; + public function __call($function, $args) { + global $config, $debug; - $dsn = $config['db']['type'] . ':host=' . $config['db']['server'] . ';dbname=' . $config['db']['database']; - if(!empty($config['db']['dsn'])) - $dsn .= ';' . $config['db']['dsn']; - try { - $options = Array(PDO::ATTR_TIMEOUT => $config['db']['timeout']); - $options = Array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); - if($config['db']['persistent']) - $options[PDO::ATTR_PERSISTENT] = true; - return $pdo = new PDO($dsn, $config['db']['user'], $config['db']['password'], $options); - } catch(PDOException $e) { - $message = $e->getMessage(); - - // Remove any sensitive information - $message = str_replace($config['db']['user'], 'hidden', $message); - $message = str_replace($config['db']['password'], 'hidden', $message); - - // Print error - error('Database error: ' . $message); + if($config['debug'] && $function == 'execute') { + $start = microtime(true); } - } - - function prepare($query) { - global $pdo, $debug, $config; - - sql_open(); - if($config['debug']) - return new PreparedQueryDebug($query); - return $pdo->prepare($query); - } - - function query($query) { - global $pdo, $debug, $config; + $return = call_user_func_array(array($this->query, $function), $args); - sql_open(); - - if($config['debug']) { - $start = microtime(true); - $query = $pdo->query($query); - if(!$query) - return false; + if($config['debug'] && $function == 'execute') { $time = round((microtime(true) - $start) * 1000, 2) . 'ms'; + $debug['sql'][] = Array( - 'query' => $query->queryString, - 'rows' => $query->rowCount(), + 'query' => $this->query->queryString, + 'rows' => $this->query->rowCount(), 'time' => '~' . $time ); - return $query; - } else { - return $pdo->query($query); } + + return $return; } +} + +function sql_open() { + global $pdo, $config; + if($pdo) return true; - function db_error($PDOStatement=null) { - global $pdo; - if(isset($PDOStatement)) { - $err = $PDOStatement->errorInfo(); - return $err[2]; - } else { - $err = $pdo->errorInfo(); - return $err[2]; - } + $dsn = $config['db']['type'] . ':host=' . $config['db']['server'] . ';dbname=' . $config['db']['database']; + if(!empty($config['db']['dsn'])) + $dsn .= ';' . $config['db']['dsn']; + try { + $options = Array(PDO::ATTR_TIMEOUT => $config['db']['timeout']); + $options = Array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); + if($config['db']['persistent']) + $options[PDO::ATTR_PERSISTENT] = true; + return $pdo = new PDO($dsn, $config['db']['user'], $config['db']['password'], $options); + } catch(PDOException $e) { + $message = $e->getMessage(); + + // Remove any sensitive information + $message = str_replace($config['db']['user'], 'hidden', $message); + $message = str_replace($config['db']['password'], 'hidden', $message); + + // Print error + error('Database error: ' . $message); + } +} + +function prepare($query) { + global $pdo, $debug, $config; + + sql_open(); + + if($config['debug']) + return new PreparedQueryDebug($query); + return $pdo->prepare($query); +} + +function query($query) { + global $pdo, $debug, $config; + + sql_open(); + + if($config['debug']) { + $start = microtime(true); + $query = $pdo->query($query); + if(!$query) + return false; + $time = round((microtime(true) - $start) * 1000, 2) . 'ms'; + $debug['sql'][] = Array( + 'query' => $query->queryString, + 'rows' => $query->rowCount(), + 'time' => '~' . $time + ); + return $query; + } else { + return $pdo->query($query); + } +} + +function db_error($PDOStatement=null) { + global $pdo; + if(isset($PDOStatement)) { + $err = $PDOStatement->errorInfo(); + return $err[2]; + } else { + $err = $pdo->errorInfo(); + return $err[2]; } -?> +} + diff --git a/inc/display.php b/inc/display.php index ef6d1efc..9b118a00 100644 --- a/inc/display.php +++ b/inc/display.php @@ -1,445 +1,441 @@ = 1024 && $i < 4; $i++) $size /= 1024; + return round($size, 2).$units[$i]; +} + +function doBoardListPart($list, $root) { + global $config; + + $body = ''; + foreach($list as $board) { + if(is_array($board)) + $body .= ' [' . doBoardListPart($board, $root) . '] '; + else { + if(($key = array_search($board, $list)) && gettype($key) == 'string') { + $body .= ' ' . $key . ' /'; + } else { + $body .= ' ' . $board . ' /'; + } + } } + $body = preg_replace('/\/$/', '', $body); - /* - Stuff to help with the display. - */ + return $body; +} + +function createBoardlist($mod=false) { + global $config; + if(!isset($config['boards'])) return Array('top'=>'','bottom'=>''); - /* - joaoptm78@gmail.com - http://www.php.net/manual/en/function.filesize.php#100097 - */ - function format_bytes($size) { - $units = array(' B', ' KB', ' MB', ' GB', ' TB'); - for ($i = 0; $size >= 1024 && $i < 4; $i++) $size /= 1024; - return round($size, 2).$units[$i]; - } + $body = doBoardListPart($config['boards'], $mod?'?/':$config['root']); + if(!preg_match('/\] $/', $body)) + $body = '[' . $body . ']'; - function commaize($n) { - $n = strval($n); - return (intval($n) < 1000) ? $n : commaize(substr($n, 0, -3)) . ',' . substr($n, -3); - } + $body = trim($body); - function doBoardListPart($list, $root) { - global $config; - - $body = ''; - foreach($list as $board) { - if(is_array($board)) - $body .= ' [' . doBoardListPart($board, $root) . '] '; - else { - if(($key = array_search($board, $list)) && gettype($key) == 'string') { - $body .= ' ' . $key . ' /'; - } else { - $body .= ' ' . $board . ' /'; - } - } - } - $body = preg_replace('/\/$/', '', $body); - - return $body; - } + return Array( + 'top' => '
' . $body . '
', + 'bottom' => '
' . $body . '
' + ); +} + +function error($message, $priority = true) { + global $board, $mod, $config; - function createBoardlist($mod=false) { - global $config; - - if(!isset($config['boards'])) return Array('top'=>'','bottom'=>''); - - $body = doBoardListPart($config['boards'], $mod?'?/':$config['root']); - if(!preg_match('/\] $/', $body)) - $body = '[' . $body . ']'; - - $body = trim($body); - - return Array( - 'top' => '
' . $body . '
', - 'bottom' => '
' . $body . '
' - ); + if($config['syslog'] && $priority !== false) { + // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. + _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } - function error($message, $priority = true) { - global $board, $mod, $config; - - if($config['syslog'] && $priority !== false) { - // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. - _syslog($priority !== true ? $priority : LOG_NOTICE, $message); - } - - if(defined('STDIN')) { - // Running from CLI - die('Error: ' . $message . "\n"); - } - - die(Element('page.html', Array( - 'config'=>$config, - 'title'=>'Error', - 'subtitle'=>'An error has occured.', - 'body'=>'
' . - '

' . _($message) . '

' . - (isset($board) ? - "

Go back.

" : '') . - '
' - ))); + if(defined('STDIN')) { + // Running from CLI + die('Error: ' . $message . "\n"); } - function loginForm($error=false, $username=false, $redirect=false) { - global $config; - - die(Element('page.html', Array( - 'index'=>$config['root'], - 'title'=>_('Login'), + die(Element('page.html', Array( + 'config'=>$config, + 'title'=>'Error', + 'subtitle'=>'An error has occured.', + 'body'=>'
' . + '

' . _($message) . '

' . + (isset($board) ? + "

Go back.

" : '') . + '
' + ))); +} + +function loginForm($error=false, $username=false, $redirect=false) { + global $config; + + die(Element('page.html', Array( + 'index'=>$config['root'], + 'title'=>_('Login'), + 'config'=>$config, + 'body'=>Element('login.html', Array( 'config'=>$config, - 'body'=>Element('login.html', Array( - 'config'=>$config, - 'error'=>$error, - 'username'=>utf8tohtml($username), - 'redirect'=>$redirect - ) + 'error'=>$error, + 'username'=>utf8tohtml($username), + 'redirect'=>$redirect ) - ))); + ) + ))); +} + +function pm_snippet($body, $len=null) { + global $config; + + if(!isset($len)) + $len = &$config['mod']['snippet_length']; + + // Replace line breaks with some whitespace + $body = str_replace('
', ' ', $body); + + // Strip tags + $body = strip_tags($body); + + // Unescape HTML characters, to avoid splitting them in half + $body = html_entity_decode($body, ENT_COMPAT, 'UTF-8'); + + // calculate strlen() so we can add "..." after if needed + $strlen = mb_strlen($body); + + $body = substr($body, 0, $len); + + // Re-escape the characters. + return '' . utf8tohtml($body) . ($strlen > $len ? '…' : '') . ''; +} + +function capcode($cap) { + global $config; + + if(!$cap) + return false; + + $capcode = Array(); + if(isset($config['custom_capcode'][$cap])) { + if(is_array($config['custom_capcode'][$cap])) { + $capcode['cap'] = sprintf($config['custom_capcode'][$cap][0], $cap); + if(isset($config['custom_capcode'][$cap][1])) + $capcode['name'] = $config['custom_capcode'][$cap][1]; + if(isset($config['custom_capcode'][$cap][2])) + $capcode['trip'] = $config['custom_capcode'][$cap][2]; + } else { + $capcode['cap'] = sprintf($config['custom_capcode'][$cap], $cap); + } + } else { + $capcode['cap'] = sprintf($config['capcode'], $cap); } - function pm_snippet($body, $len=null) { - global $config; - - if(!isset($len)) - $len = &$config['mod']['snippet_length']; - - // Replace line breaks with some whitespace - $body = str_replace('
', ' ', $body); - - // Strip tags - $body = strip_tags($body); - - // Unescape HTML characters, to avoid splitting them in half - $body = html_entity_decode($body, ENT_COMPAT, 'UTF-8'); - - // calculate strlen() so we can add "..." after if needed - $strlen = mb_strlen($body); - - $body = substr($body, 0, $len); - - // Re-escape the characters. - return '' . utf8tohtml($body) . ($strlen > $len ? '…' : '') . ''; + return $capcode; +} + +function truncate($body, $url, $max_lines = false, $max_chars = false) { + global $config; + + if($max_lines === false) + $max_lines = $config['body_truncate']; + if($max_chars === false) + $max_chars = $config['body_truncate_char']; + $original_body = $body; + + $lines = substr_count($body, '
'); + + // Limit line count + if($lines > $max_lines) { + if(preg_match('/(((.*?)){' . $max_lines . '})/', $body, $m)) + $body = $m[0]; } - function capcode($cap) { - global $config; - - if(!$cap) - return false; + $body = substr($body, 0, $max_chars); + + if($body != $original_body) { + // Remove any corrupt tags at the end + $body = preg_replace('/<([\w]+)?([^>]*)?$/', '', $body); - $capcode = Array(); - if(isset($config['custom_capcode'][$cap])) { - if(is_array($config['custom_capcode'][$cap])) { - $capcode['cap'] = sprintf($config['custom_capcode'][$cap][0], $cap); - if(isset($config['custom_capcode'][$cap][1])) - $capcode['name'] = $config['custom_capcode'][$cap][1]; - if(isset($config['custom_capcode'][$cap][2])) - $capcode['trip'] = $config['custom_capcode'][$cap][2]; - } else { - $capcode['cap'] = sprintf($config['custom_capcode'][$cap], $cap); + // Open tags + if(preg_match_all('/<([\w]+)[^>]*>/', $body, $open_tags)) { + + $tags = Array(); + for($x=0;$x$/', $open_tags[0][$x])) + $tags[] = $open_tags[1][$x]; + } + + // List successfully closed tags + if(preg_match_all('/(<\/([\w]+))>/', $body, $closed_tags)) { + for($x=0;$xhere to view the full text.'; } - function truncate($body, $url, $max_lines = false, $max_chars = false) { + return $body; +} + +function confirmLink($text, $title, $confirm, $href) { + global $config, $mod; + if($config['mod']['server-side_confirm']) + return '' . $text . ''; + else + return '' . $text . ''; +} + +class Post { + public function __construct($id, $thread, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $embed, $root=null, $mod=false) { global $config; + if(!isset($root)) + $root = &$config['root']; - if($max_lines === false) - $max_lines = $config['body_truncate']; - if($max_chars === false) - $max_chars = $config['body_truncate_char']; - $original_body = $body; + $this->id = $id; + $this->thread = $thread; + $this->subject = utf8tohtml($subject); + $this->email = $email; + $this->name = utf8tohtml($name); + $this->trip = $trip; + $this->capcode = $capcode; + $this->body = $body; + $this->time = $time; + $this->thumb = $thumb; + $this->thumbx = $thumbx; + $this->thumby = $thumby; + $this->file = $file; + $this->filex = $filex; + $this->filey = $filey; + $this->filesize = $filesize; + $this->filename = $filename; + $this->ip = $ip; + $this->embed = $embed; + $this->root = $root; + $this->mod = $mod; - $lines = substr_count($body, '
'); - - // Limit line count - if($lines > $max_lines) { - if(preg_match('/(((.*?)){' . $max_lines . '})/', $body, $m)) - $body = $m[0]; - } + if($this->mod) + // Fix internal links + // Very complicated regex + $this->body = preg_replace( + '/"; - } - } else { - // remove broken HTML entity at the end (if existent) - $body = preg_replace('/&[^;]+$/', '', $body); - } + // Delete + if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod)) + $built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id); + + // Delete all posts by IP + if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod)) + $built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['uri'] . '/deletebyip/' . $this->id); + + // Delete all posts by IP (global) + if(hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod)) + $built .= ' ' . confirmLink($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['uri'] . '/deletebyip/' . $this->id . '/global'); + + // Ban + if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_ban'] . ''; + + // Ban & Delete + if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_bandelete'] . ''; - $body .= 'Post too long. Click here to view the full text.'; + // Delete file (keep post) + if(!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_deletefile'] . ''; + + // Edit post + if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_editpost'] . ''; + + if(!empty($built)) + $built = '' . $built . ''; } - - return $body; + return $built; } - function confirmLink($text, $title, $confirm, $href) { - global $config, $mod; - if($config['mod']['server-side_confirm']) - return '' . $text . ''; - else - return '' . $text . ''; + public function build($index=false) { + global $board, $config; + + return Element('post_reply.html', Array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index)); } - - class Post { - public function __construct($id, $thread, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $embed, $root=null, $mod=false) { - global $config; - if(!isset($root)) $root = &$config['root']; +}; + +class Thread { + public function __construct($id, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $bumplocked, $embed, $root=null, $mod=false, $hr=true) { + global $config; + if(!isset($root)) + $root = &$config['root']; + + $this->id = $id; + $this->subject = utf8tohtml($subject); + $this->email = $email; + $this->name = utf8tohtml($name); + $this->trip = $trip; + $this->capcode = $capcode; + $this->body = $body; + $this->time = $time; + $this->thumb = $thumb; + $this->thumbx = $thumbx; + $this->thumby = $thumby; + $this->file = $file; + $this->filex = $filex; + $this->filey = $filey; + $this->filesize = $filesize; + $this->filename = $filename; + $this->omitted = 0; + $this->omitted_images = 0; + $this->posts = Array(); + $this->ip = $ip; + $this->sticky = $sticky; + $this->locked = $locked; + $this->bumplocked = $bumplocked; + $this->embed = $embed; + $this->root = $root; + $this->mod = $mod; + $this->hr = $hr; + + if($this->mod) + // Fix internal links + // Very complicated regex + $this->body = preg_replace( + '/' . $config['mod']['link_ban'] . ''; - $built = ''; - if($this->mod) { - // Mod controls (on posts) - - // Delete - if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id); - - // Delete all posts by IP - if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['uri'] . '/deletebyip/' . $this->id); - - // Delete all posts by IP (global) - if(hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['uri'] . '/deletebyip/' . $this->id . '/global'); - - // Ban - if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_ban'] . ''; - - // Ban & Delete - if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_bandelete'] . ''; - - // Delete file (keep post) - if(!empty($this->file) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_deletefile'] . ''; - - // Edit post - if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_editpost'] . ''; - - if(!empty($built)) - $built = '' . $built . ''; - } - return $built; - } - - public function build($index=false) { - global $board, $config; + // Ban & Delete + if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_bandelete'] . ''; - return Element('post_reply.html', Array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index)); - } - }; - - class Thread { - public function __construct($id, $subject, $email, $name, $trip, $capcode, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $locked, $bumplocked, $embed, $root=null, $mod=false, $hr=true) { - global $config; - if(!isset($root)) $root = &$config['root']; + // Delete file (keep post) + if(!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_deletefile'] . ''; - $this->id = $id; - $this->subject = utf8tohtml($subject); - $this->email = $email; - $this->name = utf8tohtml($name); - $this->trip = $trip; - $this->capcode = $capcode; - $this->body = $body; - $this->time = $time; - $this->thumb = $thumb; - $this->thumbx = $thumbx; - $this->thumby = $thumby; - $this->file = $file; - $this->filex = $filex; - $this->filey = $filey; - $this->filesize = $filesize; - $this->filename = $filename; - $this->omitted = 0; - $this->omitted_images = 0; - $this->posts = Array(); - $this->ip = $ip; - $this->sticky = $sticky; - $this->locked = $locked; - $this->bumplocked = $bumplocked; - $this->embed = $embed; - $this->root = $root; - $this->mod = $mod; - $this->hr = $hr; + // Sticky + if(hasPermission($config['mod']['sticky'], $board['uri'], $this->mod)) + if($this->sticky) + $built .= ' ' . $config['mod']['link_desticky'] . ''; + else + $built .= ' ' . $config['mod']['link_sticky'] . ''; - if($this->mod) - // Fix internal links - // Very complicated regex - $this->body = preg_replace( - '/' . $config['mod']['link_bumpunlock'] . ''; + else + $built .= ' ' . $config['mod']['link_bumplock'] . ''; - return $this->root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $this->id) . '#' . $pre . $this->id; - } - public function add(Post $post) { - $this->posts[] = $post; - } - public function postControls() { - global $board, $config; + // Lock + if(hasPermission($config['mod']['lock'], $board['uri'], $this->mod)) + if($this->locked) + $built .= ' ' . $config['mod']['link_unlock'] . ''; + else + $built .= ' ' . $config['mod']['link_lock'] . ''; - $built = ''; - if($this->mod) { - // Mod controls (on posts) - // Delete - if(hasPermission($config['mod']['delete'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['uri'] . '/delete/' . $this->id); - - // Delete all posts by IP - if(hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['uri'] . '/deletebyip/' . $this->id); - - // Delete all posts by IP (global) - if(hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod)) - $built .= ' ' . confirmLink($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['uri'] . '/deletebyip/' . $this->id . '/global'); - - // Ban - if(hasPermission($config['mod']['ban'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_ban'] . ''; - - // Ban & Delete - if(hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_bandelete'] . ''; - - // Delete file (keep post) - if(!empty($this->file) && $this->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_deletefile'] . ''; - - // Sticky - if(hasPermission($config['mod']['sticky'], $board['uri'], $this->mod)) - if($this->sticky) - $built .= ' ' . $config['mod']['link_desticky'] . ''; - else - $built .= ' ' . $config['mod']['link_sticky'] . ''; - - if(hasPermission($config['mod']['bumplock'], $board['uri'], $this->mod)) - if($this->bumplocked) - $built .= ' ' . $config['mod']['link_bumpunlock'] . ''; - else - $built .= ' ' . $config['mod']['link_bumplock'] . ''; - - // Lock - if(hasPermission($config['mod']['lock'], $board['uri'], $this->mod)) - if($this->locked) - $built .= ' ' . $config['mod']['link_unlock'] . ''; - else - $built .= ' ' . $config['mod']['link_lock'] . ''; - - if(hasPermission($config['mod']['move'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_move'] . ''; - - // Edit post - if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_editpost'] . ''; - - if(!empty($built)) - $built = '' . $built . ''; - } - return $built; - } - - public function ratio() { - return fraction($this->filex, $this->filey, ':'); - } - - public function build($index=false) { - global $board, $config, $debug; + if(hasPermission($config['mod']['move'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_move'] . ''; - $built = Element('post_thread.html', Array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index)); + // Edit post + if(hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) + $built .= ' ' . $config['mod']['link_editpost'] . ''; - if(!$this->mod && $index && $config['cache']['enabled']) { - cache::set($this->cache_key($index), $built); - } - - return $built; + if(!empty($built)) + $built = '' . $built . ''; } - function cache_key($index) { - global $board; - - return 'thread_' . ($index ? 'index_' : '') . $board['uri'] . '_' . $this->id; + return $built; + } + + public function ratio() { + return fraction($this->filex, $this->filey, ':'); + } + + public function build($index=false) { + global $board, $config, $debug; + + $built = Element('post_thread.html', Array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index)); + + if(!$this->mod && $index && $config['cache']['enabled']) { + cache::set($this->cache_key($index), $built); } - }; -?> + + return $built; + } + function cache_key($index) { + global $board; + + return 'thread_' . ($index ? 'index_' : '') . $board['uri'] . '_' . $this->id; + } +}; + diff --git a/inc/events.php b/inc/events.php index 1c45b91b..33fa5a61 100644 --- a/inc/events.php +++ b/inc/events.php @@ -1,5 +1,14 @@ Array(), 'purge' => Array(), 'cached' => Array()); - $debug['start'] = microtime(true); - } - } - - date_default_timezone_set($config['timezone']); - - if(!isset($config['blotter'])) - $config['blotter'] = false; - - if(!isset($config['post_url'])) - $config['post_url'] = $config['root'] . $config['file_post']; - - if(!isset($config['referer_match'])) - if(isset($_SERVER['HTTP_HOST'])) { - $config['referer_match'] = '/^' . - (preg_match($config['url_regex'], $config['root']) ? '' : - 'https?:\/\/' . $_SERVER['HTTP_HOST']) . - preg_quote($config['root'], '/') . - '(' . - str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . - '(' . - preg_quote($config['file_index'], '/') . '|' . - str_replace('%d', '\d+', preg_quote($config['file_page'])) . - ')?' . - '|' . - str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . - preg_quote($config['dir']['res'], '/') . - str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . - '|' . - preg_quote($config['file_mod'], '/') . '\?\/.+' . - ')([#?](.+)?)?$/i'; - } else { - // CLI mode - $config['referer_match'] = '//'; - } - if(!isset($config['cookies']['path'])) - $config['cookies']['path'] = &$config['root']; - - if(!isset($config['dir']['static'])) - $config['dir']['static'] = $config['root'] . 'static/'; - - if(!isset($config['image_sticky'])) - $config['image_sticky'] = $config['dir']['static'] . 'sticky.gif'; - if(!isset($config['image_locked'])) - $config['image_locked'] = $config['dir']['static'] . 'locked.gif'; - if(!isset($config['image_bumplocked'])) - $config['image_bumplocked'] = $config['dir']['static'] . 'sage.gif'; - if(!isset($config['image_deleted'])) - $config['image_deleted'] = $config['dir']['static'] . 'deleted.png'; - if(!isset($config['image_zip'])) - $config['image_zip'] = $config['dir']['static'] . 'zip.png'; - - if(!isset($config['uri_thumb'])) - $config['uri_thumb'] = $config['root'] . $board['dir'] . $config['dir']['thumb']; - elseif(isset($board['dir'])) - $config['uri_thumb'] = sprintf($config['uri_thumb'], $board['dir']); - - if(!isset($config['uri_img'])) - $config['uri_img'] = $config['root'] . $board['dir'] . $config['dir']['img']; - elseif(isset($board['dir'])) - $config['uri_img'] = sprintf($config['uri_img'], $board['dir']); - - if(!isset($config['uri_stylesheets'])) - $config['uri_stylesheets'] = $config['root'] . 'stylesheets/'; - - if(!isset($config['url_stylesheet'])) - $config['url_stylesheet'] = $config['uri_stylesheets'] . 'style.css'; - if(!isset($config['url_javascript'])) - $config['url_javascript'] = $config['root'] . $config['file_script']; - if(!isset($config['additional_javascript_url'])) - $config['additional_javascript_url'] = $config['root']; - - if($config['root_file']) { - chdir($config['root_file']); - } - - if($config['verbose_errors']) { - error_reporting(E_ALL); - ini_set('display_errors', 1); - } - - // Keep the original address to properly comply with other board configurations - if(!isset($__ip)) - $__ip = $_SERVER['REMOTE_ADDR']; - - // ::ffff:0.0.0.0 - if(preg_match('/^\:\:(ffff\:)?(\d+\.\d+\.\d+\.\d+)$/', $__ip, $m)) - $_SERVER['REMOTE_ADDR'] = $m[2]; - - if(_setlocale(LC_ALL, $config['locale']) === false) { - $error('The specified locale (' . $config['locale'] . ') does not exist on your platform!'); - } - - if(extension_loaded('gettext')) { - bindtextdomain('tinyboard', './inc/locale'); - bind_textdomain_codeset('tinyboard', 'UTF-8'); - textdomain('tinyboard'); - } else { - _bindtextdomain('tinyboard', './inc/locale'); - _bind_textdomain_codeset('tinyboard', 'UTF-8'); - _textdomain('tinyboard'); - } - - - if($config['syslog']) - openlog('tinyboard', LOG_ODELAY, LOG_SYSLOG); // open a connection to sysem logger - - if($config['recaptcha']) - require_once 'inc/lib/recaptcha/recaptchalib.php'; - if($config['cache']['enabled']) - require_once 'inc/cache.php'; + if(isset($board['dir']) && file_exists($board['dir'] . '/config.php')) { + require $board['dir'] . '/config.php'; } - function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true) { - global $config; - - if($config['syslog'] && $priority !== false) { - // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. - _syslog($priority !== true ? $priority : LOG_NOTICE, $message); - } - - // Yes, this is horrible. - die('Error' . - '' . - '

Error

' . $message . '
' . - '

This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.

'); - } - - function fatal_error_handler() { - if($error = error_get_last()) { - if($error['type'] == E_ERROR) { - if(function_exists('error')) { - error('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); - } else { - basic_error_function_because_the_other_isnt_loaded_yet('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); - } - } + if(!isset($__version)) + $__version = file_exists('.installed') ? trim(file_get_contents('.installed')) : false; + $config['version'] = $__version; + + if($config['debug']) { + if(!isset($debug)) { + $debug = array('sql' => array(), 'purge' => array(), 'cached' => array()); + $debug['start'] = microtime(true); } } - function _syslog($priority, $message) { - if(isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) { - // CGI - syslog($priority, $message . ' - client: ' . $_SERVER['REMOTE_ADDR'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"'); + date_default_timezone_set($config['timezone']); + + if(!isset($config['blotter'])) + $config['blotter'] = false; + + if(!isset($config['post_url'])) + $config['post_url'] = $config['root'] . $config['file_post']; + + if(!isset($config['referer_match'])) + if(isset($_SERVER['HTTP_HOST'])) { + $config['referer_match'] = '/^' . + (preg_match($config['url_regex'], $config['root']) ? '' : + 'https?:\/\/' . $_SERVER['HTTP_HOST']) . + preg_quote($config['root'], '/') . + '(' . + str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . + '(' . + preg_quote($config['file_index'], '/') . '|' . + str_replace('%d', '\d+', preg_quote($config['file_page'])) . + ')?' . + '|' . + str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . + preg_quote($config['dir']['res'], '/') . + str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . + '|' . + preg_quote($config['file_mod'], '/') . '\?\/.+' . + ')([#?](.+)?)?$/i'; } else { - syslog($priority, $message); - } + // CLI mode + $config['referer_match'] = '//'; + } + if(!isset($config['cookies']['path'])) + $config['cookies']['path'] = &$config['root']; + + if(!isset($config['dir']['static'])) + $config['dir']['static'] = $config['root'] . 'static/'; + + if(!isset($config['image_sticky'])) + $config['image_sticky'] = $config['dir']['static'] . 'sticky.gif'; + if(!isset($config['image_locked'])) + $config['image_locked'] = $config['dir']['static'] . 'locked.gif'; + if(!isset($config['image_bumplocked'])) + $config['image_bumplocked'] = $config['dir']['static'] . 'sage.gif'; + if(!isset($config['image_deleted'])) + $config['image_deleted'] = $config['dir']['static'] . 'deleted.png'; + if(!isset($config['image_zip'])) + $config['image_zip'] = $config['dir']['static'] . 'zip.png'; + + if(!isset($config['uri_thumb'])) + $config['uri_thumb'] = $config['root'] . $board['dir'] . $config['dir']['thumb']; + elseif(isset($board['dir'])) + $config['uri_thumb'] = sprintf($config['uri_thumb'], $board['dir']); + + if(!isset($config['uri_img'])) + $config['uri_img'] = $config['root'] . $board['dir'] . $config['dir']['img']; + elseif(isset($board['dir'])) + $config['uri_img'] = sprintf($config['uri_img'], $board['dir']); + + if(!isset($config['uri_stylesheets'])) + $config['uri_stylesheets'] = $config['root'] . 'stylesheets/'; + + if(!isset($config['url_stylesheet'])) + $config['url_stylesheet'] = $config['uri_stylesheets'] . 'style.css'; + if(!isset($config['url_javascript'])) + $config['url_javascript'] = $config['root'] . $config['file_script']; + if(!isset($config['additional_javascript_url'])) + $config['additional_javascript_url'] = $config['root']; + + if($config['root_file']) { + chdir($config['root_file']); } - - function rebuildThemes($action) { - // List themes - $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); - while($theme = $query->fetch()) { - rebuildTheme($theme['theme'], $action); - } + if($config['verbose_errors']) { + error_reporting(E_ALL); + ini_set('display_errors', 1); } - - - function loadThemeConfig($_theme) { - global $config; - if(!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) - return false; + // Keep the original address to properly comply with other board configurations + if(!isset($__ip)) + $__ip = $_SERVER['REMOTE_ADDR']; - // Load theme information into $theme - include $config['dir']['themes'] . '/' . $_theme . '/info.php'; + // ::ffff:0.0.0.0 + if(preg_match('/^\:\:(ffff\:)?(\d+\.\d+\.\d+\.\d+)$/', $__ip, $m)) + $_SERVER['REMOTE_ADDR'] = $m[2]; - return $theme; + if(_setlocale(LC_ALL, $config['locale']) === false) { + $error('The specified locale (' . $config['locale'] . ') does not exist on your platform!'); } - - function rebuildTheme($theme, $action) { - global $config, $_theme; - $_theme = $theme; - $theme = loadThemeConfig($_theme); + if(extension_loaded('gettext')) { + bindtextdomain('tinyboard', './inc/locale'); + bind_textdomain_codeset('tinyboard', 'UTF-8'); + textdomain('tinyboard'); + } else { + _bindtextdomain('tinyboard', './inc/locale'); + _bind_textdomain_codeset('tinyboard', 'UTF-8'); + _textdomain('tinyboard'); + } - if(file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) { - require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php'; - - $theme['build_function']($action, themeSettings($_theme)); + + if($config['syslog']) + openlog('tinyboard', LOG_ODELAY, LOG_SYSLOG); // open a connection to sysem logger + + if($config['recaptcha']) + require_once 'inc/lib/recaptcha/recaptchalib.php'; + if($config['cache']['enabled']) + require_once 'inc/cache.php'; +} + +function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true) { + global $config; + + if($config['syslog'] && $priority !== false) { + // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. + _syslog($priority !== true ? $priority : LOG_NOTICE, $message); + } + + // Yes, this is horrible. + die('Error' . + '' . + '

Error

' . $message . '
' . + '

This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.

'); +} + +function fatal_error_handler() { + if($error = error_get_last()) { + if($error['type'] == E_ERROR) { + if(function_exists('error')) { + error('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); + } else { + basic_error_function_because_the_other_isnt_loaded_yet('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); + } } } +} +function _syslog($priority, $message) { + if(isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) { + // CGI + syslog($priority, $message . ' - client: ' . $_SERVER['REMOTE_ADDR'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"'); + } else { + syslog($priority, $message); + } +} - function themeSettings($theme) { - $query = prepare("SELECT `name`, `value` FROM `theme_settings` WHERE `theme` = :theme AND `name` IS NOT NULL"); - $query->bindValue(':theme', $theme); - $query->execute() or error(db_error($query)); + +function rebuildThemes($action) { + // List themes + $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); + while($theme = $query->fetch()) { + rebuildTheme($theme['theme'], $action); + } +} + + +function loadThemeConfig($_theme) { + global $config; + + if(!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) + return false; + + // Load theme information into $theme + include $config['dir']['themes'] . '/' . $_theme . '/info.php'; + + return $theme; +} + +function rebuildTheme($theme, $action) { + global $config, $_theme; + $_theme = $theme; + + $theme = loadThemeConfig($_theme); + + if(file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) { + require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php'; - $settings = Array(); - while($s = $query->fetch()) { - $settings[$s['name']] = $s['value']; - } + $theme['build_function']($action, themeSettings($_theme)); + } +} + + +function themeSettings($theme) { + $query = prepare("SELECT `name`, `value` FROM `theme_settings` WHERE `theme` = :theme AND `name` IS NOT NULL"); + $query->bindValue(':theme', $theme); + $query->execute() or error(db_error($query)); + + $settings = array(); + while($s = $query->fetch()) { + $settings[$s['name']] = $s['value']; + } + + return $settings; +} + +function sprintf3($str, $vars, $delim = '%') { + $replaces = array(); + foreach($vars as $k => $v) { + $replaces[$delim . $k . $delim] = $v; + } + return str_replace(array_keys($replaces), + array_values($replaces), $str); +} + +function setupBoard($array) { + global $board, $config; + + $board = array( + 'id' => $array['id'], + 'uri' => $array['uri'], + 'name' => $array['title'], + 'title' => $array['subtitle']); + + $board['dir'] = sprintf($config['board_path'], $board['uri']); + $board['url'] = sprintf($config['board_abbreviation'], $board['uri']); + + loadConfig(); - return $settings; + if(!file_exists($board['dir'])) + mkdir($board['dir'], 0777) or error("Couldn't create " . $board['dir'] . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['img'])) + @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['thumb'])) + @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); + if(!file_exists($board['dir'] . $config['dir']['res'])) + @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); +} + +function openBoard($uri) { + global $config; + if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { + setupBoard($board); + return true; } + + $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); + $query->bindValue(':uri', $uri); + $query->execute() or error(db_error($query)); + + if($board = $query->fetch()) { + if($config['cache']['enabled']) + cache::set('board_' . $uri, $board); + setupBoard($board); + return true; + } else return false; +} - function sprintf3($str, $vars, $delim = '%') { - $replaces = array(); - foreach($vars as $k => $v) { - $replaces[$delim . $k . $delim] = $v; - } - return str_replace(array_keys($replaces), - array_values($replaces), $str); +function boardTitle($uri) { + global $config; + if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { + return $board['title']; } - function setupBoard($array) { - global $board, $config; - - $board = Array( - 'id' => $array['id'], - 'uri' => $array['uri'], - 'name' => $array['title'], - 'title' => $array['subtitle']); - - $board['dir'] = sprintf($config['board_path'], $board['uri']); - $board['url'] = sprintf($config['board_abbreviation'], $board['uri']); - - loadConfig(); - - if(!file_exists($board['dir'])) - mkdir($board['dir'], 0777) or error("Couldn't create " . $board['dir'] . ". Check permissions.", true); - if(!file_exists($board['dir'] . $config['dir']['img'])) - @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); - if(!file_exists($board['dir'] . $config['dir']['thumb'])) - @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); - if(!file_exists($board['dir'] . $config['dir']['res'])) - @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); - } - - function openBoard($uri) { - global $config; - if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { - setupBoard($board); - return true; - } - - $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); - $query->bindValue(':uri', $uri); - $query->execute() or error(db_error($query)); - - if($board = $query->fetch()) { - if($config['cache']['enabled']) - cache::set('board_' . $uri, $board); - setupBoard($board); - return true; - } else return false; - } - - function boardTitle($uri) { - global $config; - if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { - return $board['title']; - } - - $query = prepare("SELECT `title` FROM `boards` WHERE `uri` = :uri LIMIT 1"); - $query->bindValue(':uri', $uri); - $query->execute() or error(db_error($query)); - - if($title = $query->fetch()) { - return $title['title']; - } else return false; + $query = prepare("SELECT `title` FROM `boards` WHERE `uri` = :uri LIMIT 1"); + $query->bindValue(':uri', $uri); + $query->execute() or error(db_error($query)); + + if($title = $query->fetch()) { + return $title['title']; + } else return false; +} + +function purge($uri) { + global $config, $debug; + if(preg_match($config['referer_match'], $config['root'])) { + $uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri; + } else { + $uri = $config['root'] . $uri; } - function purge($uri) { - global $config, $debug; - if(preg_match($config['referer_match'], $config['root'])) { - $uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri; + if($config['debug']) { + $debug['purge'][] = $uri; + } + + foreach($config['purge'] as &$purge) { + $host = &$purge[0]; + $port = &$purge[1]; + $http_host = isset($purge[2]) ? $purge[2] : $_SERVER['HTTP_HOST']; + $request = "PURGE {$uri} HTTP/1.1\r\nHost: {$http_host}\r\nUser-Agent: Tinyboard\r\nConnection: Close\r\n\r\n"; + if($fp = fsockopen($host, $port, $errno, $errstr, $config['purge_timeout'])) { + fwrite($fp, $request); + fclose($fp); } else { - $uri = $config['root'] . $uri; - } - - if($config['debug']) { - $debug['purge'][] = $uri; - } - - foreach($config['purge'] as &$purge) { - $host = &$purge[0]; - $port = &$purge[1]; - $http_host = isset($purge[2]) ? $purge[2] : $_SERVER['HTTP_HOST']; - $request = "PURGE {$uri} HTTP/1.1\r\nHost: {$http_host}\r\nUser-Agent: Tinyboard\r\nConnection: Close\r\n\r\n"; - if($fp = fsockopen($host, $port, $errno, $errstr, $config['purge_timeout'])) { - fwrite($fp, $request); - fclose($fp); - } else { - // Cannot connect? - error('Could not PURGE for ' . $host); - } + // Cannot connect? + error('Could not PURGE for ' . $host); } } +} + +function file_write($path, $data, $simple = false, $skip_purge = false) { + global $config; - function file_write($path, $data, $simple = false, $skip_purge = false) { - global $config; - - if(preg_match('/^remote:\/\/(.+)\:(.+)$/', $path, $m)) { - if(isset($config['remote'][$m[1]])) { - require_once 'inc/remote.php'; - - $remote = new Remote($config['remote'][$m[1]]); - $remote->write($data, $m[2]); - return; - } else { - error('Invalid remote server: ' . $m[1]); - } - } - - if(!$fp = fopen($path, $simple ? 'w' : 'c')) - error('Unable to open file for writing: ' . $path); - - // File locking - if(!$simple && !flock($fp, LOCK_EX)) { - error('Unable to lock file: ' . $path); - } - - // Truncate file - if(!$simple && !ftruncate($fp, 0)) - error('Unable to truncate file: ' . $path); + if(preg_match('/^remote:\/\/(.+)\:(.+)$/', $path, $m)) { + if(isset($config['remote'][$m[1]])) { + require_once 'inc/remote.php'; - // Write data - if(fwrite($fp, $data) === false) - error('Unable to write to file: ' . $path); - - // Unlock - if(!$simple) - flock($fp, LOCK_UN); - - // Close - if(!fclose($fp)) - error('Unable to close file: ' . $path); - - if(!$skip_purge && isset($config['purge']) && isset($_SERVER['HTTP_HOST'])) { - // Purge cache - if(basename($path) == $config['file_index']) { - // Index file (/index.html); purge "/" as well - $uri = dirname($path); - // root - if($uri == '.') - $uri = ''; - else - $uri .= '/'; - purge($uri); - } - purge($path); + $remote = new Remote($config['remote'][$m[1]]); + $remote->write($data, $m[2]); + return; + } else { + error('Invalid remote server: ' . $m[1]); } - - event('write', $path); } - function file_unlink($path) { - global $config, $debug; - - if($config['debug']) { - if(!isset($debug['unlink'])) - $debug['unlink'] = Array(); - $debug['unlink'][] = $path; - } - - $ret = @unlink($path); - if(isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) { - // Purge cache - if(basename($path) == $config['file_index']) { - // Index file (/index.html); purge "/" as well - $uri = dirname($path); - // root - if($uri == '.') - $uri = ''; - else - $uri .= '/'; - purge($uri); - } - purge($path); - } - - event('unlink', $path); - - return $ret; - } + if(!$fp = fopen($path, $simple ? 'w' : 'c')) + error('Unable to open file for writing: ' . $path); - function hasPermission($action = null, $board = null, $_mod = null) { - global $config; - - if(isset($_mod)) - $mod = &$_mod; - else - global $mod; - - if(!is_array($mod)) - return false; - - if(isset($action) && $mod['type'] < $action) - return false; - - if(!isset($board) || $config['mod']['skip_per_board']) - return true; - - if(!isset($mod['boards'])) - return false; - - if(!in_array('*', $mod['boards']) && !in_array($board, $mod['boards'])) - return false; - - return true; + // File locking + if(!$simple && !flock($fp, LOCK_EX)) { + error('Unable to lock file: ' . $path); } - function listBoards() { - global $config; - - if($config['cache']['enabled'] && ($boards = cache::get('all_boards'))) - return $boards; + // Truncate file + if(!$simple && !ftruncate($fp, 0)) + error('Unable to truncate file: ' . $path); - $query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error()); - $boards = $query->fetchAll(); - - if($config['cache']['enabled']) - cache::set('all_boards', $boards); - - return $boards; - } + // Write data + if(fwrite($fp, $data) === false) + error('Unable to write to file: ' . $path); - function checkFlood($post) { - global $board, $config; - - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':body', $post['body'], PDO::PARAM_INT); - $query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT); - $query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT); - $query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $flood = (bool)$query->fetch(); - - if(event('check-flood', $post)) - return true; - - return $flood; - } - - function until($timestamp) { - $difference = $timestamp - time(); - if($difference < 60) { - return $difference . ' second' . ($difference != 1 ? 's' : ''); - } elseif($difference < 60*60) { - return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24) { - return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24*7) { - return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24*365) { - return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); - } else { - return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); + // Unlock + if(!$simple) + flock($fp, LOCK_UN); + + // Close + if(!fclose($fp)) + error('Unable to close file: ' . $path); + + if(!$skip_purge && isset($config['purge']) && isset($_SERVER['HTTP_HOST'])) { + // Purge cache + if(basename($path) == $config['file_index']) { + // Index file (/index.html); purge "/" as well + $uri = dirname($path); + // root + if($uri == '.') + $uri = ''; + else + $uri .= '/'; + purge($uri); } + purge($path); } - function ago($timestamp) { - $difference = time() - $timestamp; - if($difference < 60) { - return $difference . ' second' . ($difference != 1 ? 's' : ''); - } elseif($difference < 60*60) { - return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24) { - return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24*7) { - return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); - } elseif($difference < 60*60*24*365) { - return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); - } else { - return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); + event('write', $path); +} + +function file_unlink($path) { + global $config, $debug; + + if($config['debug']) { + if(!isset($debug['unlink'])) + $debug['unlink'] = array(); + $debug['unlink'][] = $path; + } + + $ret = @unlink($path); + if(isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) { + // Purge cache + if(basename($path) == $config['file_index']) { + // Index file (/index.html); purge "/" as well + $uri = dirname($path); + // root + if($uri == '.') + $uri = ''; + else + $uri .= '/'; + purge($uri); } + purge($path); } - function displayBan($ban) { - global $config; - - $ban['ip'] = $_SERVER['REMOTE_ADDR']; + event('unlink', $path); + + return $ret; +} + +function hasPermission($action = null, $board = null, $_mod = null) { + global $config; - // Show banned page and exit - die( - Element('page.html', Array( - 'title' => 'Banned!', + if(isset($_mod)) + $mod = &$_mod; + else + global $mod; + + if(!is_array($mod)) + return false; + + if(isset($action) && $mod['type'] < $action) + return false; + + if(!isset($board) || $config['mod']['skip_per_board']) + return true; + + if(!isset($mod['boards'])) + return false; + + if(!in_array('*', $mod['boards']) && !in_array($board, $mod['boards'])) + return false; + + return true; +} + +function listBoards() { + global $config; + + if($config['cache']['enabled'] && ($boards = cache::get('all_boards'))) + return $boards; + + $query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error()); + $boards = $query->fetchAll(); + + if($config['cache']['enabled']) + cache::set('all_boards', $boards); + + return $boards; +} + +function checkFlood($post) { + global $board, $config; + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':body', $post['body'], PDO::PARAM_INT); + $query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT); + $query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT); + $query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $flood = (bool)$query->fetch(); + + if(event('check-flood', $post)) + return true; + + return $flood; +} + +function until($timestamp) { + $difference = $timestamp - time(); + if($difference < 60) { + return $difference . ' second' . ($difference != 1 ? 's' : ''); + } elseif($difference < 60*60) { + return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24) { + return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*7) { + return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*365) { + return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); + } else { + return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); + } +} + +function ago($timestamp) { + $difference = time() - $timestamp; + if($difference < 60) { + return $difference . ' second' . ($difference != 1 ? 's' : ''); + } elseif($difference < 60*60) { + return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24) { + return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*7) { + return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); + } elseif($difference < 60*60*24*365) { + return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); + } else { + return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); + } +} + +function displayBan($ban) { + global $config; + + $ban['ip'] = $_SERVER['REMOTE_ADDR']; + + // Show banned page and exit + die( + Element('page.html', array( + 'title' => 'Banned!', + 'config' => $config, + 'body' => Element('banned.html', array( 'config' => $config, - 'body' => Element('banned.html', Array( - 'config' => $config, - 'ban' => $ban - ) - )) - )); - } + 'ban' => $ban + ) + )) + )); +} + +function checkBan($board = 0) { + global $config; - function checkBan($board = 0) { - global $config; - - if(!isset($_SERVER['REMOTE_ADDR'])) { - // Server misconfiguration - return; - } - - if(event('check-ban', $board)) - return true; - - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); + if(!isset($_SERVER['REMOTE_ADDR'])) { + // Server misconfiguration + return; + } + + if(event('check-ban', $board)) + return true; + + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':board', $board); + $query->execute() or error(db_error($query)); + if($query->rowCount() < 1 && $config['ban_range']) { + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); - if($query->rowCount() < 1 && $config['ban_range']) { - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':board', $board); - $query->execute() or error(db_error($query)); - } - - if($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) { - // my most insane SQL query yet - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) - AND ( - `ip` REGEXP '^(\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+\)\/(\[0-9]+)$' - AND - :ip >= INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) - AND - :ip < INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) + POW(2, 32 - SUBSTRING_INDEX(`ip`, '/', -1)) - ) - ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); - $query->bindValue(':ip', ip2long($_SERVER['REMOTE_ADDR'])); - $query->bindValue(':board', $board); - $query->execute() or error(db_error($query)); - } - - if($ban = $query->fetch()) { - if($ban['expires'] && $ban['expires'] < time()) { - // Ban expired - $query = prepare("DELETE FROM `bans` WHERE `id` = :id LIMIT 1"); - $query->bindValue(':id', $ban['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - return; - } - - displayBan($ban); - } } - function threadLocked($id) { - global $board; - - if(event('check-locked', $id)) - return true; - - $query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error()); - - if(!$post = $query->fetch()) { - // Non-existant, so it can't be locked... - return false; - } - - return (bool)$post['locked']; + if($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) { + // my most insane SQL query yet + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) + AND ( + `ip` REGEXP '^(\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+\)\/(\[0-9]+)$' + AND + :ip >= INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) + AND + :ip < INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) + POW(2, 32 - SUBSTRING_INDEX(`ip`, '/', -1)) + ) + ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); + $query->bindValue(':ip', ip2long($_SERVER['REMOTE_ADDR'])); + $query->bindValue(':board', $board); + $query->execute() or error(db_error($query)); } - function threadSageLocked($id) { - global $board; - - if(event('check-sage-locked', $id)) - return true; - - $query = prepare(sprintf("SELECT `sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error()); - - if(!$post = $query->fetch()) { - // Non-existant, so it can't be locked... - return false; + if($ban = $query->fetch()) { + if($ban['expires'] && $ban['expires'] < time()) { + // Ban expired + $query = prepare("DELETE FROM `bans` WHERE `id` = :id LIMIT 1"); + $query->bindValue(':id', $ban['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + return; } - return (bool) $post['sage']; + displayBan($ban); } +} + +function threadLocked($id) { + global $board; - function threadExists($id) { - global $board; - - $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error()); - - if($query->rowCount()) { - return true; - } else return false; + if(event('check-locked', $id)) + return true; + + $query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if(!$post = $query->fetch()) { + // Non-existant, so it can't be locked... + return false; } - function post($post) { - global $pdo, $board; - $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); - - // Basic stuff - if(!empty($post['subject'])) { - $query->bindValue(':subject', $post['subject']); - } else { - $query->bindValue(':subject', NULL, PDO::PARAM_NULL); - } - - if(!empty($post['email'])) { - $query->bindValue(':email', $post['email']); - } else { - $query->bindValue(':email', NULL, PDO::PARAM_NULL); - } - - if(!empty($post['trip'])) { - $query->bindValue(':trip', $post['trip']); - } else { - $query->bindValue(':trip', NULL, PDO::PARAM_NULL); - } - - $query->bindValue(':name', $post['name']); - $query->bindValue(':body', $post['body']); - $query->bindValue(':body_nomarkup', $post['body_nomarkup']); - $query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT); - $query->bindValue(':password', $post['password']); - $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']); - - if($post['mod'] && $post['sticky']) { - $query->bindValue(':sticky', 1, PDO::PARAM_INT); - } else { - $query->bindValue(':sticky', 0, PDO::PARAM_INT); - } - - if($post['mod'] && $post['locked']) { - $query->bindValue(':locked', 1, PDO::PARAM_INT); - } else { - $query->bindValue(':locked', 0, PDO::PARAM_INT); - } - - if($post['mod'] && isset($post['capcode']) && $post['capcode']) { - $query->bindValue(':capcode', $post['capcode'], PDO::PARAM_INT); - } else { - $query->bindValue(':capcode', NULL, PDO::PARAM_NULL); - } - - if(!empty($post['embed'])) { - $query->bindValue(':embed', $post['embed']); - } else { - $query->bindValue(':embed', NULL, PDO::PARAM_NULL); - } - - if($post['op']) { - // No parent thread, image - $query->bindValue(':thread', null, PDO::PARAM_NULL); - } else { - $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT); - } + return (bool)$post['locked']; +} + +function threadSageLocked($id) { + global $board; + + if(event('check-sage-locked', $id)) + return true; + + $query = prepare(sprintf("SELECT `sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if(!$post = $query->fetch()) { + // Non-existant, so it can't be locked... + return false; + } + + return (bool) $post['sage']; +} + +function threadExists($id) { + global $board; + + $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if($query->rowCount()) { + return true; + } else return false; +} + +function post(array $post) { + global $pdo, $board; + $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); + + // Basic stuff + if(!empty($post['subject'])) { + $query->bindValue(':subject', $post['subject']); + } else { + $query->bindValue(':subject', NULL, PDO::PARAM_NULL); + } + + if(!empty($post['email'])) { + $query->bindValue(':email', $post['email']); + } else { + $query->bindValue(':email', NULL, PDO::PARAM_NULL); + } + + if(!empty($post['trip'])) { + $query->bindValue(':trip', $post['trip']); + } else { + $query->bindValue(':trip', NULL, PDO::PARAM_NULL); + } + + $query->bindValue(':name', $post['name']); + $query->bindValue(':body', $post['body']); + $query->bindValue(':body_nomarkup', $post['body_nomarkup']); + $query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT); + $query->bindValue(':password', $post['password']); + $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']); + + if($post['mod'] && $post['sticky']) { + $query->bindValue(':sticky', 1, PDO::PARAM_INT); + } else { + $query->bindValue(':sticky', 0, PDO::PARAM_INT); + } + + if($post['mod'] && $post['locked']) { + $query->bindValue(':locked', 1, PDO::PARAM_INT); + } else { + $query->bindValue(':locked', 0, PDO::PARAM_INT); + } + + if($post['mod'] && isset($post['capcode']) && $post['capcode']) { + $query->bindValue(':capcode', $post['capcode'], PDO::PARAM_INT); + } else { + $query->bindValue(':capcode', NULL, PDO::PARAM_NULL); + } + + if(!empty($post['embed'])) { + $query->bindValue(':embed', $post['embed']); + } else { + $query->bindValue(':embed', NULL, PDO::PARAM_NULL); + } + + if($post['op']) { + // No parent thread, image + $query->bindValue(':thread', null, PDO::PARAM_NULL); + } else { + $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT); + } + + if($post['has_file']) { + $query->bindValue(':thumb', $post['thumb']); + $query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT); + $query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT); + $query->bindValue(':file', $post['file']); - if($post['has_file']) { - $query->bindValue(':thumb', $post['thumb']); - $query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT); - $query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT); - $query->bindValue(':file', $post['file']); - - if(isset($post['width'], $post['height'])) { - $query->bindValue(':width', $post['width'], PDO::PARAM_INT); - $query->bindValue(':height', $post['height'], PDO::PARAM_INT); - } else { - $query->bindValue(':width', null, PDO::PARAM_NULL); - $query->bindValue(':height', null, PDO::PARAM_NULL); - } - - $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); - $query->bindValue(':filename', $post['filename']); - $query->bindValue(':filehash', $post['filehash']); + if(isset($post['width'], $post['height'])) { + $query->bindValue(':width', $post['width'], PDO::PARAM_INT); + $query->bindValue(':height', $post['height'], PDO::PARAM_INT); } else { - $query->bindValue(':thumb', null, PDO::PARAM_NULL); - $query->bindValue(':thumbwidth', null, PDO::PARAM_NULL); - $query->bindValue(':thumbheight', null, PDO::PARAM_NULL); - $query->bindValue(':file', null, PDO::PARAM_NULL); $query->bindValue(':width', null, PDO::PARAM_NULL); $query->bindValue(':height', null, PDO::PARAM_NULL); - $query->bindValue(':filesize', null, PDO::PARAM_NULL); - $query->bindValue(':filename', null, PDO::PARAM_NULL); - $query->bindValue(':filehash', null, PDO::PARAM_NULL); } - $query->execute() or error(db_error($query)); - - return $pdo->lastInsertId(); + $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); + $query->bindValue(':filename', $post['filename']); + $query->bindValue(':filehash', $post['filehash']); + } else { + $query->bindValue(':thumb', null, PDO::PARAM_NULL); + $query->bindValue(':thumbwidth', null, PDO::PARAM_NULL); + $query->bindValue(':thumbheight', null, PDO::PARAM_NULL); + $query->bindValue(':file', null, PDO::PARAM_NULL); + $query->bindValue(':width', null, PDO::PARAM_NULL); + $query->bindValue(':height', null, PDO::PARAM_NULL); + $query->bindValue(':filesize', null, PDO::PARAM_NULL); + $query->bindValue(':filename', null, PDO::PARAM_NULL); + $query->bindValue(':filehash', null, PDO::PARAM_NULL); } - function bumpThread($id) { - global $board; - - if(event('bump', $id)) - return true; - - $query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + if(!$query->execute()) { + undoImage($post); + error(db_error($query)); + } + + return $pdo->lastInsertId(); +} + +function bumpThread($id) { + global $board; + + if(event('bump', $id)) + return true; + + $query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); +} + +// Remove file from post +function deleteFile($id, $remove_entirely_if_already=true) { + global $board, $config; + + $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error($config['error']['invalidpost']); } - // Remove file from post - function deleteFile($id, $remove_entirely_if_already=true) { - global $board, $config; + $post = $query->fetch(); + + if($post['file'] == 'deleted' && !$post['thread']) + return; // Can't delete OP's image completely. + + $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri'])); + if($post['file'] == 'deleted' && $remove_entirely_if_already) { + // Already deleted; remove file fully + $query->bindValue(':file', null, PDO::PARAM_NULL); + } else { + // Delete thumbnail + file_unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); - $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + // Delete file + file_unlink($board['dir'] . $config['dir']['img'] . $post['file']); - if($query->rowCount() < 1) { + // Set file to 'deleted' + $query->bindValue(':file', 'deleted', PDO::PARAM_INT); + } + // Update database + + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($post['thread']) + buildThread($post['thread']); +} + +// rebuild post (markup) +function rebuildPost($id) { + global $board; + + $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(!$post = $query->fetch()) + return false; + + if(!$post['body_nomarkup']) + return false; + + markup($body = &$post['body_nomarkup']); + + $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body WHERE `id` = :id", $board['uri'])); + $query->bindValue(':body', $body); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + buildThread($post['thread'] ? $post['thread'] : $id); + + return true; +} + +// Delete a post (reply or thread) +function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { + global $board, $config; + + // Select post and replies (if thread) in one query + $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + if($error_if_doesnt_exist) error($config['error']['invalidpost']); + else return false; + } + + $ids = array(); + + // Delete posts and maybe replies + while($post = $query->fetch()) { + if(!$post['thread']) { + // Delete thread HTML page + file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); + } elseif($query->rowCount() == 1) { + // Rebuild thread + $rebuild = &$post['thread']; } - - $post = $query->fetch(); - - if($post['file'] == 'deleted' && !$post['thread']) - return; // Can't delete OP's image completely. - - $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri'])); - if($post['file'] == 'deleted' && $remove_entirely_if_already) { - // Already deleted; remove file fully - $query->bindValue(':file', null, PDO::PARAM_NULL); - } else { + if($post['thumb']) { // Delete thumbnail file_unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); - + } + if($post['file']) { // Delete file file_unlink($board['dir'] . $config['dir']['img'] . $post['file']); - - // Set file to 'deleted' - $query->bindValue(':file', 'deleted', PDO::PARAM_INT); } - // Update database - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + $ids[] = (int)$post['id']; - if($post['thread']) - buildThread($post['thread']); } - // rebuild post (markup) - function rebuildPost($id) { - global $board; - - $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if(!$post = $query->fetch()) - return false; - - if(!$post['body_nomarkup']) - return false; - - markup($body = &$post['body_nomarkup']); - - $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body WHERE `id` = :id", $board['uri'])); - $query->bindValue(':body', $body); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - buildThread($post['thread'] ? $post['thread'] : $id); - - return true; - } + $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); - // Delete a post (reply or thread) - function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { - global $board, $config; - - // Select post and replies (if thread) in one query - $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($query->rowCount() < 1) { - if($error_if_doesnt_exist) - error($config['error']['invalidpost']); - else return false; + $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")"); + $query->bindValue(':board', $board['uri']); + $query->execute() or error(db_error($query)); + while($cite = $query->fetch()) { + if($board['uri'] != $cite['board']) { + if(!isset($tmp_board)) + $tmp_board = $board['uri']; + openBoard($cite['board']); } - - $ids = array(); - - // Delete posts and maybe replies - while($post = $query->fetch()) { - if(!$post['thread']) { - // Delete thread HTML page - file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); - } elseif($query->rowCount() == 1) { - // Rebuild thread - $rebuild = &$post['thread']; - } - if($post['thumb']) { - // Delete thumbnail - file_unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); - } - if($post['file']) { - // Delete file - file_unlink($board['dir'] . $config['dir']['img'] . $post['file']); + rebuildPost($cite['post']); + } + + if(isset($tmp_board)) + openBoard($tmp_board); + + $query = prepare("DELETE FROM `cites` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)"); + $query->bindValue(':board', $board['uri']); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(isset($rebuild) && $rebuild_after) { + buildThread($rebuild); + } + + return true; +} + +function clean() { + global $board, $config; + $offset = round($config['max_pages']*$config['threads_per_page']); + + // I too wish there was an easier way of doing this... + $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); + $query->bindValue(':offset', $offset, PDO::PARAM_INT); + + $query->execute() or error(db_error($query)); + while($post = $query->fetch()) { + deletePost($post['id']); + } +} + +function index($page, $mod=false) { + global $board, $config, $debug; + + $body = ''; + $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); + $query->bindValue(':offset', $offset, PDO::PARAM_INT); + $query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowcount() < 1 && $page > 1) + return false; + while($th = $query->fetch()) { + if(!$mod && $config['cache']['enabled']) { + if($built = cache::get("thread_index_{$board['uri']}_{$th['id']}")) { + $body .= $built; + continue; } - - $ids[] = (int)$post['id']; - } - $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")"); - $query->bindValue(':board', $board['uri']); - $query->execute() or error(db_error($query)); - while($cite = $query->fetch()) { - if($board['uri'] != $cite['board']) { - if(!isset($tmp_board)) - $tmp_board = $board['uri']; - openBoard($cite['board']); - } - rebuildPost($cite['post']); - } + $thread = new Thread( + $th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['capcode'], $th['body'], $th['time'], $th['thumb'], + $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], + $th['sticky'], $th['locked'], $th['sage'], $th['embed'], $mod ? '?/' : $config['root'], $mod + ); - if(isset($tmp_board)) - openBoard($tmp_board); + $posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); + $posts->bindValue(':id', $th['id']); + $posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); + $posts->execute() or error(db_error($posts)); - $query = prepare("DELETE FROM `cites` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)"); - $query->bindValue(':board', $board['uri']); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if(isset($rebuild) && $rebuild_after) { - buildThread($rebuild); + $num_images = 0; + while($po = $posts->fetch()) { + if($po['file']) + $num_images++; + + $thread->add(new Post( + $po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['capcode'], $po['body'], $po['time'], + $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], + $po['filename'], $po['ip'], $po['embed'], $mod ? '?/' : $config['root'], $mod) + ); } - return true; - } - - function clean() { - global $board, $config; - $offset = round($config['max_pages']*$config['threads_per_page']); + if($posts->rowCount() == ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) { + $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri'])); + $count->bindValue(':thread', $th['id'], PDO::PARAM_INT); + $count->execute() or error(db_error($count)); + + $c = $count->fetch(); + $thread->omitted = $c['num'] - ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']); + + $c = $count->fetch(); + $thread->omitted_images = $c['num'] - $num_images; + } - // I too wish there was an easier way of doing this... - $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); - $query->bindValue(':offset', $offset, PDO::PARAM_INT); + $thread->posts = array_reverse($thread->posts); - $query->execute() or error(db_error($query)); - while($post = $query->fetch()) { - deletePost($post['id']); - } + $body .= $thread->build(true); } - function index($page, $mod=false) { - global $board, $config, $debug; + return array( + 'board'=>$board, + 'body'=>$body, + 'post_url' => $config['post_url'], + 'config' => $config, + 'boardlist' => createBoardlist($mod) + ); +} - $body = ''; - $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); - - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); - $query->bindValue(':offset', $offset, PDO::PARAM_INT); - $query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($query->rowcount() < 1 && $page > 1) return false; - while($th = $query->fetch()) { - if(!$mod && $config['cache']['enabled']) { - if($built = cache::get("thread_index_{$board['uri']}_{$th['id']}")) { - $body .= $built; - continue; - } - } - - $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['capcode'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $th['sage'], $th['embed'], $mod ? '?/' : $config['root'], $mod); - - $posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); - $posts->bindValue(':id', $th['id']); - $posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); - $posts->execute() or error(db_error($posts)); - - $num_images = 0; - while($po = $posts->fetch()) { - if($po['file']) - $num_images++; +function getPageButtons($pages, $mod=false) { + global $config, $board; + + $btn = array(); + $root = ($mod ? '?/' : $config['root']) . $board['dir']; + + foreach($pages as $num => $page) { + if(isset($page['selected'])) { + // Previous button + if($num == 0) { + // There is no previous page. + $btn['prev'] = _('Previous'); + } else { + $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . + ($num == 1 ? + $config['file_index'] + : + sprintf($config['file_page'], $num) + ); - $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['capcode'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $po['embed'], $mod ? '?/' : $config['root'], $mod)); + $btn['prev'] = '
' . + ($mod ? + '' . + '' + :'') . + '
'; } - if($posts->rowCount() == ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) { - $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri'])); - $count->bindValue(':thread', $th['id'], PDO::PARAM_INT); - $count->execute() or error(db_error($count)); - - $c = $count->fetch(); - $thread->omitted = $c['num'] - ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']); + if($num == count($pages) - 1) { + // There is no next page. + $btn['next'] = _('Next'); + } else { + $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . sprintf($config['file_page'], $num + 2); - $c = $count->fetch(); - $thread->omitted_images = $c['num'] - $num_images; + $btn['next'] = '
' . + ($mod ? + '' . + '' + :'') . + '
'; } - - $thread->posts = array_reverse($thread->posts); - - $body .= $thread->build(true); } - - return Array( - 'board'=>$board, - 'body'=>$body, - 'post_url' => $config['post_url'], - 'config' => $config, - 'boardlist' => createBoardlist($mod) - ); } - function getPageButtons($pages, $mod=false) { - global $config, $board; - - $btn = Array(); - $root = ($mod ? '?/' : $config['root']) . $board['dir']; - - foreach($pages as $num => $page) { - if(isset($page['selected'])) { - // Previous button - if($num == 0) { - // There is no previous page. - $btn['prev'] = _('Previous'); - } else { - $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . - ($num == 1 ? - $config['file_index'] - : - sprintf($config['file_page'], $num) - ); - - $btn['prev'] = '
' . - ($mod ? - '' . - '' - :'') . - '
'; - } - - if($num == count($pages) - 1) { - // There is no next page. - $btn['next'] = _('Next'); - } else { - $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . sprintf($config['file_page'], $num + 2); - - $btn['next'] = '
' . - ($mod ? - '' . - '' - :'') . - '
'; - } - } - } - - return $btn; - } + return $btn; +} + +function getPages($mod=false) { + global $board, $config; - function getPages($mod=false) { - global $board, $config; - - // Count threads - $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); - - $count = current($query->fetch()); - $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); - - if($count < 1) $count = 1; - - $pages = Array(); - for($x=0;$x<$count && $x<$config['max_pages'];$x++) { - $pages[] = Array( - 'num' => $x+1, - 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1) - ); - } - - return $pages; - } + // Count threads + $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); - function makerobot($body) { - global $config; - $body = strtolower($body); - - // Leave only letters - $body = preg_replace('/[^a-z]/i', '', $body); - // Remove repeating characters - if($config['robot_strip_repeating']) - $body = preg_replace('/(.)\\1+/', '$1', $body); - - return sha1($body); + $count = current($query->fetch()); + $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); + + if($count < 1) $count = 1; + + $pages = array(); + for($x=0;$x<$count && $x<$config['max_pages'];$x++) { + $pages[] = array( + 'num' => $x+1, + 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1) + ); } - function checkRobot($body) { - if(empty($body)) - return true; - - if(event('check-robot', $body)) - return true; + return $pages; +} + +function makerobot($body) { + global $config; + $body = strtolower($body); + + // Leave only letters + $body = preg_replace('/[^a-z]/i', '', $body); + // Remove repeating characters + if($config['robot_strip_repeating']) + $body = preg_replace('/(.)\\1+/', '$1', $body); + + return sha1($body); +} + +function checkRobot($body) { + if(empty($body)) + return true; + + if(event('check-robot', $body)) + return true; + + $body = makerobot($body); + $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); + $query->bindValue(':hash', $body); + $query->execute() or error(db_error($query)); + + if($query->fetch()) { + return true; + } else { + // Insert new hash - $body = makerobot($body); - $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); + $query = prepare("INSERT INTO `robot` VALUES (:hash)"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); - - if($query->fetch()) { - return true; - } else { - // Insert new hash - - $query = prepare("INSERT INTO `robot` VALUES (:hash)"); - $query->bindValue(':hash', $body); - $query->execute() or error(db_error($query)); - return false; - } - } - - function numPosts($id) { - global $board; - $query = prepare(sprintf("SELECT COUNT(*) as `count` FROM `posts_%s` WHERE `thread` = :thread", $board['uri'])); - $query->bindValue(':thread', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $result = $query->fetch(); - return $result['count']; + return false; } +} + +function numPosts($id) { + global $board; + $query = prepare(sprintf("SELECT COUNT(*) as `count` FROM `posts_%s` WHERE `thread` = :thread", $board['uri'])); + $query->bindValue(':thread', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $result = $query->fetch(); + return $result['count']; +} + +function muteTime() { + global $config; + + if($time = event('mute-time')) + return $time; + + // Find number of mutes in the past X hours + $query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); + $query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + $result = $query->fetch(); + if($result['count'] == 0) return 0; + return pow($config['robot_mute_multiplier'], $result['count']); +} + +function mute() { + // Insert mute + $query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + + return muteTime(); +} + +function checkMute() { + global $config, $debug; - function muteTime() { - global $config; - - if($time = event('mute-time')) - return $time; - - // Find number of mutes in the past X hours - $query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); - $query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->execute() or error(db_error($query)); - - $result = $query->fetch(); - if($result['count'] == 0) return 0; - return pow($config['robot_mute_multiplier'], $result['count']); + if($config['cache']['enabled']) { + // Cached mute? + if(($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) { + error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); + } } - function mute() { - // Insert mute - $query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)"); - $query->bindValue(':time', time(), PDO::PARAM_INT); + $mutetime = muteTime(); + if($mutetime > 0) { + // Find last mute time + $query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); - return muteTime(); - } - - function checkMute() { - global $config, $debug; - - if($config['cache']['enabled']) { - // Cached mute? - if(($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) { - error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); - } + if(!$mute = $query->fetch()) { + // What!? He's muted but he's not muted... + return; } - $mutetime = muteTime(); - if($mutetime > 0) { - // Find last mute time - $query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->execute() or error(db_error($query)); - - if(!$mute = $query->fetch()) { - // What!? He's muted but he's not muted... - return; - } - - if($mute['time'] + $mutetime > time()) { - if($config['cache']['enabled']) { - cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time()); - cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time()); - } - // Not expired yet - error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); - } else { - // Already expired - return; + if($mute['time'] + $mutetime > time()) { + if($config['cache']['enabled']) { + cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time()); + cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time()); } + // Not expired yet + error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); + } else { + // Already expired + return; } } +} + +function createHiddenInputs($extra_salt = array()) { + global $config; - function createHiddenInputs($extra_salt = Array()) { - global $config; - - if(!empty($extra_salt)) { - // create a salted hash of the "extra salt" - $extra_salt = implode(':', $extra_salt); - } else { - $extra_salt = ''; - } - - $inputs = Array(); - - shuffle($config['spam']['hidden_input_names']); - $hidden_input_names_x = 0; - - $input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); - for($x=0;$x<$input_count;$x++) { - if(rand(0, 2) == 0 || $hidden_input_names_x < 0) { - // Use an obscure name - $name = strtolower(substr(base64_encode(sha1(rand(), true)), 0, rand(2, 20))); - - } else { - // Use a pre-defined confusing name - $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++]; - if($hidden_input_names_x >= count($config['spam']['hidden_input_names'])) - $hidden_input_names_x = -1; - } - - if(rand(0, 2) == 0) { - // Value must be null - $inputs[$name] = ''; - } elseif(rand(0, 4) == 0) { - // Numeric value - $inputs[$name] = rand(0, 100); - } else { - // Obscure value - $inputs[$name] = substr(base64_encode(sha1(rand(), true) . sha1(rand(), true)), 0, rand(2, 54)); - } - } - - $content = ''; - foreach($inputs as $name => $value) { - $display_type = rand(0, 8); + if(!empty($extra_salt)) { + // create a salted hash of the "extra salt" + $extra_salt = implode(':', $extra_salt); + } else { + $extra_salt = ''; + } + + $inputs = array(); + + shuffle($config['spam']['hidden_input_names']); + $hidden_input_names_x = 0; + + $input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); + for($x=0;$x<$input_count;$x++) { + if(rand(0, 2) == 0 || $hidden_input_names_x < 0) { + // Use an obscure name + $name = strtolower(substr(base64_encode(sha1(rand(), true)), 0, rand(2, 20))); - switch($display_type) { - case 0: - $content .= ''; - break; - case 1: - $content .= ''; - break; - case 2: - $content .= ''; - break; - case 3: - $content .= ''; - break; - case 4: - $content .= ''; - break; - case 5: - $content .= '
'; - break; - case 6: - if(!empty($value)) - $content .= ''; - else - $content .= ''; - break; - case 7: - if(!empty($value)) - $content .= ''; - else - $content .= ''; - break; - case 8: - $content .= '
'; - break; - } + } else { + // Use a pre-defined confusing name + $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++]; + if($hidden_input_names_x >= count($config['spam']['hidden_input_names'])) + $hidden_input_names_x = -1; + } + + if(rand(0, 2) == 0) { + // Value must be null + $inputs[$name] = ''; + } elseif(rand(0, 4) == 0) { + // Numeric value + $inputs[$name] = rand(0, 100); + } else { + // Obscure value + $inputs[$name] = substr(base64_encode(sha1(rand(), true) . sha1(rand(), true)), 0, rand(2, 54)); } + } + + $content = ''; + foreach($inputs as $name => $value) { + $display_type = rand(0, 8); - // Create a hash to validate it after - // This is the tricky part. - - // First, sort the keys in alphabetical order (A-Z) - ksort($inputs); - - $hash = ''; - - // Iterate through each input - foreach($inputs as $name => $value) { - $hash .= $name . '=' . $value; + switch($display_type) { + case 0: + $content .= ''; + break; + case 1: + $content .= ''; + break; + case 2: + $content .= ''; + break; + case 3: + $content .= ''; + break; + case 4: + $content .= ''; + break; + case 5: + $content .= '
'; + break; + case 6: + if(!empty($value)) + $content .= ''; + else + $content .= ''; + break; + case 7: + if(!empty($value)) + $content .= ''; + else + $content .= ''; + break; + case 8: + $content .= '
'; + break; } - - // Add a salt to the hash - $hash .= $config['cookies']['salt']; - - // Use SHA1 for the hash - $hash = sha1($hash . $extra_salt); - - // Append it to the HTML - $content .= ''; - - return $content; } - function checkSpam($extra_salt = Array()) { - global $config; - - if(!isset($_POST['hash'])) - return true; - - $hash = $_POST['hash']; - - if(!empty($extra_salt)) { - // create a salted hash of the "extra salt" - $extra_salt = implode(':', $extra_salt); - } else { - $extra_salt = ''; - } - - // Reconsturct the $inputs array - $inputs = Array(); - - foreach($_POST as $name => $value) { - if(in_array($name, $config['spam']['valid_inputs'])) - continue; - - $inputs[$name] = $value; - } + // Create a hash to validate it after + // This is the tricky part. + + // First, sort the keys in alphabetical order (A-Z) + ksort($inputs); + + $hash = ''; + + // Iterate through each input + foreach($inputs as $name => $value) { + $hash .= $name . '=' . $value; + } + + // Add a salt to the hash + $hash .= $config['cookies']['salt']; + + // Use SHA1 for the hash + $hash = sha1($hash . $extra_salt); + + // Append it to the HTML + $content .= ''; + + return $content; +} + +function checkSpam($extra_salt = array()) { + global $config; + + if(!isset($_POST['hash'])) + return true; + + $hash = $_POST['hash']; + + if(!empty($extra_salt)) { + // create a salted hash of the "extra salt" + $extra_salt = implode(':', $extra_salt); + } else { + $extra_salt = ''; + } + + // Reconsturct the $inputs array + $inputs = array(); + + foreach($_POST as $name => $value) { + if(in_array($name, $config['spam']['valid_inputs'])) + continue; - // Sort the inputs in alphabetical order (A-Z) - ksort($inputs); + $inputs[$name] = $value; + } + + // Sort the inputs in alphabetical order (A-Z) + ksort($inputs); + + $_hash = ''; + + // Iterate through each input + foreach($inputs as $name => $value) { + $_hash .= $name . '=' . $value; + } + + // Add a salt to the hash + $_hash .= $config['cookies']['salt']; + + // Use SHA1 for the hash + $_hash = sha1($_hash . $extra_salt); + + return $hash != $_hash; +} + +function buildIndex() { + global $board, $config; + + $pages = getPages(); + + $page = 1; + while($page <= $config['max_pages'] && $content = index($page)) { + $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); + if(file_exists($filename)) $md5 = md5_file($filename); - $_hash = ''; + $content['pages'] = $pages; + $content['pages'][$page-1]['selected'] = true; + $content['btn'] = getPageButtons($content['pages']); + file_write($filename, Element('index.html', $content)); - // Iterate through each input - foreach($inputs as $name => $value) { - $_hash .= $name . '=' . $value; + if(isset($md5) && $md5 == md5_file($filename)) { + break; } - - // Add a salt to the hash - $_hash .= $config['cookies']['salt']; - - // Use SHA1 for the hash - $_hash = sha1($_hash . $extra_salt); - - return $hash != $_hash; + $page++; } - - function buildIndex() { - global $board, $config; - - $pages = getPages(); - - $page = 1; - while($page <= $config['max_pages'] && $content = index($page)) { + if($page < $config['max_pages']) { + for(;$page<=$config['max_pages'];$page++) { $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); - if(file_exists($filename)) $md5 = md5_file($filename); - - $content['pages'] = $pages; - $content['pages'][$page-1]['selected'] = true; - $content['btn'] = getPageButtons($content['pages']); - file_write($filename, Element('index.html', $content)); - - if(isset($md5) && $md5 == md5_file($filename)) { - break; - } - $page++; - } - if($page < $config['max_pages']) { - for(;$page<=$config['max_pages'];$page++) { - $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); - file_unlink($filename); - } + file_unlink($filename); } } +} + +function buildJavascript() { + global $config; - function buildJavascript() { - global $config; - - $stylesheets = Array(); - foreach($config['stylesheets'] as $name => $uri) { - $stylesheets[] = Array( - 'name' => addslashes($name), - 'uri' => addslashes((!empty($uri) ? $config['uri_stylesheets'] : '') . $uri)); - } - - $script = Element('main.js', Array( - 'config' => $config, - 'stylesheets' => $stylesheets - )); - if($config['additional_javascript_compile']) { - foreach($config['additional_javascript'] as $file) { - $script .= file_get_contents($file); - } - } - - if($config['minify_js']) { - require_once 'inc/lib/minify/JSMin.php'; - $script = JSMin::minify($script); + $stylesheets = array(); + foreach($config['stylesheets'] as $name => $uri) { + $stylesheets[] = array( + 'name' => addslashes($name), + 'uri' => addslashes((!empty($uri) ? $config['uri_stylesheets'] : '') . $uri)); + } + + $script = Element('main.js', array( + 'config' => $config, + 'stylesheets' => $stylesheets + )); + if($config['additional_javascript_compile']) { + foreach($config['additional_javascript'] as $file) { + $script .= file_get_contents($file); } - - file_write($config['file_script'], $script); } - function checkDNSBL() { - global $config; - - - if(isIPv6()) - return; // No IPv6 support yet. + if($config['minify_js']) { + require_once 'inc/lib/minify/JSMin.php'; + $script = JSMin::minify($script); + } + + file_write($config['file_script'], $script); +} + +function checkDNSBL() { + global $config; + + + if(isIPv6()) + return; // No IPv6 support yet. + + if(!isset($_SERVER['REMOTE_ADDR'])) + return; // Fix your web server configuration + + if(in_array($_SERVER['REMOTE_ADDR'], $config['dnsbl_exceptions'])) + return; + + $ip = ReverseIPOctets($_SERVER['REMOTE_ADDR']); + + foreach($config['dnsbl'] as $blacklist) { + if(!is_array($blacklist) == 1) + $blacklist = array($blacklist); - if(!isset($_SERVER['REMOTE_ADDR'])) - return; // Fix your web server configuration + if(($lookup = str_replace('%', $ip, $blacklist[0])) == $blacklist[0]) + $lookup = $ip . '.' . $blacklist[0]; - if(in_array($_SERVER['REMOTE_ADDR'], $config['dnsbl_exceptions'])) - return; + if(!$ip = DNS($lookup)) + continue; // not in list - $ip = ReverseIPOctets($_SERVER['REMOTE_ADDR']); + $blacklist_name = isset($blacklist[2]) ? $blacklist[2] : $blacklist[0]; - foreach($config['dnsbl'] as $blacklist) { - if(!is_array($blacklist) == 1) - $blacklist = Array($blacklist); - - if(($lookup = str_replace('%', $ip, $blacklist[0])) == $blacklist[0]) - $lookup = $ip . '.' . $blacklist[0]; - - if(!$ip = DNS($lookup)) - continue; // not in list - - $blacklist_name = isset($blacklist[2]) ? $blacklist[2] : $blacklist[0]; - - if(!isset($blacklist[1])) { - // If you're listed at all, you're blocked. - error(sprintf($config['error']['dnsbl'], $blacklist_name)); - } elseif(is_array($blacklist[1])) { - foreach($blacklist[1] as $octet) { - if($ip == $octet || $ip == '127.0.0.' . $octet) - error(sprintf($config['error']['dnsbl'], $blacklist_name)); - } - } elseif(is_callable($blacklist[1])) { - if($blacklist[1]($ip)) - error(sprintf($config['error']['dnsbl'], $blacklist_name)); - } else { - if($ip == $blacklist[1] || $ip == '127.0.0.' . $blacklist[1]) + if(!isset($blacklist[1])) { + // If you're listed at all, you're blocked. + error(sprintf($config['error']['dnsbl'], $blacklist_name)); + } elseif(is_array($blacklist[1])) { + foreach($blacklist[1] as $octet) { + if($ip == $octet || $ip == '127.0.0.' . $octet) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } + } elseif(is_callable($blacklist[1])) { + if($blacklist[1]($ip)) + error(sprintf($config['error']['dnsbl'], $blacklist_name)); + } else { + if($ip == $blacklist[1] || $ip == '127.0.0.' . $blacklist[1]) + error(sprintf($config['error']['dnsbl'], $blacklist_name)); } } +} + +function isIPv6() { + return strstr($_SERVER['REMOTE_ADDR'], ':') !== false; +} + +function ReverseIPOctets($ip) { + return implode('.', array_reverse(explode('.', $ip))); +} + +function wordfilters(&$body) { + global $config; - function isIPv6() { - return strstr($_SERVER['REMOTE_ADDR'], ':') !== false; + foreach($config['wordfilters'] as $filter) { + if(isset($filter[2]) && $filter[2]) { + $body = preg_replace($filter[0], $filter[1], $body); + } else { + $body = str_ireplace($filter[0], $filter[1], $body); + } } +} + +function quote($body, $quote=true) { + global $config; - function ReverseIPOctets($ip) { - $ipoc = explode('.', $ip); - return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; - } + $body = str_replace('
', "\n", $body); - function wordfilters(&$body) { - global $config; - - foreach($config['wordfilters'] as $filter) { - if(isset($filter[2]) && $filter[2]) { - $body = preg_replace($filter[0], $filter[1], $body); - } else { - $body = str_ireplace($filter[0], $filter[1], $body); - } + $body = strip_tags($body); + + $body = preg_replace("/(^|\n)/", '$1>', $body); + + $body .= "\n"; + + if($config['minify_html']) + $body = str_replace("\n", ' ', $body); + + return $body; +} + +function markup_url($matches) { + global $markup_urls; + + $url = $matches[1]; + $after = $matches[2]; + + $markup_urls[] = $url; + + return '' . $url . '' . $after; +} + +function unicodify($body) { + $body = str_replace('...', '…', $body); + $body = str_replace('<--', '←', $body); + $body = str_replace('-->', '→', $body); + + // En and em- dashes are rendered exactly the same in + // most monospace fonts (they look the same in code + // editors). + $body = str_replace('---', '–', $body); // em dash + $body = str_replace('--', '—', $body); // en dash + + return $body; +} + +function markup(&$body, $track_cites = false) { + global $board, $config, $markup_urls; + + $body = str_replace("\r", '', $body); + $body = utf8tohtml($body); + + foreach($config['markup'] as $markup) { + if(is_string($markup[1])) { + $body = preg_replace($markup[0], $markup[1], $body); + } elseif(is_callable($markup[1])) { + $body = preg_replace_callback($markup[0], $markup[1], $body); } } - function quote($body, $quote=true) { - global $config; - - $body = str_replace('
', "\n", $body); - - $body = strip_tags($body); - - $body = preg_replace("/(^|\n)/", '$1>', $body); - - $body .= "\n"; + if($config['markup_urls']) { + $markup_urls = array(); - if($config['minify_html']) - $body = str_replace("\n", ' ', $body); + $body = preg_replace_callback( + '/((?:https?:\/\/|ftp:\/\/|irc:\/\/)[^\s<>()"]+?(?:\([^\s<>()"]*?\)[^\s<>()"]*?)*)((?:\s|<|>|"|\.||\]|!|\?|,|,|")*(?:[\s<>()"]|$))/', + 'markup_url', + $body, + -1, + $num_links); - return $body; + if($num_links > $config['max_links']) + error($config['error']['toomanylinks']); } - function markup_url($matches) { - global $markup_urls; - - $url = $matches[1]; - $after = $matches[2]; - - $markup_urls[] = $url; - - return '' . $url . '' . $after; - } + if($config['auto_unicode']) { + $body = unicodify($body); - function unicodify($body) { - $body = str_replace('...', '…', $body); - $body = str_replace('<--', '←', $body); - $body = str_replace('-->', '→', $body); - - // En and em- dashes are rendered exactly the same in - // most monospace fonts (they look the same in code - // editors). - $body = str_replace('---', '–', $body); // em dash - $body = str_replace('--', '—', $body); // en dash - - return $body; + foreach($markup_urls as &$url) { + $body = str_replace(unicodify($url), $url, $body); + } } - function markup(&$body, $track_cites = false) { - global $board, $config, $markup_urls; - - $body = str_replace("\r", '', $body); - $body = utf8tohtml($body); - - foreach($config['markup'] as $markup) { - if(is_string($markup[1])) { - $body = preg_replace($markup[0], $markup[1], $body); - } elseif(is_callable($markup[1])) { - $body = preg_replace_callback($markup[0], $markup[1], $body); - } - } - - if($config['markup_urls']) { - $markup_urls = Array(); - - $body = preg_replace_callback( - '/((?:https?:\/\/|ftp:\/\/|irc:\/\/)[^\s<>()"]+?(?:\([^\s<>()"]*?\)[^\s<>()"]*?)*)((?:\s|<|>|"|\.||\]|!|\?|,|,|")*(?:[\s<>()"]|$))/', - 'markup_url', - $body, - -1, - $num_links); - - if($num_links > $config['max_links']) - error($config['error']['toomanylinks']); - } - - if($config['auto_unicode']) { - $body = unicodify($body); - - foreach($markup_urls as &$url) { - $body = str_replace(unicodify($url), $url, $body); - } + // replace tabs with 8 spaces + $body = str_replace("\t", ' ', $body); + + $tracked_cites = array(); + + // Cites + if(isset($board) && preg_match_all('/(^|\s)>>(\d+?)([\s,.)?]|$)/m', $body, $cites)) { + if(count($cites[0]) > $config['max_cites']) { + error($config['error']['toomanycites']); } - // replace tabs with 8 spaces - $body = str_replace("\t", ' ', $body); - - $tracked_cites = Array(); - - // Cites - if(isset($board) && preg_match_all('/(^|\s)>>(\d+?)([\s,.)?]|$)/m', $body, $cites)) { - if(count($cites[0]) > $config['max_cites']) { - error($config['error']['toomanycites']); - } + for($index=0;$indexbindValue(':id', $cite); + $query->execute() or error(db_error($query)); - for($index=0;$indexbindValue(':id', $cite); - $query->execute() or error(db_error($query)); + if($post = $query->fetch()) { + $replacement = '' . + '>>' . $cite . + ''; + $body = str_replace($cites[0][$index], $cites[1][$index] . $replacement . $cites[3][$index], $body); - if($post = $query->fetch()) { - $replacement = '' . - '>>' . $cite . - ''; - $body = str_replace($cites[0][$index], $cites[1][$index] . $replacement . $cites[3][$index], $body); - - if($track_cites && $config['track_cites']) - $tracked_cites[] = Array($board['uri'], $post['id']); - } + if($track_cites && $config['track_cites']) + $tracked_cites[] = array($board['uri'], $post['id']); } } + } + + // Cross-board linking + if(preg_match_all('/(^|\s)>>>\/(\w+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites)) { + if(count($cites[0]) > $config['max_cites']) { + error($config['error']['toomanycross']); + } - // Cross-board linking - if(preg_match_all('/(^|\s)>>>\/(\w+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites)) { - if(count($cites[0]) > $config['max_cites']) { - error($config['error']['toomanycross']); - } + for($index=0;$indexbindValue(':id', $cite); - $query->execute() or error(db_error($query)); - - if($post = $query->fetch()) { - $replacement = '' . - '>>>/' . $_board . '/' . $cite . - ''; - $body = str_replace($cites[0][$index], $cites[1][$index] . $replacement . $cites[4][$index], $body); - - if($track_cites && $config['track_cites']) - $tracked_cites[] = Array($board['uri'], $post['id']); - } - } else { - $replacement = '' . - '>>>/' . $_board . '/' . + // Temporarily store board information because it will be overwritten + $tmp_board = $board['uri']; + + // Check if the board exists, and load settings + if(openBoard($_board)) { + if($cite) { + $query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query->bindValue(':id', $cite); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { + $replacement = '' . + '>>>/' . $_board . '/' . $cite . ''; $body = str_replace($cites[0][$index], $cites[1][$index] . $replacement . $cites[4][$index], $body); + + if($track_cites && $config['track_cites']) + $tracked_cites[] = array($board['uri'], $post['id']); } + } else { + $replacement = '' . + '>>>/' . $_board . '/' . + ''; + $body = str_replace($cites[0][$index], $cites[1][$index] . $replacement . $cites[4][$index], $body); } - - // Restore main board settings - openBoard($tmp_board); } + + // Restore main board settings + openBoard($tmp_board); } - - $body = preg_replace("/^\s*>.*$/m", '$0', $body); - - if($config['strip_superfluous_returns']) - $body = preg_replace('/\s+$/', '', $body); - - $body = preg_replace("/\n/", '
', $body); - - return $tracked_cites; } + + $body = preg_replace("/^\s*>.*$/m", '$0', $body); + + if($config['strip_superfluous_returns']) + $body = preg_replace('/\s+$/', '', $body); + + $body = preg_replace("/\n/", '
', $body); + + return $tracked_cites; +} - function utf8tohtml($utf8) { - return mb_encode_numericentity(htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'), Array(0x80, 0xffff, 0, 0xffff), 'UTF-8'); - } +function utf8tohtml($utf8) { + return mb_encode_numericentity(htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'), array(0x80, 0xffff, 0, 0xffff), 'UTF-8'); +} - function buildThread($id, $return=false, $mod=false) { - global $board, $config; - $id = round($id); - - if(event('build-thread', $id)) - return; - - if($config['cache']['enabled'] && !$mod) { - // Clear cache - cache::delete("thread_index_{$board['uri']}_{$id}"); - cache::delete("thread_{$board['uri']}_{$id}"); - } - - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - while($post = $query->fetch()) { - if(!isset($thread)) { - $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], $mod ? '?/' : $config['root'], $mod); - } else { - $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], $mod ? '?/' : $config['root'], $mod)); - } - } - - // Check if any posts were found - if(!isset($thread)) error($config['error']['nonexistant']); - - $body = Element('thread.html', Array( - 'board'=>$board, - 'body'=>$thread->build(), - 'config' => $config, - 'id' => $id, - 'mod' => $mod, - 'boardlist' => createBoardlist($mod), - 'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index']) - )); - - if($return) - return $body; - else - file_write($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $id), $body); - } - - function rrmdir($dir) { - if (is_dir($dir)) { - $objects = scandir($dir); - foreach ($objects as $object) { - if ($object != "." && $object != "..") { - if (filetype($dir."/".$object) == "dir") - rrmdir($dir."/".$object); - else - file_unlink($dir."/".$object); - } - } - reset($objects); - rmdir($dir); - } - } +function buildThread($id, $return=false, $mod=false) { + global $board, $config; + $id = round($id); - function poster_id($ip, $thread) { - global $config; - - if($id = event('poster-id', $ip, $thread)) - return $id; - - // Confusing, hard to brute-force, but simple algorithm - return substr(sha1(sha1($ip . $config['secure_trip_salt'] . $thread) . $config['secure_trip_salt']), 0, $config['poster_id_length']); + if(event('build-thread', $id)) + return; + + if($config['cache']['enabled'] && !$mod) { + // Clear cache + cache::delete("thread_index_{$board['uri']}_{$id}"); + cache::delete("thread_{$board['uri']}_{$id}"); } - - function generate_tripcode($name) { - global $config; - - if($trip = event('tripcode', $name)) - return $trip; - - if(!preg_match('/^([^#]+)?(##|#)(.+)$/', $name, $match)) - return Array($name); - - $name = $match[1]; - $secure = $match[2] == '##'; - $trip = $match[3]; - - // convert to SHIT_JIS encoding - $trip = mb_convert_encoding($trip, 'Shift_JIS', 'UTF-8'); - - // generate salt - $salt = substr($trip . 'H..', 1, 2); - $salt = preg_replace('/[^\.-z]/', '.', $salt); - $salt = strtr($salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef'); - - if($secure) { - if(isset($config['custom_tripcode']["##{$trip}"])) - $trip = $config['custom_tripcode']["##{$trip}"]; - else - $trip = '!!' . substr(crypt($trip, $config['secure_trip_salt']), -10); + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + while($post = $query->fetch()) { + if(!isset($thread)) { + $thread = new Thread( + $post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], + $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], + $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], $mod ? '?/' : $config['root'], $mod + ); } else { - if(isset($config['custom_tripcode']["#{$trip}"])) - $trip = $config['custom_tripcode']["#{$trip}"]; - else - $trip = '!' . substr(crypt($trip, $salt), -10); + $thread->add(new Post( + $post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], + $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], + $post['filesize'], $post['filename'], $post['ip'], $post['embed'], $mod ? '?/' : $config['root'], $mod) + ); } - - return Array($name, $trip); } - - // Highest common factor - function hcf($a, $b){ - $gcd = 1; - if ($a>$b) { - $a = $a+$b; - $b = $a-$b; - $a = $a-$b; - } - if ($b==(round($b/$a))*$a) - $gcd=$a; - else { - for($i=round($a/2);$i;$i--) { - if ($a == round($a/$i)*$i && $b == round($b/$i)*$i) { - $gcd = $i; - $i = false; - } + + // Check if any posts were found + if(!isset($thread)) + error($config['error']['nonexistant']); + + $body = Element('thread.html', array( + 'board'=>$board, + 'body'=>$thread->build(), + 'config' => $config, + 'id' => $id, + 'mod' => $mod, + 'boardlist' => createBoardlist($mod), + 'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index']) + )); + + if($return) + return $body; + else + file_write($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $id), $body); +} + + function rrmdir($dir) { + if (is_dir($dir)) { + $objects = scandir($dir); + foreach ($objects as $object) { + if ($object != "." && $object != "..") { + if (filetype($dir."/".$object) == "dir") + rrmdir($dir."/".$object); + else + file_unlink($dir."/".$object); } } - return $gcd; + reset($objects); + rmdir($dir); } +} - function fraction($numerator, $denominator, $sep) { - $gcf = hcf($numerator, $denominator); - $numerator = $numerator / $gcf; - $denominator = $denominator / $gcf; - - return "{$numerator}{$sep}{$denominator}"; - } +function poster_id($ip, $thread) { + global $config; + + if($id = event('poster-id', $ip, $thread)) + return $id; + + // Confusing, hard to brute-force, but simple algorithm + return substr(sha1(sha1($ip . $config['secure_trip_salt'] . $thread) . $config['secure_trip_salt']), 0, $config['poster_id_length']); +} +function generate_tripcode($name) { + global $config; + if($trip = event('tripcode', $name)) + return $trip; - function getPostByHash($hash) { - global $board; - $query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash", $board['uri'])); - $query->bindValue(':hash', $hash, PDO::PARAM_STR); - $query->execute() or error(db_error($query)); - - if($post = $query->fetch()) { - return $post; + if(!preg_match('/^([^#]+)?(##|#)(.+)$/', $name, $match)) + return array($name); + + $name = $match[1]; + $secure = $match[2] == '##'; + $trip = $match[3]; + + // convert to SHIT_JIS encoding + $trip = mb_convert_encoding($trip, 'Shift_JIS', 'UTF-8'); + + // generate salt + $salt = substr($trip . 'H..', 1, 2); + $salt = preg_replace('/[^\.-z]/', '.', $salt); + $salt = strtr($salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef'); + + if($secure) { + if(isset($config['custom_tripcode']["##{$trip}"])) + $trip = $config['custom_tripcode']["##{$trip}"]; + else + $trip = '!!' . substr(crypt($trip, $config['secure_trip_salt']), -10); + } else { + if(isset($config['custom_tripcode']["#{$trip}"])) + $trip = $config['custom_tripcode']["#{$trip}"]; + else + $trip = '!' . substr(crypt($trip, $salt), -10); + } + + return array($name, $trip); +} + +// Highest common factor +function hcf($a, $b){ + $gcd = 1; + if ($a>$b) { + $a = $a+$b; + $b = $a-$b; + $a = $a-$b; + } + if ($b==(round($b/$a))*$a) + $gcd=$a; + else { + for($i=round($a/2);$i;$i--) { + if ($a == round($a/$i)*$i && $b == round($b/$i)*$i) { + $gcd = $i; + $i = false; + } } - - return false; } + return $gcd; +} + +function fraction($numerator, $denominator, $sep) { + $gcf = hcf($numerator, $denominator); + $numerator = $numerator / $gcf; + $denominator = $denominator / $gcf; - function undoImage($post) { - if($post['has_file']) { - if(isset($post['thumb'])) - file_unlink($post['file']); - if(isset($post['thumb'])) - file_unlink($post['thumb']); - } + return "{$numerator}{$sep}{$denominator}"; +} + + + +function getPostByHash($hash) { + global $board; + $query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash", $board['uri'])); + $query->bindValue(':hash', $hash, PDO::PARAM_STR); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { + return $post; } - function rDNS($ip_addr) { - global $config; - - if($config['cache']['enabled'] && ($host = cache::get('rdns_' . $ip_addr))) { - return $host; - } - - if(!$config['dns_system']) { - $host = gethostbyaddr($ip_addr); - } else { - $resp = shell_exec('host -W 1 ' . $ip_addr); - if(preg_match('/domain name pointer ([^\s]+)$/', $resp, $m)) - $host = $m[1]; - else - $host = $ip_addr; - } - - if($config['cache']['enabled']) - cache::set('rdns_' . $ip_addr, $host, 3600); - + return false; +} + +function undoImage(array $post) { + if(!$post['has_file']) + return; + + if(isset($post['file'])) + file_unlink($post['file']); + if(isset($post['thumb'])) + file_unlink($post['thumb']); +} + +function rDNS($ip_addr) { + global $config; + + if($config['cache']['enabled'] && ($host = cache::get('rdns_' . $ip_addr))) { return $host; } - function DNS($host) { - global $config; - - if($config['cache']['enabled'] && ($ip_addr = cache::get('dns_' . $host))) { - return $ip_addr; - } - - if(!$config['dns_system']) { - $ip_addr = gethostbyname($host); - if($ip_addr == $host) - $ip_addr = false; - } else { - $resp = shell_exec('host -W 1 ' . $host); - if(preg_match('/has address ([^\s]+)$/', $resp, $m)) - $ip_addr = $m[1]; - else - $ip_addr = false; - } - - if($config['cache']['enabled']) - cache::set('dns_' . $host, $ip_addr, 3600); - - return $ip_addr; + if(!$config['dns_system']) { + $host = gethostbyaddr($ip_addr); + } else { + $resp = shell_exec('host -W 1 ' . $ip_addr); + if(preg_match('/domain name pointer ([^\s]+)$/', $resp, $m)) + $host = $m[1]; + else + $host = $ip_addr; } + + if($config['cache']['enabled']) + cache::set('rdns_' . $ip_addr, $host, 3600); + + return $host; +} +function DNS($host) { + global $config; + + if($config['cache']['enabled'] && ($ip_addr = cache::get('dns_' . $host))) { + return $ip_addr; + } + + if(!$config['dns_system']) { + $ip_addr = gethostbyname($host); + if($ip_addr == $host) + $ip_addr = false; + } else { + $resp = shell_exec('host -W 1 ' . $host); + if(preg_match('/has address ([^\s]+)$/', $resp, $m)) + $ip_addr = $m[1]; + else + $ip_addr = false; + } + + if($config['cache']['enabled']) + cache::set('dns_' . $host, $ip_addr, 3600); + + return $ip_addr; +} diff --git a/inc/image.php b/inc/image.php index 9275bd9c..f6bc3e7c 100644 --- a/inc/image.php +++ b/inc/image.php @@ -1,488 +1,491 @@ src = $src; - $this->format = $format; - - if($config['thumb_method'] == 'imagick') { - $classname = 'ImageImagick'; - } elseif($config['thumb_method'] == 'convert') { - $classname = 'ImageConvert'; - } else { - $classname = 'Image' . strtoupper($this->format); - if(!class_exists($classname)) { - error('Unsupported file format: ' . $this->format); - } - } - - $this->image = new $classname($this); - if(!$this->image->valid()) { - $this->delete(); - error($config['error']['invalidimg']); - } - - $this->size = (object)Array('width' => $this->image->_width(), 'height' => $this->image->_height()); - if($this->size->width < 1 || $this->size->height < 1) { - $this->delete(); - error($config['error']['invalidimg']); - } - } +/* + * Copyright (c) 2010-2012 Tinyboard Development Group + */ + +if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) { + // You cannot request this file directly. + exit; +} + +class Image { + public $src, $format, $image, $size; + public function __construct($src, $format = false) { + global $config; - public function resize($extension, $max_width, $max_height) { - global $config; - - if($config['thumb_method'] == 'imagick') { - $classname = 'ImageImagick'; - } elseif($config['thumb_method'] == 'convert') { - $classname = 'ImageConvert'; - } else { - $classname = 'Image' . strtoupper($extension); - if(!class_exists($classname)) { - error('Unsupported file format: ' . $extension); - } - } - - $thumb = new $classname(false); - $thumb->src = $this->src; - $thumb->original_width = $this->size->width; - $thumb->original_height = $this->size->height; - - $x_ratio = $max_width / $this->size->width; - $y_ratio = $max_height / $this->size->height; - - if(($this->size->width <= $max_width) && ($this->size->height <= $max_height)) { - $width = $this->size->width; - $height = $this->size->height; - } elseif (($x_ratio * $this->size->height) < $max_height) { - $height = ceil($x_ratio * $this->size->height); - $width = $max_width; - } else { - $width = ceil($y_ratio * $this->size->width); - $height = $max_height; + $this->src = $src; + $this->format = $format; + + if($config['thumb_method'] == 'imagick') { + $classname = 'ImageImagick'; + } elseif($config['thumb_method'] == 'convert') { + $classname = 'ImageConvert'; + } else { + $classname = 'Image' . strtoupper($this->format); + if(!class_exists($classname)) { + error('Unsupported file format: ' . $this->format); } - - $thumb->_resize($this->image->image, $width, $height); - return $thumb; } - public function to($dst) { - $this->image->to($dst); + $this->image = new $classname($this); + if(!$this->image->valid()) { + $this->delete(); + error($config['error']['invalidimg']); } - public function delete() { - file_unlink($this->src); - } - public function destroy() { - $this->image->_destroy(); + $this->size = (object)Array('width' => $this->image->_width(), 'height' => $this->image->_height()); + if($this->size->width < 1 || $this->size->height < 1) { + $this->delete(); + error($config['error']['invalidimg']); } } - class ImageGD { - public function GD_create() { - $this->image = imagecreatetruecolor($this->width, $this->height); - } - public function GD_copyresampled() { - imagecopyresampled($this->image, $this->original, 0, 0, 0, 0, $this->width, $this->height, $this->original_width, $this->original_height); + public function resize($extension, $max_width, $max_height) { + global $config; + + if($config['thumb_method'] == 'imagick') { + $classname = 'ImageImagick'; + } elseif($config['thumb_method'] == 'convert') { + $classname = 'ImageConvert'; + } else { + $classname = 'Image' . strtoupper($extension); + if(!class_exists($classname)) { + error('Unsupported file format: ' . $extension); + } } - public function GD_resize() { - $this->GD_create(); - $this->GD_copyresampled(); + + $thumb = new $classname(false); + $thumb->src = $this->src; + $thumb->original_width = $this->size->width; + $thumb->original_height = $this->size->height; + + $x_ratio = $max_width / $this->size->width; + $y_ratio = $max_height / $this->size->height; + + if(($this->size->width <= $max_width) && ($this->size->height <= $max_height)) { + $width = $this->size->width; + $height = $this->size->height; + } elseif (($x_ratio * $this->size->height) < $max_height) { + $height = ceil($x_ratio * $this->size->height); + $width = $max_width; + } else { + $width = ceil($y_ratio * $this->size->width); + $height = $max_height; } + + $thumb->_resize($this->image->image, $width, $height); + return $thumb; } - class ImageBase extends ImageGD { - public $image, $src, $original, $original_width, $original_height, $width, $height; - public function valid() { - return (bool)$this->image; - } + public function to($dst) { + $this->image->to($dst); + } + + public function delete() { + file_unlink($this->src); + } + public function destroy() { + $this->image->_destroy(); + } +} + +class ImageGD { + public function GD_create() { + $this->image = imagecreatetruecolor($this->width, $this->height); + } + public function GD_copyresampled() { + imagecopyresampled($this->image, $this->original, 0, 0, 0, 0, $this->width, $this->height, $this->original_width, $this->original_height); + } + public function GD_resize() { + $this->GD_create(); + $this->GD_copyresampled(); + } +} + +class ImageBase extends ImageGD { + public $image, $src, $original, $original_width, $original_height, $width, $height; + public function valid() { + return (bool)$this->image; + } + + public function __construct($img) { + if(method_exists($this, 'init')) + $this->init(); - public function __construct($img) { - if(method_exists($this, 'init')) - $this->init(); - - if($img !== false) { - $this->src = $img->src; - $this->from(); - } + if($img !== false) { + $this->src = $img->src; + $this->from(); } + } + + public function _width() { + if(method_exists($this, 'width')) + return $this->width(); + // use default GD functions + return imagesx($this->image); + } + public function _height() { + if(method_exists($this, 'height')) + return $this->height(); + // use default GD functions + return imagesy($this->image); + } + public function _destroy() { + if(method_exists($this, 'destroy')) + return $this->destroy(); + // use default GD functions + return imagedestroy($this->image); + } + public function _resize($original, $width, $height) { + $this->original = &$original; + $this->width = $width; + $this->height = $height; - public function _width() { - if(method_exists($this, 'width')) - return $this->width(); - // use default GD functions - return imagesx($this->image); - } - public function _height() { - if(method_exists($this, 'height')) - return $this->height(); - // use default GD functions - return imagesy($this->image); - } - public function _destroy() { - if(method_exists($this, 'destroy')) - return $this->destroy(); + if(method_exists($this, 'resize')) + $this->resize(); + else // use default GD functions - return imagedestroy($this->image); - } - public function _resize($original, $width, $height) { - $this->original = &$original; - $this->width = $width; - $this->height = $height; - - if(method_exists($this, 'resize')) - $this->resize(); - else - // use default GD functions - $this->GD_resize(); + $this->GD_resize(); + } +} + +class ImageImagick extends ImageBase { + public function init() { + $this->image = new Imagick(); + $this->image->setBackgroundColor(new ImagickPixel('transparent')); + } + public function from() { + try { + $this->image->readImage($this->src); + } catch(ImagickException $e) { + // invalid image + $this->image = false; } } - - class ImageImagick extends ImageBase { - public function init() { + public function to($src) { + if(preg_match('/\.gif$/i', $src)) + $this->image->writeImages($src, true); + else + $this->image->writeImage($src); + } + public function width() { + return $this->image->getImageWidth(); + } + public function height() { + return $this->image->getImageHeight(); + } + public function destroy() { + return $this->image->destroy(); + } + public function resize() { + global $config; + + if(preg_match('/\.gif$/i', $this->src) && $config['thumb_ext'] == 'gif') { $this->image = new Imagick(); - $this->image->setBackgroundColor(new ImagickPixel('transparent')); - } - public function from() { - try { - $this->image->readImage($this->src); - } catch(ImagickException $e) { - // invalid image - $this->image = false; - } - } - public function to($src) { - if(preg_match('/\.gif$/i', $src)) - $this->image->writeImages($src, true); - else - $this->image->writeImage($src); - } - public function width() { - return $this->image->getImageWidth(); - } - public function height() { - return $this->image->getImageHeight(); - } - public function destroy() { - return $this->image->destroy(); - } - public function resize() { - global $config; + $this->image->setFormat('gif'); - if(preg_match('/\.gif$/i', $this->src) && $config['thumb_ext'] == 'gif') { - $this->image = new Imagick(); - $this->image->setFormat('gif'); - - $keep_frames = Array(); - for($i = 0; $i < $this->original->getNumberImages(); $i += floor($this->original->getNumberImages() / $config['thumb_keep_animation_frames'])) - $keep_frames[] = $i; + $keep_frames = Array(); + for($i = 0; $i < $this->original->getNumberImages(); $i += floor($this->original->getNumberImages() / $config['thumb_keep_animation_frames'])) + $keep_frames[] = $i; + + $i = 0; + $delay = 0; + foreach($this->original as $frame) { + $delay += $frame->getImageDelay(); - $i = 0; - $delay = 0; - foreach($this->original as $frame) { - $delay += $frame->getImageDelay(); + //if($i < $config['thumb_keep_animation_frames']) { + if(in_array($i, $keep_frames)) { + // $frame->scaleImage($this->width, $this->height, false); + $frame->sampleImage($this->width, $this->height); + $frame->setImagePage($this->width, $this->height, 0, 0); + $frame->setImageDelay($delay); + $delay = 0; - //if($i < $config['thumb_keep_animation_frames']) { - if(in_array($i, $keep_frames)) { - // $frame->scaleImage($this->width, $this->height, false); - $frame->sampleImage($this->width, $this->height); - $frame->setImagePage($this->width, $this->height, 0, 0); - $frame->setImageDelay($delay); - $delay = 0; - - $this->image->addImage($frame->getImage()); - } - $i++; - } - } else { - $this->image = clone $this->original; - $this->image->scaleImage($this->width, $this->height, false); - } + $this->image->addImage($frame->getImage()); + } + $i++; + } + } else { + $this->image = clone $this->original; + $this->image->scaleImage($this->width, $this->height, false); } } +} + + +class ImageConvert extends ImageBase { + public $width, $height, $temp; - - class ImageConvert extends ImageBase { - public $width, $height, $temp; + public function init() { + global $config; - public function init() { - global $config; - - $this->temp = false; - } - public function from() { - $size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]'))); - if(preg_match('/^(\d+) (\d+)$/', $size, $m)) { - $this->width = $m[1]; - $this->height = $m[2]; - - $this->image = true; - } else { - // mark as invalid - $this->image = false; - } - } - public function to($src) { - if(!$this->temp) { - // $config['redraw_image'] - shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); - } else { - rename($this->temp, $src); - chmod($src, 0664); - } - } - public function width() { - return $this->width; - } - public function height() { - return $this->height; - } - public function destroy() { - @unlink($this->temp); - $this->temp = false; - } - public function resize() { - global $config; - - if($this->temp) { - // remove old - $this->destroy(); - } - - $this->temp = tempnam($config['tmp'], 'imagick'); - - $quality = $config['thumb_quality'] * 10; + $this->temp = false; + } + public function from() { + $size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]'))); + if(preg_match('/^(\d+) (\d+)$/', $size, $m)) { + $this->width = $m[1]; + $this->height = $m[2]; - if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp)) - error('Failed to resize image!'); + $this->image = true; + } else { + // mark as invalid + $this->image = false; } } - - class ImagePNG extends ImageBase { - public function from() { - $this->image = @imagecreatefrompng($this->src); - } - public function to($src) { - global $config; - imagepng($this->image, $src, $config['thumb_quality']); - } - public function resize() { - $this->GD_create(); - imagecolortransparent($this->image, imagecolorallocatealpha($this->image, 0, 0, 0, 0)); - imagesavealpha($this->image, true); - imagealphablending($this->image, false); - $this->GD_copyresampled(); + public function to($src) { + if(!$this->temp) { + // $config['redraw_image'] + shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); + } else { + rename($this->temp, $src); + chmod($src, 0664); } } - - class ImageGIF extends ImageBase { - public function from() { - $this->image = @imagecreatefromgif($this->src); - } - public function to($src) { - imagegif($this->image, $src); - } - public function resize() { - $this->GD_create(); - imagecolortransparent($this->image, imagecolorallocatealpha($this->image, 0, 0, 0, 0)); - imagesavealpha($this->image, true); - $this->GD_copyresampled(); - } + public function width() { + return $this->width; } - - class ImageJPG extends ImageBase { - public function from() { - $this->image = @imagecreatefromjpeg($this->src); - } - public function to($src) { - imagejpeg($this->image, $src); - } + public function height() { + return $this->height; } - class ImageJPEG extends ImageJPG { + public function destroy() { + @unlink($this->temp); + $this->temp = false; } - - class ImageBMP extends ImageBase { - public function from() { - $this->image = @imagecreatefrombmp($this->src); - } - public function to($src) { - imagebmp($this->image, $src); + public function resize() { + global $config; + + if($this->temp) { + // remove old + $this->destroy(); } + + $this->temp = tempnam($config['tmp'], 'imagick'); + + $quality = $config['thumb_quality'] * 10; + + if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp)) + error('Failed to resize image!'); } - - - /*********************************************/ - /* Fonction: imagecreatefrombmp */ - /* Author: DHKold */ - /* Contact: admin@dhkold.com */ - /* Date: The 15th of June 2005 */ - /* Version: 2.0B */ - /*********************************************/ - - function imagecreatefrombmp($filename) { - if (! $f1 = fopen($filename,"rb")) return FALSE; - $FILE = unpack("vfile_type/Vfile_size/Vreserved/Vbitmap_offset", fread($f1,14)); - if ($FILE['file_type'] != 19778) return FALSE; - $BMP = unpack('Vheader_size/Vwidth/Vheight/vplanes/vbits_per_pixel'. - '/Vcompression/Vsize_bitmap/Vhoriz_resolution'. - '/Vvert_resolution/Vcolors_used/Vcolors_important', fread($f1,40)); - $BMP['colors'] = pow(2,$BMP['bits_per_pixel']); - if ($BMP['size_bitmap'] == 0) $BMP['size_bitmap'] = $FILE['file_size'] - $FILE['bitmap_offset']; - $BMP['bytes_per_pixel'] = $BMP['bits_per_pixel']/8; - $BMP['bytes_per_pixel2'] = ceil($BMP['bytes_per_pixel']); - $BMP['decal'] = ($BMP['width']*$BMP['bytes_per_pixel']/4); - $BMP['decal'] -= floor($BMP['width']*$BMP['bytes_per_pixel']/4); - $BMP['decal'] = 4-(4*$BMP['decal']); - if ($BMP['decal'] == 4) $BMP['decal'] = 0; +} - $PALETTE = array(); - if ($BMP['colors'] < 16777216) - { - $PALETTE = unpack('V'.$BMP['colors'], fread($f1,$BMP['colors']*4)); - } +class ImagePNG extends ImageBase { + public function from() { + $this->image = @imagecreatefrompng($this->src); + } + public function to($src) { + global $config; + imagepng($this->image, $src, $config['thumb_quality']); + } + public function resize() { + $this->GD_create(); + imagecolortransparent($this->image, imagecolorallocatealpha($this->image, 0, 0, 0, 0)); + imagesavealpha($this->image, true); + imagealphablending($this->image, false); + $this->GD_copyresampled(); + } +} - $IMG = fread($f1,$BMP['size_bitmap']); - $VIDE = chr(0); +class ImageGIF extends ImageBase { + public function from() { + $this->image = @imagecreatefromgif($this->src); + } + public function to($src) { + imagegif($this->image, $src); + } + public function resize() { + $this->GD_create(); + imagecolortransparent($this->image, imagecolorallocatealpha($this->image, 0, 0, 0, 0)); + imagesavealpha($this->image, true); + $this->GD_copyresampled(); + } +} - $res = imagecreatetruecolor($BMP['width'],$BMP['height']); - $P = 0; - $Y = $BMP['height']-1; - while ($Y >= 0) - { - $X=0; - while ($X < $BMP['width']) - { - if ($BMP['bits_per_pixel'] == 24) - $COLOR = unpack("V",substr($IMG,$P,3).$VIDE); - elseif ($BMP['bits_per_pixel'] == 16) - { - $COLOR = unpack("n",substr($IMG,$P,2)); - $COLOR[1] = $PALETTE[$COLOR[1]+1]; - } - elseif ($BMP['bits_per_pixel'] == 8) - { - $COLOR = unpack("n",$VIDE.substr($IMG,$P,1)); - $COLOR[1] = $PALETTE[$COLOR[1]+1]; - } - elseif ($BMP['bits_per_pixel'] == 4) - { - $COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1)); - if (($P*2)%2 == 0) $COLOR[1] = ($COLOR[1] >> 4) ; else $COLOR[1] = ($COLOR[1] & 0x0F); - $COLOR[1] = $PALETTE[$COLOR[1]+1]; - } - elseif ($BMP['bits_per_pixel'] == 1) - { - $COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1)); - if (($P*8)%8 == 0) $COLOR[1] = $COLOR[1] >>7; - elseif (($P*8)%8 == 1) $COLOR[1] = ($COLOR[1] & 0x40)>>6; - elseif (($P*8)%8 == 2) $COLOR[1] = ($COLOR[1] & 0x20)>>5; - elseif (($P*8)%8 == 3) $COLOR[1] = ($COLOR[1] & 0x10)>>4; - elseif (($P*8)%8 == 4) $COLOR[1] = ($COLOR[1] & 0x8)>>3; - elseif (($P*8)%8 == 5) $COLOR[1] = ($COLOR[1] & 0x4)>>2; - elseif (($P*8)%8 == 6) $COLOR[1] = ($COLOR[1] & 0x2)>>1; - elseif (($P*8)%8 == 7) $COLOR[1] = ($COLOR[1] & 0x1); - $COLOR[1] = $PALETTE[$COLOR[1]+1]; - } - else - return FALSE; - imagesetpixel($res,$X,$Y,$COLOR[1]); - $X++; - $P += $BMP['bytes_per_pixel']; - } - $Y--; - $P+=$BMP['decal']; - } - fclose($f1); +class ImageJPG extends ImageBase { + public function from() { + $this->image = @imagecreatefromjpeg($this->src); + } + public function to($src) { + imagejpeg($this->image, $src); + } +} +class ImageJPEG extends ImageJPG { +} - return $res; +class ImageBMP extends ImageBase { + public function from() { + $this->image = @imagecreatefrombmp($this->src); } - - function imagebmp(&$img, $filename='') { - $widthOrig = imagesx($img); - $widthFloor = ((floor($widthOrig/16))*16); - $widthCeil = ((ceil($widthOrig/16))*16); - $height = imagesy($img); + public function to($src) { + imagebmp($this->image, $src); + } +} - $size = ($widthCeil*$height*3)+54; - // Bitmap File Header - $result = 'BM'; // header (2b) - $result .= int_to_dword($size); // size of file (4b) - $result .= int_to_dword(0); // reserved (4b) - $result .= int_to_dword(54); // byte location in the file which is first byte of IMAGE (4b) - // Bitmap Info Header - $result .= int_to_dword(40); // Size of BITMAPINFOHEADER (4b) - $result .= int_to_dword($widthCeil); // width of bitmap (4b) - $result .= int_to_dword($height); // height of bitmap (4b) - $result .= int_to_word(1); // biPlanes = 1 (2b) - $result .= int_to_word(24); // biBitCount = {1 (mono) or 4 (16 clr ) or 8 (256 clr) or 24 (16 Mil)} (2b - $result .= int_to_dword(0); // RLE COMPRESSION (4b) - $result .= int_to_dword(0); // width x height (4b) - $result .= int_to_dword(0); // biXPelsPerMeter (4b) - $result .= int_to_dword(0); // biYPelsPerMeter (4b) - $result .= int_to_dword(0); // Number of palettes used (4b) - $result .= int_to_dword(0); // Number of important colour (4b) +/*********************************************/ +/* Fonction: imagecreatefrombmp */ +/* Author: DHKold */ +/* Contact: admin@dhkold.com */ +/* Date: The 15th of June 2005 */ +/* Version: 2.0B */ +/*********************************************/ - // is faster than chr() - $arrChr = array(); - for($i=0; $i<256; $i++){ - $arrChr[$i] = chr($i); - } +function imagecreatefrombmp($filename) { + if (! $f1 = fopen($filename,"rb")) return FALSE; + $FILE = unpack("vfile_type/Vfile_size/Vreserved/Vbitmap_offset", fread($f1,14)); + if ($FILE['file_type'] != 19778) return FALSE; + $BMP = unpack('Vheader_size/Vwidth/Vheight/vplanes/vbits_per_pixel'. + '/Vcompression/Vsize_bitmap/Vhoriz_resolution'. + '/Vvert_resolution/Vcolors_used/Vcolors_important', fread($f1,40)); + $BMP['colors'] = pow(2,$BMP['bits_per_pixel']); + if ($BMP['size_bitmap'] == 0) $BMP['size_bitmap'] = $FILE['file_size'] - $FILE['bitmap_offset']; + $BMP['bytes_per_pixel'] = $BMP['bits_per_pixel']/8; + $BMP['bytes_per_pixel2'] = ceil($BMP['bytes_per_pixel']); + $BMP['decal'] = ($BMP['width']*$BMP['bytes_per_pixel']/4); + $BMP['decal'] -= floor($BMP['width']*$BMP['bytes_per_pixel']/4); + $BMP['decal'] = 4-(4*$BMP['decal']); + if ($BMP['decal'] == 4) $BMP['decal'] = 0; - // creates image data - $bgfillcolor = array('red'=>0, 'green'=>0, 'blue'=>0); + $PALETTE = array(); + if ($BMP['colors'] < 16777216) + { + $PALETTE = unpack('V'.$BMP['colors'], fread($f1,$BMP['colors']*4)); + } - // bottom to top - left to right - attention blue green red !!! - $y=$height-1; - for ($y2=0; $y2<$height; $y2++) { - for ($x=0; $x<$widthFloor; ) { - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - } - for ($x=$widthFloor; $x<$widthCeil; $x++) { - $rgb = ($x<$widthOrig) ? imagecolorsforindex($img, imagecolorat($img, $x, $y)) : $bgfillcolor; - $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; - } - $y--; - } + $IMG = fread($f1,$BMP['size_bitmap']); + $VIDE = chr(0); - // see imagegif - if($filename == '') { - echo $result; - } else { - $file = fopen($filename, 'wb'); - fwrite($file, $result); - fclose($file); - } + $res = imagecreatetruecolor($BMP['width'],$BMP['height']); + $P = 0; + $Y = $BMP['height']-1; + while ($Y >= 0) + { + $X=0; + while ($X < $BMP['width']) + { + if ($BMP['bits_per_pixel'] == 24) + $COLOR = unpack("V",substr($IMG,$P,3).$VIDE); + elseif ($BMP['bits_per_pixel'] == 16) + { + $COLOR = unpack("n",substr($IMG,$P,2)); + $COLOR[1] = $PALETTE[$COLOR[1]+1]; + } + elseif ($BMP['bits_per_pixel'] == 8) + { + $COLOR = unpack("n",$VIDE.substr($IMG,$P,1)); + $COLOR[1] = $PALETTE[$COLOR[1]+1]; + } + elseif ($BMP['bits_per_pixel'] == 4) + { + $COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1)); + if (($P*2)%2 == 0) $COLOR[1] = ($COLOR[1] >> 4) ; else $COLOR[1] = ($COLOR[1] & 0x0F); + $COLOR[1] = $PALETTE[$COLOR[1]+1]; + } + elseif ($BMP['bits_per_pixel'] == 1) + { + $COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1)); + if (($P*8)%8 == 0) $COLOR[1] = $COLOR[1] >>7; + elseif (($P*8)%8 == 1) $COLOR[1] = ($COLOR[1] & 0x40)>>6; + elseif (($P*8)%8 == 2) $COLOR[1] = ($COLOR[1] & 0x20)>>5; + elseif (($P*8)%8 == 3) $COLOR[1] = ($COLOR[1] & 0x10)>>4; + elseif (($P*8)%8 == 4) $COLOR[1] = ($COLOR[1] & 0x8)>>3; + elseif (($P*8)%8 == 5) $COLOR[1] = ($COLOR[1] & 0x4)>>2; + elseif (($P*8)%8 == 6) $COLOR[1] = ($COLOR[1] & 0x2)>>1; + elseif (($P*8)%8 == 7) $COLOR[1] = ($COLOR[1] & 0x1); + $COLOR[1] = $PALETTE[$COLOR[1]+1]; + } + else + return FALSE; + imagesetpixel($res,$X,$Y,$COLOR[1]); + $X++; + $P += $BMP['bytes_per_pixel']; } - // imagebmp helpers - function int_to_dword($n) { - return chr($n & 255).chr(($n >> 8) & 255).chr(($n >> 16) & 255).chr(($n >> 24) & 255); + $Y--; + $P+=$BMP['decal']; + } + fclose($f1); + + return $res; +} + +function imagebmp(&$img, $filename='') { + $widthOrig = imagesx($img); + $widthFloor = ((floor($widthOrig/16))*16); + $widthCeil = ((ceil($widthOrig/16))*16); + $height = imagesy($img); + + $size = ($widthCeil*$height*3)+54; + + // Bitmap File Header + $result = 'BM'; // header (2b) + $result .= int_to_dword($size); // size of file (4b) + $result .= int_to_dword(0); // reserved (4b) + $result .= int_to_dword(54); // byte location in the file which is first byte of IMAGE (4b) + // Bitmap Info Header + $result .= int_to_dword(40); // Size of BITMAPINFOHEADER (4b) + $result .= int_to_dword($widthCeil); // width of bitmap (4b) + $result .= int_to_dword($height); // height of bitmap (4b) + $result .= int_to_word(1); // biPlanes = 1 (2b) + $result .= int_to_word(24); // biBitCount = {1 (mono) or 4 (16 clr ) or 8 (256 clr) or 24 (16 Mil)} (2b + $result .= int_to_dword(0); // RLE COMPRESSION (4b) + $result .= int_to_dword(0); // width x height (4b) + $result .= int_to_dword(0); // biXPelsPerMeter (4b) + $result .= int_to_dword(0); // biYPelsPerMeter (4b) + $result .= int_to_dword(0); // Number of palettes used (4b) + $result .= int_to_dword(0); // Number of important colour (4b) + + // is faster than chr() + $arrChr = array(); + for($i=0; $i<256; $i++){ + $arrChr[$i] = chr($i); } - function int_to_word($n) { - return chr($n & 255).chr(($n >> 8) & 255); + + // creates image data + $bgfillcolor = array('red'=>0, 'green'=>0, 'blue'=>0); + + // bottom to top - left to right - attention blue green red !!! + $y=$height-1; + for ($y2=0; $y2<$height; $y2++) { + for ($x=0; $x<$widthFloor; ) { + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + $rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y)); + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + } + for ($x=$widthFloor; $x<$widthCeil; $x++) { + $rgb = ($x<$widthOrig) ? imagecolorsforindex($img, imagecolorat($img, $x, $y)) : $bgfillcolor; + $result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']]; + } + $y--; + } + + // see imagegif + if($filename == '') { + echo $result; + } else { + $file = fopen($filename, 'wb'); + fwrite($file, $result); + fclose($file); } +} +// imagebmp helpers +function int_to_dword($n) { + return chr($n & 255).chr(($n >> 8) & 255).chr(($n >> 16) & 255).chr(($n >> 24) & 255); +} +function int_to_word($n) { + return chr($n & 255).chr(($n >> 8) & 255); +} -?> diff --git a/inc/mod.php b/inc/mod.php index 43ed760d..de6e2e9a 100644 --- a/inc/mod.php +++ b/inc/mod.php @@ -1,283 +1,287 @@ bindValue(':username', $username); - $query->bindValue(':password', $password); - $query->execute() or error(db_error($query)); - - if($user = $query->fetch()) { - return $mod = Array( - 'id' => $user['id'], - 'type' => $user['type'], - 'username' => $username, - 'hash' => mkhash($username, $password), - 'boards' => explode(',', $user['boards']) - ); - } else return false; - } + // generate hash (method is not important as long as it's strong) + $hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20); - function setCookies() { - global $mod, $config; - if(!$mod) - error('setCookies() was called for a non-moderator!'); - - setcookie($config['cookies']['mod'], - $mod['username'] . // username - ':' . - $mod['hash'][0] . // password - ':' . - $mod['hash'][1], // salt - time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); - } + if(isset($generated_salt)) + return Array($hash, $salt); + else + return $hash; +} + +function login($username, $password, $makehash=true) { + global $mod; - function destroyCookies() { - global $config; - // Delete the cookies - setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true); + // SHA1 password + if($makehash) { + $password = sha1($password); } - function create_pm_header() { - global $mod; - $query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1"); - $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($pm = $query->fetch()) { - return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1); - } - - return false; + $query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1"); + $query->bindValue(':username', $username); + $query->bindValue(':password', $password); + $query->execute() or error(db_error($query)); + + if($user = $query->fetch()) { + return $mod = Array( + 'id' => $user['id'], + 'type' => $user['type'], + 'username' => $username, + 'hash' => mkhash($username, $password), + 'boards' => explode(',', $user['boards']) + ); + } else return false; +} + +function setCookies() { + global $mod, $config; + if(!$mod) + error('setCookies() was called for a non-moderator!'); + + setcookie($config['cookies']['mod'], + $mod['username'] . // username + ':' . + $mod['hash'][0] . // password + ':' . + $mod['hash'][1], // salt + time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); +} + +function destroyCookies() { + global $config; + // Delete the cookies + setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true); +} + +function create_pm_header() { + global $mod; + $query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1"); + $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($pm = $query->fetch()) { + return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1); } - function modLog($action, $_board=null) { - global $mod, $board, $config; - $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)"); - $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':text', $action); - if(isset($_board)) - $query->bindValue(':board', $_board); - elseif(isset($board)) - $query->bindValue(':board', $board['id']); - else - $query->bindValue(':board', null, PDO::PARAM_NULL); - $query->execute() or error(db_error($query)); - - if($config['syslog']) - _syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action); + return false; +} + +function modLog($action, $_board=null) { + global $mod, $board, $config; + $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)"); + $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':text', $action); + if(isset($_board)) + $query->bindValue(':board', $_board); + elseif(isset($board)) + $query->bindValue(':board', $board['id']); + else + $query->bindValue(':board', null, PDO::PARAM_NULL); + $query->execute() or error(db_error($query)); + + if($config['syslog']) + _syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action); +} + +// Generates a
    element with a list of linked +// boards and their subtitles. (without the
      opening and ending tags) +function ulBoards() { + global $mod, $config; + + $body = ''; + + // List of boards + $boards = listBoards(); + + foreach($boards as &$b) { + $body .= '
    • ' . + '' . + sprintf($config['board_abbreviation'], $b['uri']) . + ' - ' . + $b['title'] . + (isset($b['subtitle']) ? ' — ' . $b['subtitle'] . '' : '') . + ($mod['type'] >= $config['mod']['manageboards'] ? + ' [manage]' : '') . + '
      • '; } - // Generates a
        element with a list of linked - // boards and their subtitles. (without the
          opening and ending tags) - function ulBoards() { - global $mod, $config; - - $body = ''; - - // List of boards - $boards = listBoards(); - - foreach($boards as &$b) { - $body .= '
        • ' . - '' . - sprintf($config['board_abbreviation'], $b['uri']) . - ' - ' . - $b['title'] . - (isset($b['subtitle']) ? ' — ' . $b['subtitle'] . '' : '') . - ($mod['type'] >= $config['mod']['manageboards'] ? - ' [manage]' : '') . - '
          • '; - } - - if($mod['type'] >= $config['mod']['newboard']) { - $body .= '
        • ' . _('Create new board') . '
          • '; - } - return $body; + if($mod['type'] >= $config['mod']['newboard']) { + $body .= '
        • ' . _('Create new board') . '
          • '; } + return $body; +} + +function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false, $allow_public = false) { + global $config, $mod; - function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false, $allow_public = false) { - global $config, $mod; - - $boards = listBoards(); - $__boards = '
          • '; - foreach($boards as &$_board) { - $__boards .= '
        • ' . - '' . - '' . - '
          • '; - } - - return '
          New ban' . - '
          ' . - ($continue ? '' : '') . - ($delete || $allow_public ? '' : '') . - ($board ? '' : '') . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - ($mod['type'] >= $config['mod']['public_ban'] && $allow_public ? - '' . - '' . - '' . - '' . - '' - : '') . - '' . - '' . - '' . - '' . - - '' . - '' . - '' . - '' . - - '' . - '' . - '' . - '' . - '
          ' . - ' ' . - ' (public; attached to post)
          ' . - ' (eg. "2d1h30m" or "2 days")
          Board
            ' . $__boards . '
          ' . - '
          ' . - '
          '; + $boards = listBoards(); + $__boards = '
          • '; + foreach($boards as &$_board) { + $__boards .= '
        • ' . + '' . + '' . + '
          • '; } - function form_newBoard() { - return '
          New board' . - '
          ' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . + return '
          New ban' . + '' . + ($continue ? '' : '') . + ($delete || $allow_public ? '' : '') . + ($board ? '' : '') . + '
          ' . - ' (eg. "b"; "mu")
          ' . - ' (eg. "Random")
          ' . - ' (optional)
          ' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + ($mod['type'] >= $config['mod']['public_ban'] && $allow_public ? '' . - '' . - '' . - '' . - '
          ' . - '
          ' . - '
          '; - } + '' . + '' . + ' ' . + ' (public; attached to post)' . + '' . + '' + : '') . + '' . + '' . + '' . + ' (eg. "2d1h30m" or "2 days")' . + '' . + + '' . + 'Board' . + '
            ' . $__boards . '' . + '' . + + '' . + '' . + '' . + '' . + '' . + '' . + ''; +} + +function form_newBoard() { + return '
            New board' . + '
            ' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
            ' . + ' (eg. "b"; "mu")
            ' . + ' (eg. "Random")
            ' . + ' (optional)
            ' . + '
            ' . + '
            '; +} + + +function removeBan($id) { + global $config, $memcached; + $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); - function removeBan($id) { - global $config, $memcached; - - $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - //if($config['memcached']['enabled']) { - // Remove cached ban - // TODO - // $memcached->delete("ban_{$id}"); - //} + //if($config['memcached']['enabled']) { + // Remove cached ban + // TODO + // $memcached->delete("ban_{$id}"); + //} +} + + +// Validate session + +if(isset($_COOKIE[$config['cookies']['mod']])) { + // Should be username:hash:salt + $cookie = explode(':', $_COOKIE[$config['cookies']['mod']]); + if(count($cookie) != 3) { + destroyCookies(); + error($config['error']['malformed']); } + $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1"); + $query->bindValue(':username', $cookie[0]); + $query->execute() or error(db_error($query)); + $user = $query->fetch(); - // Validate session - - if(isset($_COOKIE[$config['cookies']['mod']])) { - // Should be username:hash:salt - $cookie = explode(':', $_COOKIE[$config['cookies']['mod']]); - if(count($cookie) != 3) { - destroyCookies(); - error($config['error']['malformed']); - } - - $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1"); - $query->bindValue(':username', $cookie[0]); - $query->execute() or error(db_error($query)); - $user = $query->fetch(); - - // validate password hash - if($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) { - // Malformed cookies - destroyCookies(); - error($config['error']['malformed']); - } - - $mod = Array( - 'id' => $user['id'], - 'type' => $user['type'], - 'username' => $cookie[0], - 'boards' => explode(',', $user['boards']) - ); + // validate password hash + if($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) { + // Malformed cookies + destroyCookies(); + error($config['error']['malformed']); } + + $mod = Array( + 'id' => $user['id'], + 'type' => $user['type'], + 'username' => $cookie[0], + 'boards' => explode(',', $user['boards']) + ); +} diff --git a/inc/remote.php b/inc/remote.php index bf170486..664aa2bb 100644 --- a/inc/remote.php +++ b/inc/remote.php @@ -1,57 +1,67 @@ $value) { - $this->{$name} = $value; - } - - $methods = Array(); - - if(!isset($this->auth['method'])) - error('Unspecified authentication method.'); - - // Connect - $this->connection = ssh2_connect($this->host, isset($this->port) ? $this->port : 22, $methods); - - switch($this->auth['method']) { - case 'pubkey': - - if(!isset($this->auth['public'])) - error('Public key filename not specified.'); - if(!isset($this->auth['private'])) - error('Private key filename not specified.'); - - if(!ssh2_auth_pubkey_file($this->connection, $this->auth['username'], $this->auth['public'], $this->auth['private'], isset($this->auth['passphrase']) ? $this->auth['passphrase']: null)) - error('Public key authentication failed.'); - break; - case 'plain': - if(!ssh2_auth_password($this->connection, $this->auth['username'], $this->auth['password'])) - error('Plain-text authentication failed.'); - break; - default: - error('Unknown authentication method: "' . $this->auth['method'] . '".'); - } - + +/* + * Copyright (c) 2010-2012 Tinyboard Development Group + */ + +if(realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) { + // You cannot request this file directly. + exit; +} + +class Remote { + public function __construct($config) { + foreach($config as $name => $value) { + $this->{$name} = $value; } - public function write($data, $remote_path) { - global $config; - - switch($this->type) { - case 'sftp': - $sftp = ssh2_sftp($this->connection); - file_write('ssh2.sftp://' . $sftp . $remote_path, $data, true); - break; - case 'scp': - $file = tempnam($config['tmp'], 'tinyboard-scp'); - // Write to temp file - file_write($file, $data); - - ssh2_scp_send($this->connection, $file, $remote_path, 0755); - break; - default: - error('Unknown send method.'); - } + $methods = Array(); + + if(!isset($this->auth['method'])) + error('Unspecified authentication method.'); + + // Connect + $this->connection = ssh2_connect($this->host, isset($this->port) ? $this->port : 22, $methods); + + switch($this->auth['method']) { + case 'pubkey': + + if(!isset($this->auth['public'])) + error('Public key filename not specified.'); + if(!isset($this->auth['private'])) + error('Private key filename not specified.'); + + if(!ssh2_auth_pubkey_file($this->connection, $this->auth['username'], $this->auth['public'], $this->auth['private'], isset($this->auth['passphrase']) ? $this->auth['passphrase']: null)) + error('Public key authentication failed.'); + break; + case 'plain': + if(!ssh2_auth_password($this->connection, $this->auth['username'], $this->auth['password'])) + error('Plain-text authentication failed.'); + break; + default: + error('Unknown authentication method: "' . $this->auth['method'] . '".'); + } + + } + + public function write($data, $remote_path) { + global $config; + + switch($this->type) { + case 'sftp': + $sftp = ssh2_sftp($this->connection); + file_write('ssh2.sftp://' . $sftp . $remote_path, $data, true); + break; + case 'scp': + $file = tempnam($config['tmp'], 'tinyboard-scp'); + // Write to temp file + file_write($file, $data); + + ssh2_scp_send($this->connection, $file, $remote_path, 0755); + break; + default: + error('Unknown send method.'); } - }; -?> + } +}; + diff --git a/inc/template.php b/inc/template.php index 2a79f918..b348f153 100644 --- a/inc/template.php +++ b/inc/template.php @@ -1,57 +1,72 @@ setPaths($config['dir']['template']); + $twig = new Twig_Environment($loader, Array( + 'autoescape' => false, + 'cache' => "{$config['dir']['template']}/cache", + 'debug' => ($config['debug'] ? true : false), + )); + $twig->addExtension(new Twig_Extensions_Extension_Tinyboard()); + $twig->addExtension(new Twig_Extensions_Extension_I18n()); +} + +function Element($templateFile, array $options) { + global $config, $debug, $twig; - function Element($templateFile, array $options) { - global $config, $debug, $loader; - - if(function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod']))) { - $options['pm'] = create_pm_header(); + if(!$twig) + load_twig(); + + if(function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod']))) { + $options['pm'] = create_pm_header(); + } + + if(isset($options['body']) && $config['debug']) { + if(isset($debug['start'])) { + $debug['time'] = '~' . round((microtime(true) - $debug['start']) * 1000, 2) . 'ms'; + unset($debug['start']); } + $debug['included'] = get_included_files(); + $debug['memory'] = round(memory_get_usage(true) / (1024 * 1024), 2) . ' MiB'; + $options['body'] .= + '

            Debug

            ' .
+				str_replace("\n", '
            ', utf8tohtml(print_r($debug, true))) .
+			'
            '; + } + + // Read the template file + if(@file_get_contents("{$config['dir']['template']}/${templateFile}")) { + $body = $twig->render($templateFile, $options); - if(isset($options['body']) && $config['debug']) { - if(isset($debug['start'])) { - $debug['time'] = '~' . round((microtime(true) - $debug['start']) * 1000, 2) . 'ms'; - unset($debug['start']); - - } - $options['body'] .= '

            Debug

            ' . str_replace("\n", '
            ', utf8tohtml(print_r($debug, true))) . '
            '; + if($config['minify_html'] && preg_match('/\.html$/', $templateFile)) { + $body = trim(preg_replace("/[\t\r\n]/", '', $body)); } - $loader->setPaths($config['dir']['template']); - - $twig = new Twig_Environment($loader, Array( - 'autoescape' => false, - 'cache' => "{$config['dir']['template']}/cache", - 'debug' => ($config['debug'] ? true : false), - )); - $twig->addExtension(new Twig_Extensions_Extension_Tinyboard()); - $twig->addExtension(new Twig_Extensions_Extension_I18n()); - - // Read the template file - if(@file_get_contents("{$config['dir']['template']}/${templateFile}")) { - $body = $twig->render($templateFile, $options); - - if($config['minify_html'] && preg_match('/\.html$/', $templateFile)) { - $body = trim(preg_replace("/[\t\r\n]/", '', $body)); - } - - return $body; - } else { - throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!"); - } + return $body; + } else { + throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!"); } -?> +} + diff --git a/inc/user.php b/inc/user.php deleted file mode 100644 index 2c11ded0..00000000 --- a/inc/user.php +++ /dev/null @@ -1,10 +0,0 @@ - $config, - 'title' => 'Install', - 'body' => '', - 'nojavascript' => true - ); - - // this breaks the dispaly of licenses if enabled - $config['minify_html'] = false; - - if(file_exists($config['has_installed'])) { - - // Check the version number - $version = trim(file_get_contents($config['has_installed'])); - if(empty($version)) - $version = 'v0.9.1'; - - $boards = listBoards(); - - switch($version) { - case 'v0.9': - case 'v0.9.1': - // Upgrade to v0.9.2-dev - - foreach($boards as &$_board) { - // Add `capcode` field after `trip` - query(sprintf("ALTER TABLE `posts_%s` ADD `capcode` VARCHAR( 50 ) NULL AFTER `trip`", $_board['uri'])) or error(db_error()); - - // Resize `trip` to 15 characters - query(sprintf("ALTER TABLE `posts_%s` CHANGE `trip` `trip` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error()); - } - case 'v0.9.2-dev': - // Upgrade to v0.9.2-dev-1 - - // New table: `theme_settings` - query("CREATE TABLE IF NOT EXISTS `theme_settings` ( `name` varchar(40) NOT NULL, `value` text, UNIQUE KEY `name` (`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error()); - - // New table: `news` - query("CREATE TABLE IF NOT EXISTS `news` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` text NOT NULL, `time` int(11) NOT NULL, `subject` text NOT NULL, `body` text NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;") or error(db_error()); - case 'v0.9.2.1-dev': - case 'v0.9.2-dev-1': - // Fix broken version number/mistake - $version = 'v0.9.2-dev-1'; - // Upgrade to v0.9.2-dev-2 - - foreach($boards as &$_board) { - // Increase field sizes - query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); - query(sprintf("ALTER TABLE `posts_%s` CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); - } - case 'v0.9.2-dev-2': - // Upgrade to v0.9.2-dev-3 (v0.9.2) - - foreach($boards as &$_board) { - // Add `custom_fields` field - query(sprintf("ALTER TABLE `posts_%s` ADD `embed` TEXT NULL", $_board['uri'])) or error(db_error()); - } - case 'v0.9.2-dev-3': // v0.9.2-dev-3 == v0.9.2 - case 'v0.9.2': - // Upgrade to v0.9.3-dev-1 - - // Upgrade `theme_settings` table - query("TRUNCATE TABLE `theme_settings`") or error(db_error()); - query("ALTER TABLE `theme_settings` ADD `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error()); - query("ALTER TABLE `theme_settings` CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); - query("ALTER TABLE `theme_settings` DROP INDEX `name`") or error(db_error()); - case 'v0.9.3-dev-1': - query("ALTER TABLE `mods` ADD `boards` TEXT NOT NULL") or error(db_error()); - query("UPDATE `mods` SET `boards` = '*'") or error(db_error()); - case 'v0.9.3-dev-2': - foreach($boards as &$_board) { - query(sprintf("ALTER TABLE `posts_%s` CHANGE `filehash` `filehash` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error()); - } - case 'v0.9.3-dev-3': - // Board-specifc bans - query("ALTER TABLE `bans` ADD `board` SMALLINT NULL AFTER `reason`") or error(db_error()); - case 'v0.9.3-dev-4': - // add ban ID - query("ALTER TABLE `bans` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY ( `id` ), ADD UNIQUE (`id`)"); - case 'v0.9.3-dev-5': - foreach($boards as &$_board) { - // Increase subject field size - query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); - } - case 'v0.9.3-dev-6': - // change to MyISAM - $tables = Array( - 'bans', 'boards', 'ip_notes', 'modlogs', 'mods', 'mutes', 'noticeboard', 'pms', 'reports', 'robot', 'theme_settings', 'news' - ); - foreach($boards as &$board) { - $tables[] = "posts_{$board['uri']}"; - } + +// Installation/upgrade file +define('VERSION', 'v0.9.6-dev-1'); + +require 'inc/functions.php'; + +$step = isset($_GET['step']) ? round($_GET['step']) : 0; +$page = Array( + 'config' => $config, + 'title' => 'Install', + 'body' => '', + 'nojavascript' => true +); + +// this breaks the dispaly of licenses if enabled +$config['minify_html'] = false; + +if(file_exists($config['has_installed'])) { + + // Check the version number + $version = trim(file_get_contents($config['has_installed'])); + if(empty($version)) + $version = 'v0.9.1'; + + $boards = listBoards(); + + switch($version) { + case 'v0.9': + case 'v0.9.1': + // Upgrade to v0.9.2-dev + + foreach($boards as &$_board) { + // Add `capcode` field after `trip` + query(sprintf("ALTER TABLE `posts_%s` ADD `capcode` VARCHAR( 50 ) NULL AFTER `trip`", $_board['uri'])) or error(db_error()); - foreach($tables as &$table) { - query("ALTER TABLE `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error()); - } - case 'v0.9.3-dev-7': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s` CHANGE `filename` `filename` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $board['uri'])) or error(db_error()); - } - case 'v0.9.3-dev-8': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s` ADD INDEX ( `thread` )", $board['uri'])) or error(db_error()); - } - case 'v0.9.3-dev-9': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s`ADD INDEX ( `time` )", $board['uri'])) or error(db_error()); - query(sprintf("ALTER TABLE `posts_%s`ADD FULLTEXT (`body`)", $board['uri'])) or error(db_error()); - } - case 'v0.9.3-dev-10': - case 'v0.9.3': - query("ALTER TABLE `bans` DROP INDEX `id`") or error(db_error()); - query("ALTER TABLE `pms` DROP INDEX `id`") or error(db_error()); - query("ALTER TABLE `boards` DROP PRIMARY KEY") or error(db_error()); - query("ALTER TABLE `reports` DROP INDEX `id`") or error(db_error()); - query("ALTER TABLE `boards` DROP INDEX `uri`") or error(db_error()); + // Resize `trip` to 15 characters + query(sprintf("ALTER TABLE `posts_%s` CHANGE `trip` `trip` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error()); + } + case 'v0.9.2-dev': + // Upgrade to v0.9.2-dev-1 + + // New table: `theme_settings` + query("CREATE TABLE IF NOT EXISTS `theme_settings` ( `name` varchar(40) NOT NULL, `value` text, UNIQUE KEY `name` (`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error()); + + // New table: `news` + query("CREATE TABLE IF NOT EXISTS `news` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` text NOT NULL, `time` int(11) NOT NULL, `subject` text NOT NULL, `body` text NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;") or error(db_error()); + case 'v0.9.2.1-dev': + case 'v0.9.2-dev-1': + // Fix broken version number/mistake + $version = 'v0.9.2-dev-1'; + // Upgrade to v0.9.2-dev-2 + + foreach($boards as &$_board) { + // Increase field sizes + query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); + query(sprintf("ALTER TABLE `posts_%s` CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); + } + case 'v0.9.2-dev-2': + // Upgrade to v0.9.2-dev-3 (v0.9.2) + + foreach($boards as &$_board) { + // Add `custom_fields` field + query(sprintf("ALTER TABLE `posts_%s` ADD `embed` TEXT NULL", $_board['uri'])) or error(db_error()); + } + case 'v0.9.2-dev-3': // v0.9.2-dev-3 == v0.9.2 + case 'v0.9.2': + // Upgrade to v0.9.3-dev-1 + + // Upgrade `theme_settings` table + query("TRUNCATE TABLE `theme_settings`") or error(db_error()); + query("ALTER TABLE `theme_settings` ADD `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error()); + query("ALTER TABLE `theme_settings` CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); + query("ALTER TABLE `theme_settings` DROP INDEX `name`") or error(db_error()); + case 'v0.9.3-dev-1': + query("ALTER TABLE `mods` ADD `boards` TEXT NOT NULL") or error(db_error()); + query("UPDATE `mods` SET `boards` = '*'") or error(db_error()); + case 'v0.9.3-dev-2': + foreach($boards as &$_board) { + query(sprintf("ALTER TABLE `posts_%s` CHANGE `filehash` `filehash` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error()); + } + case 'v0.9.3-dev-3': + // Board-specifc bans + query("ALTER TABLE `bans` ADD `board` SMALLINT NULL AFTER `reason`") or error(db_error()); + case 'v0.9.3-dev-4': + // add ban ID + query("ALTER TABLE `bans` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY ( `id` ), ADD UNIQUE (`id`)"); + case 'v0.9.3-dev-5': + foreach($boards as &$_board) { + // Increase subject field size + query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); + } + case 'v0.9.3-dev-6': + // change to MyISAM + $tables = Array( + 'bans', 'boards', 'ip_notes', 'modlogs', 'mods', 'mutes', 'noticeboard', 'pms', 'reports', 'robot', 'theme_settings', 'news' + ); + foreach($boards as &$board) { + $tables[] = "posts_{$board['uri']}"; + } + + foreach($tables as &$table) { + query("ALTER TABLE `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error()); + } + case 'v0.9.3-dev-7': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s` CHANGE `filename` `filename` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $board['uri'])) or error(db_error()); + } + case 'v0.9.3-dev-8': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s` ADD INDEX ( `thread` )", $board['uri'])) or error(db_error()); + } + case 'v0.9.3-dev-9': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s`ADD INDEX ( `time` )", $board['uri'])) or error(db_error()); + query(sprintf("ALTER TABLE `posts_%s`ADD FULLTEXT (`body`)", $board['uri'])) or error(db_error()); + } + case 'v0.9.3-dev-10': + case 'v0.9.3': + query("ALTER TABLE `bans` DROP INDEX `id`") or error(db_error()); + query("ALTER TABLE `pms` DROP INDEX `id`") or error(db_error()); + query("ALTER TABLE `boards` DROP PRIMARY KEY") or error(db_error()); + query("ALTER TABLE `reports` DROP INDEX `id`") or error(db_error()); + query("ALTER TABLE `boards` DROP INDEX `uri`") or error(db_error()); + + query("ALTER IGNORE TABLE `robot` ADD PRIMARY KEY (`hash`)") or error(db_error()); + query("ALTER TABLE `bans` ADD FULLTEXT (`ip`)") or error(db_error()); + query("ALTER TABLE `ip_notes` ADD INDEX (`ip`)") or error(db_error()); + query("ALTER TABLE `modlogs` ADD INDEX (`time`)") or error(db_error()); + query("ALTER TABLE `boards` ADD PRIMARY KEY(`uri`)") or error(db_error()); + query("ALTER TABLE `mutes` ADD INDEX (`ip`)") or error(db_error()); + query("ALTER TABLE `news` ADD INDEX (`time`)") or error(db_error()); + query("ALTER TABLE `theme_settings` ADD INDEX (`theme`)") or error(db_error()); + case 'v0.9.4-dev-1': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s` ADD `sage` INT( 1 ) NOT NULL AFTER `locked`", $board['uri'])) or error(db_error()); + } + case 'v0.9.4-dev-2': + if(!isset($_GET['confirm'])) { + $page['title'] = 'License Change'; + $page['body'] = '

            You are upgrading to a version which uses an amended license. The licenses included with Tinyboard distributions prior to this version (v0.9.4-dev-2) are still valid for those versions, but no longer apply to this and newer versions.

            ' . + ' +

            + I have read and understood the agreement. Proceed to upgrading. +

            '; - query("ALTER IGNORE TABLE `robot` ADD PRIMARY KEY (`hash`)") or error(db_error()); - query("ALTER TABLE `bans` ADD FULLTEXT (`ip`)") or error(db_error()); - query("ALTER TABLE `ip_notes` ADD INDEX (`ip`)") or error(db_error()); - query("ALTER TABLE `modlogs` ADD INDEX (`time`)") or error(db_error()); - query("ALTER TABLE `boards` ADD PRIMARY KEY(`uri`)") or error(db_error()); - query("ALTER TABLE `mutes` ADD INDEX (`ip`)") or error(db_error()); - query("ALTER TABLE `news` ADD INDEX (`time`)") or error(db_error()); - query("ALTER TABLE `theme_settings` ADD INDEX (`theme`)") or error(db_error()); - case 'v0.9.4-dev-1': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s` ADD `sage` INT( 1 ) NOT NULL AFTER `locked`", $board['uri'])) or error(db_error()); - } - case 'v0.9.4-dev-2': - if(!isset($_GET['confirm'])) { - $page['title'] = 'License Change'; - $page['body'] = '

            You are upgrading to a version which uses an amended license. The licenses included with Tinyboard distributions prior to this version (v0.9.4-dev-2) are still valid for those versions, but no longer apply to this and newer versions.

            ' . - ' -

            - I have read and understood the agreement. Proceed to upgrading. -

            '; - - file_write($config['has_installed'], 'v0.9.4-dev-2'); - - break; - } - case 'v0.9.4-dev-3': - case 'v0.9.4-dev-4': - case 'v0.9.4': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s` - CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , - CHANGE `email` `email` VARCHAR( 30 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , - CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL", $board['uri'])) or error(db_error()); - } - case 'v0.9.5-dev-1': - foreach($boards as &$board) { - query(sprintf("ALTER TABLE `posts_%s` ADD `body_nomarkup` TEXT NULL AFTER `body`", $board['uri'])) or error(db_error()); - } - query("CREATE TABLE IF NOT EXISTS `cites` ( `board` varchar(8) NOT NULL, `post` int(11) NOT NULL, `target_board` varchar(8) NOT NULL, `target` int(11) NOT NULL, KEY `target` (`target_board`,`target`), KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error()); - case 'v0.9.5-dev-2': - query("ALTER TABLE `boards` - CHANGE `uri` `uri` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - CHANGE `title` `title` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - CHANGE `subtitle` `subtitle` VARCHAR( 120 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); - case 'v0.9.5-dev-3': - // v0.9.5 - case 'v0.9.5': - query("ALTER TABLE `boards` - CHANGE `uri` `uri` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - CHANGE `title` `title` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - CHANGE `subtitle` `subtitle` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); - case false: - // Update version number - file_write($config['has_installed'], VERSION); + file_write($config['has_installed'], 'v0.9.4-dev-2'); - $page['title'] = 'Upgraded'; - $page['body'] = '

            Successfully upgraded from ' . $version . ' to ' . VERSION . '.

            '; - break; - default: - $page['title'] = 'Unknown version'; - $page['body'] = '

            Tinyboard was unable to determine what version is currently installed.

            '; break; - case VERSION: - $page['title'] = 'Already installed'; - $page['body'] = '

            It appears that Tinyboard is already installed (' . $version . ') and there is nothing to upgrade! Delete ' . $config['has_installed'] . ' to reinstall.

            '; - break; - } + } + case 'v0.9.4-dev-3': + case 'v0.9.4-dev-4': + case 'v0.9.4': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s` + CHANGE `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , + CHANGE `email` `email` VARCHAR( 30 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL , + CHANGE `name` `name` VARCHAR( 35 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL", $board['uri'])) or error(db_error()); + } + case 'v0.9.5-dev-1': + foreach($boards as &$board) { + query(sprintf("ALTER TABLE `posts_%s` ADD `body_nomarkup` TEXT NULL AFTER `body`", $board['uri'])) or error(db_error()); + } + query("CREATE TABLE IF NOT EXISTS `cites` ( `board` varchar(8) NOT NULL, `post` int(11) NOT NULL, `target_board` varchar(8) NOT NULL, `target` int(11) NOT NULL, KEY `target` (`target_board`,`target`), KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error()); + case 'v0.9.5-dev-2': + query("ALTER TABLE `boards` + CHANGE `uri` `uri` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + CHANGE `title` `title` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + CHANGE `subtitle` `subtitle` VARCHAR( 120 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); + case 'v0.9.5-dev-3': + // v0.9.5 + case 'v0.9.5': + query("ALTER TABLE `boards` + CHANGE `uri` `uri` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + CHANGE `title` `title` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + CHANGE `subtitle` `subtitle` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); + case false: + // Update version number + file_write($config['has_installed'], VERSION); + + $page['title'] = 'Upgraded'; + $page['body'] = '

            Successfully upgraded from ' . $version . ' to ' . VERSION . '.

            '; + break; + default: + $page['title'] = 'Unknown version'; + $page['body'] = '

            Tinyboard was unable to determine what version is currently installed.

            '; + break; + case VERSION: + $page['title'] = 'Already installed'; + $page['body'] = '

            It appears that Tinyboard is already installed (' . $version . ') and there is nothing to upgrade! Delete ' . $config['has_installed'] . ' to reinstall.

            '; + break; + } + + die(Element('page.html', $page)); +} + +if($step == 0) { + // Agreeement + $page['body'] = ' + +

            + I have read and understood the agreement. Proceed to installation. +

            '; + + echo Element('page.html', $page); +} elseif($step == 1) { + $page['title'] = 'Pre-installation test'; + + $page['body'] = ''; + + function rheader($item) { + global $page, $config; - die(Element('page.html', $page)); + $page['body'] .= ''; } - if($step == 0) { - // Agreeement - $page['body'] = ' - -

            - I have read and understood the agreement. Proceed to installation. -

            '; - - echo Element('page.html', $page); - } elseif($step == 1) { - $page['title'] = 'Pre-installation test'; + function row($item, $result) { + global $page, $config, $__is_error; + if(!$result) + $__is_error = true; + $page['body'] .= ''; + } + + + // Required extensions + rheader('PHP extensions'); + row('PDO', extension_loaded('pdo')); + row('GD', extension_loaded('gd')); + + // GD tests + rheader('GD tests'); + row('JPEG', function_exists('imagecreatefromjpeg')); + row('PNG', function_exists('imagecreatefrompng')); + row('GIF', function_exists('imagecreatefromgif')); + + // Database drivers + $drivers = PDO::getAvailableDrivers(); + + rheader('PDO drivers (currently installed drivers)'); + foreach($drivers as &$driver) { + row($driver, true); + } + + // Permissions + rheader('File permissions'); + row('root directory (' . getcwd() . ')', is_writable('.')); + + $page['body'] .= '
            ' . $item . '
            ' . $item . '
            +

            + Continue' . (isset($__is_error) ? ' anyway' : '') . ' +

            '; + + echo Element('page.html', $page); +} elseif($step == 2) { + // Basic config + $page['title'] = 'Configuration'; + + function create_salt() { + return substr(base64_encode(sha1(rand())), 0, rand(25, 31)); + } + + $page['body'] = ' +
            +
            + Database + + + + - // Required extensions - rheader('PHP extensions'); - row('PDO', extension_loaded('pdo')); - row('GD', extension_loaded('gd')); + + - // GD tests - rheader('GD tests'); - row('JPEG', function_exists('imagecreatefromjpeg')); - row('PNG', function_exists('imagecreatefrompng')); - row('GIF', function_exists('imagecreatefromgif')); + + - // Database drivers - $drivers = PDO::getAvailableDrivers(); + + +
            +

            The following is all later configurable. For more options, edit your configuration files after installing.

            +
            + Cookies + + - rheader('PDO drivers (currently installed drivers)'); - foreach($drivers as &$driver) { - row($driver, true); - } + + +
            + +
            + Flood control + + - // Permissions - rheader('File permissions'); - row('root directory (' . getcwd() . ')', is_writable('.')); + + - $page['body'] .= ' -

            - Continue' . (isset($__is_error) ? ' anyway' : '') . ' -

            '; + + - echo Element('page.html', $page); - } elseif($step == 2) { - // Basic config - $page['title'] = 'Configuration'; + + - function create_salt() { - return substr(base64_encode(sha1(rand())), 0, rand(25, 31)); - } + + - $page['body'] = ' - -
            - Database - - - - - - - - - - - - - - -
            -

            The following is all later configurable. For more options, edit your configuration files after installing.

            -
            - Cookies - - - - - -
            + + +
            + +
            + Images + + -
            - Flood control - - - - - - - - - - - - - - - - - -
            + + -
            - Images - - - - - - - - - - - - - - -
            + + -
            - Display - - - - - - - - -
            + + -
            - Directories - - - - - - - - - - - -
            + + +
            + +
            + Display + + -
            - Miscellaneous - - -
            + + -

            - -

            - - '; + + +
            + +
            + Directories + + + + - echo Element('page.html', $page); - } elseif($step == 3) { - $instance_config = + + + + + +
            + +
            + Miscellaneous + + +
            + +

            + +

            + + '; + + + echo Element('page.html', $page); +} elseif($step == 3) { + $instance_config = ' $value) { - if(is_array($value)) { - $instance_config .= "\n"; - create_config_from_array($instance_config, $value, $prefix . '[\'' . addslashes($name) . '\']'); - $instance_config .= "\n"; - } else { - $instance_config .= ' $config' . $prefix . '[\'' . addslashes($name) . '\'] = '; + + function create_config_from_array(&$instance_config, &$array, $prefix = '') { + foreach($array as $name => $value) { + if(is_array($value)) { + $instance_config .= "\n"; + create_config_from_array($instance_config, $value, $prefix . '[\'' . addslashes($name) . '\']'); + $instance_config .= "\n"; + } else { + $instance_config .= ' $config' . $prefix . '[\'' . addslashes($name) . '\'] = '; + + if(is_numeric($value)) + $instance_config .= $value; + else + $instance_config .= "'" . addslashes($value) . "'"; - if(is_numeric($value)) - $instance_config .= $value; - else - $instance_config .= "'" . addslashes($value) . "'"; - - $instance_config .= ";\n"; - } + $instance_config .= ";\n"; } } - - create_config_from_array($instance_config, $_POST); - - $instance_config .= "\n"; - - if(@file_put_contents('inc/instance-config.php', $instance_config)) { - header('Location: ?step=4', true, $config['redirect_http']); - } else { - $page['title'] = 'Manual installation required'; - $page['body'] = ' -

            I couldn\'t write to inc/instance-config.php with the new configuration, probably due to a permissions error.

            -

            Please complete the installation manually by copying and pasting the following code into the contents of inc/instance-config.php:

            - -

            - Once complete, click here to complete installation. -

            - '; - echo Element('page.html', $page); - } - } elseif($step == 4) { - // SQL installation - - buildJavascript(); - - $sql = @file_get_contents('install.sql') or error("Couldn't load install.sql."); - - // This code is probably horrible, but what I'm trying - // to do is find all of the SQL queires and put them - // in an array. - preg_match_all("/(^|\n)((SET|CREATE|INSERT).+)\n\n/msU", $sql, $queries); - $queries = $queries[2]; - - $queries[] = Element('posts.sql', Array('board' => 'b')); - - $sql_errors = ''; - foreach($queries as &$query) { - if(!query($query)) - $sql_errors .= '
          • ' . db_error() . '
            • '; - } - - $boards = listBoards(); - foreach($boards as &$_board) { - setupBoard($_board); - buildIndex(); - } - - $page['title'] = 'Installation complete'; - $page['body'] = '

            Thank you for using Tinyboard. Please remember to report any bugs you discover. How do I edit the config files?

            '; - - if(!empty($sql_errors)) { - $page['body'] .= '

            SQL errors

            SQL errors were encountered when trying to install the database. This may be the result of using a database which is already occupied with a Tinyboard installation; if so, you can probably ignore this.

            The errors encountered were:

              ' . $sql_errors . '

            Ignore errors and complete installation.

            '; - } else { - file_write($config['has_installed'], VERSION); - if(!file_unlink(__FILE__)) { - $page['body'] .= '

            Delete install.php!

            I couldn\'t remove install.php. You will have to remove it manually.

            '; - } - } - + } + + create_config_from_array($instance_config, $_POST); + + $instance_config .= "\n"; + + if(@file_put_contents('inc/instance-config.php', $instance_config)) { + header('Location: ?step=4', true, $config['redirect_http']); + } else { + $page['title'] = 'Manual installation required'; + $page['body'] = ' +

            I couldn\'t write to inc/instance-config.php with the new configuration, probably due to a permissions error.

            +

            Please complete the installation manually by copying and pasting the following code into the contents of inc/instance-config.php:

            + +

            + Once complete, click here to complete installation. +

            + '; echo Element('page.html', $page); - } elseif($step == 5) { - $page['title'] = 'Installation complete'; - $page['body'] = '

            Thank you for using Tinyboard. Please remember to report any bugs you discover.

            '; - + } +} elseif($step == 4) { + // SQL installation + + buildJavascript(); + + $sql = @file_get_contents('install.sql') or error("Couldn't load install.sql."); + + // This code is probably horrible, but what I'm trying + // to do is find all of the SQL queires and put them + // in an array. + preg_match_all("/(^|\n)((SET|CREATE|INSERT).+)\n\n/msU", $sql, $queries); + $queries = $queries[2]; + + $queries[] = Element('posts.sql', Array('board' => 'b')); + + $sql_errors = ''; + foreach($queries as &$query) { + if(!query($query)) + $sql_errors .= '
          • ' . db_error() . '
            • '; + } + + $boards = listBoards(); + foreach($boards as &$_board) { + setupBoard($_board); + buildIndex(); + } + + $page['title'] = 'Installation complete'; + $page['body'] = '

            Thank you for using Tinyboard. Please remember to report any bugs you discover. How do I edit the config files?

            '; + + if(!empty($sql_errors)) { + $page['body'] .= '

            SQL errors

            SQL errors were encountered when trying to install the database. This may be the result of using a database which is already occupied with a Tinyboard installation; if so, you can probably ignore this.

            The errors encountered were:

              ' . $sql_errors . '

            Ignore errors and complete installation.

            '; + } else { file_write($config['has_installed'], VERSION); if(!file_unlink(__FILE__)) { $page['body'] .= '

            Delete install.php!

            I couldn\'t remove install.php. You will have to remove it manually.

            '; } - - echo Element('page.html', $page); } -?> + + echo Element('page.html', $page); +} elseif($step == 5) { + $page['title'] = 'Installation complete'; + $page['body'] = '

            Thank you for using Tinyboard. Please remember to report any bugs you discover.

            '; + + file_write($config['has_installed'], VERSION); + if(!file_unlink(__FILE__)) { + $page['body'] .= '

            Delete install.php!

            I couldn\'t remove install.php. You will have to remove it manually.

            '; + } + + echo Element('page.html', $page); +} + diff --git a/mod.php b/mod.php index a51ac227..d4b55655 100644 --- a/mod.php +++ b/mod.php @@ -1,838 +1,753 @@ str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), + 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), + 'img' => preg_quote($config['dir']['img'], '/'), + 'thumb' => preg_quote($config['dir']['thumb'], '/'), + 'res' => preg_quote($config['dir']['res'], '/'), + 'index' => preg_quote($config['file_index'], '/') + ); - // If not logged in - if(!$mod) { - if(isset($_POST['login'])) { - // Check if inputs are set and not empty - if( !isset($_POST['username']) || - !isset($_POST['password']) || - empty($_POST['username']) || - empty($_POST['password']) - ) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query); + if(preg_match('/^\/?$/', $query)) { + // Dashboard + $fieldset = array( + 'Boards' => '', + 'Noticeboard' => '', + 'Administration' => '', + 'Themes' => '', + 'Search' => '', + 'Update' => '', + 'Logout' => '' + ); + + // Boards + $fieldset['Boards'] .= ulBoards(); + + if(hasPermission($config['mod']['noticeboard'])) { + if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) { + $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); + $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + $fieldset['Noticeboard'] .= '
          • '; - if(!login($_POST['username'], $_POST['password'])) { - if($config['syslog']) - _syslog(LOG_WARNING, 'Unauthorized login attempt!'); - loginForm($config['error']['invalid'], $_POST['username'], '?' . $query); + $_body = ''; + while($notice = $query->fetch()) { + $_body .= '
          • ' . + ($notice['subject'] ? + $notice['subject'] + : + '' . _('no subject') . '' + ) . + ' — by ' . + (isset($notice['username']) ? + utf8tohtml($notice['username']) + : '???') . + ' at ' . + strftime($config['post_date'], $notice['time']) . + '
            • '; + } + if(!empty($_body)) { + $fieldset['Noticeboard'] .= '
              ' . $_body . '
          • '; + } + if($config['cache']['enabled']) + cache::set('noticeboard_preview', $fieldset['Noticeboard']); } - modLog("Logged in."); - - // Login successful - // Set cookies - setCookies(); - - // Redirect - if(isset($_POST['redirect'])) - header('Location: ' . $_POST['redirect'], true, $config['redirect_http']); - else - header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']); - } else { - loginForm(false, false, '?' . $query); + $fieldset['Noticeboard'] .= '' . _('View all entries') . '
            • '; + + $query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1"); + $query->bindValue(':id', $mod['id']); + $query->execute() or error(db_error($query)); + $count = $query->fetch(); + $count = $count['count']; + + $fieldset['Noticeboard'] .= '
          • ' . _('PM Inbox') . + ($count > 0 + ? + ' (' . $count . ' unread)' + : '') . + '
            • '; + + $fieldset['Noticeboard'] .= '
          • ' . _('News') . '
            • '; } - } else { - // Redirect (for index pages) - if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) { - header('Location: ' . $_GET['r'], true, $_GET['status']); - exit; + + + if(hasPermission($config['mod']['reports'])) { + $fieldset['Administration'] .= '
          • ' . _('Report queue') . '
            • '; + } + if(hasPermission($config['mod']['view_banlist'])) { + $fieldset['Administration'] .= '
          • ' . _('Ban list') . '
            • '; + } + if(hasPermission($config['mod']['manageusers'])) { + $fieldset['Administration'] .= '
          • ' . _('Manage users') . '
            • '; + } elseif(hasPermission($config['mod']['change_password'])) { + $fieldset['Administration'] .= '
          • ' . _('Change own password') . '
            • '; + } + if(hasPermission($config['mod']['modlog'])) { + $fieldset['Administration'] .= '
          • ' . _('Moderation log') . '
            • '; + } + if(hasPermission($config['mod']['rebuild'])) { + $fieldset['Administration'] .= '
          • ' . _('Rebuild static files') . '
            • '; + } + if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) { + $fieldset['Administration'] .= '
          • ' . _('Clear cache') . '
            • '; + } + if(hasPermission($config['mod']['show_config'])) { + $fieldset['Administration'] .= '
          • ' . _('Show configuration') . '
            • '; } - // A sort of "cache" - // Stops calling preg_quote and str_replace when not needed; only does it once - $regex = Array( - 'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), - 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), - 'img' => preg_quote($config['dir']['img'], '/'), - 'thumb' => preg_quote($config['dir']['thumb'], '/'), - 'res' => preg_quote($config['dir']['res'], '/'), - 'index' => preg_quote($config['file_index'], '/') - ); + if(hasPermission($config['mod']['themes'])) { + $fieldset['Themes'] .= '
          • ' . _('Manage themes') . '
            • '; + } - if(preg_match('/^\/?$/', $query)) { - // Dashboard - $fieldset = Array( - 'Boards' => '', - 'Noticeboard' => '', - 'Administration' => '', - 'Themes' => '', - 'Search' => '', - 'Update' => '', - 'Logout' => '' - ); - - // Boards - $fieldset['Boards'] .= ulBoards(); - - if(hasPermission($config['mod']['noticeboard'])) { - if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) { - $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); - $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $fieldset['Noticeboard'] .= '
          • '; + if(hasPermission($config['mod']['search'])) { + $fieldset['Search'] .= '
          • ' . + ' ' . + '' . + '' . + '
            ' . + '

            ' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '

            ' . + '
            • '; + } + + if($mod['type'] >= ADMIN && $config['check_updates']) { + if(!$config['version']) + error(_('Could not find current version! (Check .installed)')); + if(isset($_COOKIE['update'])) { + $latest = unserialize($_COOKIE['update']); + } else { + $ctx = stream_context_create(array( + 'http' => array( + 'timeout' => 3 + ) + ) + ); - $_body = ''; - while($notice = $query->fetch()) { - $_body .= '
          • ' . - ($notice['subject'] ? - $notice['subject'] - : - '' . _('no subject') . '' - ) . - ' — by ' . - (isset($notice['username']) ? - utf8tohtml($notice['username']) - : '???') . - ' at ' . - strftime($config['post_date'], $notice['time']) . - '
            • '; - } - if(!empty($_body)) { - $fieldset['Noticeboard'] .= '
              ' . $_body . '
          • '; + if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { + eval($code); + if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) { + $current = array( + 'massive' => (int)$m[1], + 'major' => (int)$m[2], + 'minor' => (int)$m[3] + ); + if(isset($m[4])) { + // Development versions are always ahead in the versioning numbers + $current['minor'] --; + } } - if($config['cache']['enabled']) - cache::set('noticeboard_preview', $fieldset['Noticeboard']); + // Check if it's newer + if( $latest['massive'] > $current['massive'] || + $latest['major'] > $current['major'] || + ($latest['massive'] == $current['massive'] && + $latest['major'] == $current['major'] && + $latest['minor'] > $current['minor'] + )) { + $latest = $latest; + } else $latest = false; + } else { + // Couldn't get latest version + // TODO: Display some sort of warning message + $latest = false; } - $fieldset['Noticeboard'] .= '' . _('View all entries') . '
            • '; - - $query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1"); - $query->bindValue(':id', $mod['id']); - $query->execute() or error(db_error($query)); - $count = $query->fetch(); - $count = $count['count']; + + setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); + } - $fieldset['Noticeboard'] .= '
          • ' . _('PM Inbox') . - ($count > 0 - ? - ' (' . $count . ' unread)' - : '') . - '
            • '; + if($latest) { + $fieldset['Update'] .= + '
          • A newer version of Tinyboard (v' . + $latest['massive'] . '.' . + $latest['major'] . '.' . + $latest['minor'] . + ') is available! See http://tinyboard.org/ for upgrade instructions.
            • '; + } + } + + $fieldset['Logout'] .= '
          • ' . _('Logout') . '
            • '; + + // TODO: Statistics, etc, in the dashboard. + + $body = ''; + foreach($fieldset as $title => $data) { + if($data) + $body .= '
            ' . _($title) . '
              ' . $data . '
            '; + } + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Dashboard'), + 'body'=>$body, + '__mod'=>true + )); + } elseif(preg_match('/^\/logout$/', $query)) { + destroyCookies(); + + header('Location: ?/', true, $config['redirect_http']); + } elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) { + $uri = &$matches[1]; + + $body = '

            ' . + 'Are you sure you want to do that?' . + 'We were unable to serve a confirmation dialog for ' . + '?/' . utf8tohtml($uri) . '' . + ', probably due to Javascript being disabled.' . + '

            ' . + '

            Confirm

            '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Confirm', + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/upgrade$/', $query)) { + if($mod['type'] != ADMIN) + error($config['error']['noaccess']); + + if(is_dir('.git')) { + // use git instead - $fieldset['Noticeboard'] .= '
          • ' . _('News') . '
            • '; + $body = '

            git pull

            '; + $body .= '

            ' . str_replace("\n", '
            ', shell_exec('git pull')) . '

            '; + $body .= '
            '; + echo Element('page.html', array( + 'config' => $config, + 'title' => 'Upgraded', + 'body' => $body + )); + exit; + } + + if(!extension_loaded('curl')) + error('You need the cURL PHP extension to do that.'); + + if(!class_exists('ZipArchive')) + error('You need the ZipArchive class to do that.'); + + if(!in_array('zip', stream_get_wrappers())) + error('You need the zip:// stream wrapper to do that.'); + + $temp = tempnam($config['tmp'], 'tinyboard'); + + $fp = fopen($temp, 'w+'); + + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master'); + curl_setopt($curl, CURLOPT_FAILONERROR, true); + curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); + curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($curl, CURLOPT_TIMEOUT, 45); + curl_setopt($curl, CURLOPT_FILE, $fp); + curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile()); + curl_setopt($curl, CURLOPT_HEADER, true); + + curl_exec($curl); + + if(curl_errno($curl)) + error('Failed downloading newest revision: ' . curl_error($curl)); + + curl_close($curl); + + fflush($fp); + fclose($fp); + + fseek($header, 0); + $version = false; + while($line = fgets($header)) { + if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) { + $version = $m[1]; } + } + fclose($header); + + $zip = new ZipArchive(); + if(!$zip->open($temp)) + error('Could not make sense of the ZIP archive.'); + + $version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0)); + + $errors = array(); + for($i = 1; $i < $zip->numFiles; $i++) { + $filename = str_replace($dir, '', $zip->getNameIndex($i)); + if($filename == 'inc/instance-config.php') + continue; // don't override config - if(hasPermission($config['mod']['reports'])) { - $fieldset['Administration'] .= '
          • ' . _('Report queue') . '
            • '; - } - if(hasPermission($config['mod']['view_banlist'])) { - $fieldset['Administration'] .= '
          • ' . _('Ban list') . '
            • '; - } - if(hasPermission($config['mod']['manageusers'])) { - $fieldset['Administration'] .= '
          • ' . _('Manage users') . '
            • '; - } elseif(hasPermission($config['mod']['change_password'])) { - $fieldset['Administration'] .= '
          • ' . _('Change own password') . '
            • '; + // are we able to write here? + if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable(dirname($filename))))) { + // nope + $errors[] = 'Cannot write to ' . $filename . '!'; } - if(hasPermission($config['mod']['modlog'])) { - $fieldset['Administration'] .= '
          • ' . _('Moderation log') . '
            • '; - } - if(hasPermission($config['mod']['rebuild'])) { - $fieldset['Administration'] .= '
          • ' . _('Rebuild static files') . '
            • '; - } - if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) { - $fieldset['Administration'] .= '
          • ' . _('Clear cache') . '
            • '; - } - if(hasPermission($config['mod']['show_config'])) { - $fieldset['Administration'] .= '
          • ' . _('Show configuration') . '
            • '; - } - - if(hasPermission($config['mod']['themes'])) { - $fieldset['Themes'] .= '
          • ' . _('Manage themes') . '
            • '; + } + + $zip->close(); + + if($errors) { + $body = '

            Error(s) upgrading

            Tinyboard can not self-upgrade until the following is fixed:

              '; + foreach($errors as $error) { + $body .= '
            • ' . $error . '
              • '; } + $body .= '

            Please fix the above errors and refresh to try again.

            '; - if(hasPermission($config['mod']['search'])) { - $fieldset['Search'] .= '
          • ' . - ' ' . - '' . - '' . - '
            ' . - '

            ' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '

            ' . - '
            • '; - } + unlink($temp); - if($mod['type'] >= ADMIN && $config['check_updates']) { - if(!$config['version']) - error(_('Could not find current version! (Check .installed)')); - if(isset($_COOKIE['update'])) { - $latest = unserialize($_COOKIE['update']); - } else { - $ctx = stream_context_create(array( - 'http' => array( - 'timeout' => 3 - ) - ) - ); - - if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { - eval($code); - if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) { - $current = Array( - 'massive' => (int)$m[1], - 'major' => (int)$m[2], - 'minor' => (int)$m[3] - ); - if(isset($m[4])) { - // Development versions are always ahead in the versioning numbers - $current['minor'] --; + echo Element('page.html', array( + 'config' => $config, + 'title' => 'Error(s) upgrading', + 'body' => $body + )); + exit; + } + + // For some reason, reading the ZIP entries in PHP doesn't seem to work very well. + // Use shell instead. + shell_exec('TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg($temp) . ' -d $TEMP_DIR -x "' . escapeshellarg($dir) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg($dir) . '* "' . getcwd() . '"; rm -rf $TEMP_DIR'); + + unlink($temp); + + echo Element('page.html', array( + 'config' => $config, + 'title' => 'Upgraded', + 'body' => '

            Upgrading seems to have gone okay. You are now at revision ' . $version . '.

            ' + )); + } elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) { + if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); + + $page = isset($match[2]) ? $match[2] : 1; + + $boards = array(); + $_boards = listBoards(); + foreach($_boards as &$_b) { + $boards[$_b['id']] = $_b['uri']; + } + + $query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); + $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(!$query->rowCount()) { + $body = '

            (Nothing to display.)

            '; + } else { + $body = '' . + '' . + '' . + '' . + '' . + '' . + '' . + ''; + while($log = $query->fetch()) { + $log_id = 'log_' . md5($log['text']); + + if($config['cache']['enabled'] && $_log = cache::get($log_id)) + $log['text'] = $_log; + else { + + $log['text'] = utf8tohtml($log['text']); + $log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '$1', $log['text']); + + if(isset($boards[$log['board']])) { + if(preg_match('/post #(\d+)/', $log['text'], $match)) { + $post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']])); + $post_query->bindValue(':id', $match[1], PDO::PARAM_INT); + $post_query->execute() or error(db_error($query)); + + if($post = $post_query->fetch()) { + $log['text'] = preg_replace('/post (#(\d+))/', + 'post $1', $log['text']); + } else { + $log['text'] = preg_replace('/post (#(\d+))/', 'post $1', $log['text']); } + + if($config['cache']['enabled']) + cache::set($log_id, $log['text']); } - // Check if it's newer - if( $latest['massive'] > $current['massive'] || - $latest['major'] > $current['major'] || - ($latest['massive'] == $current['massive'] && - $latest['major'] == $current['major'] && - $latest['minor'] > $current['minor'] - )) { - $latest = $latest; - } else $latest = false; - } else { - // Couldn't get latest version - // TODO: Display some sort of warning message - $latest = false; } - - - setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true); } - if($latest) { - $fieldset['Update'] .= - '
          • A newer version of Tinyboard (v' . - $latest['massive'] . '.' . - $latest['major'] . '.' . - $latest['minor'] . - ') is available! See http://tinyboard.org/ for upgrade instructions.
            • '; - } + $body .= '' . + '' . + '' . + '' . + '' + : 'deleted?') + : '-') . + '' . + ''; } + + $body .= '
            ' . _('User') . '' . _('IP address') . '' . _('Ago') . '' . _('Board') . '' . _('Action') . '
            ' . + ($log['username'] ? + '' . $log['username'] . '' + : '' . ($log['id'] < 0 ? 'system' : 'deleted?') . '') . + '' . ($log['id'] < 0 ? '–' : '' . $log['ip'] . '') . '' . ago($log['time']) . '' . + ($log['board'] ? + (isset($boards[$log['board']]) ? + '' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '' . $log['text'] . '
            '; - $fieldset['Logout'] .= '
          • ' . _('Logout') . '
            • '; - - // TODO: Statistics, etc, in the dashboard. + $query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`"); + $query->execute() or error(db_error($query)); + $count = $query->fetch(); - $body = ''; - foreach($fieldset as $title => $data) { - if($data) - $body .= '
            ' . _($title) . '
              ' . $data . '
            '; + $body .= '

            '; + for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) { + $body .= '[' . ($x + 1) . '] '; } + $body .= '

            '; + } + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Moderation log'), + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/themes\/none$/', $query, $match)) { + if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); + + // Clearsettings + query("TRUNCATE TABLE `theme_settings`") or error(db_error()); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'No theme', + 'body'=>'

            Successfully uninstalled all themes.

            ' . + '

            Go back to themes.

            ', + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) { + if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); + + rebuildTheme($match[1], 'all'); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Rebuilt', + 'body'=>'

            Successfully rebuilt the ' . $match[1] . ' theme.

            ' . + '

            Go back to themes.

            ', + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) { + if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); + + $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query->bindValue(':theme', $match[1]); + $query->execute() or error(db_error($query)); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Uninstalled', + 'body'=>'

            Successfully uninstalled the ' . $match[1] . ' theme.

            ' . + '

            Go back to themes.

            ', + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) { + if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); + + if(!is_dir($config['dir']['themes'])) + error(_('Themes directory doesn\'t exist!')); + if(!$dir = opendir($config['dir']['themes'])) + error(_('Cannot open themes directory; check permissions.')); + + if(isset($match[2])) { + $_theme = &$match[2]; - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Dashboard'), - 'body'=>$body, - '__mod'=>true - )); - } elseif(preg_match('/^\/logout$/', $query)) { - destroyCookies(); - - header('Location: ?/', true, $config['redirect_http']); - } elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) { - $uri = &$matches[1]; - - $body = '

            ' . - 'Are you sure you want to do that?' . - 'We were unable to serve a confirmation dialog for ' . - '?/' . utf8tohtml($uri) . '' . - ', probably due to Javascript being disabled.' . - '

            ' . - '

            Confirm

            '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Confirm', - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/upgrade$/', $query)) { - if($mod['type'] != ADMIN) - error($config['error']['noaccess']); - - if(is_dir('.git')) { - // use git instead - - $body = '

            git pull

            '; - $body .= '

            ' . str_replace("\n", '
            ', shell_exec('git pull')) . '

            '; - $body .= '
            '; - echo Element('page.html', Array( - 'config' => $config, - 'title' => 'Upgraded', - 'body' => $body - )); - exit; + if(!$theme = loadThemeConfig($_theme)) { + error($config['error']['invalidtheme']); } - if(!extension_loaded('curl')) - error('You need the cURL PHP extension to do that.'); - - if(!class_exists('ZipArchive')) - error('You need the ZipArchive class to do that.'); - - if(!in_array('zip', stream_get_wrappers())) - error('You need the zip:// stream wrapper to do that.'); - - $temp = tempnam($config['tmp'], 'tinyboard'); - - $fp = fopen($temp, 'w+'); - - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master'); - curl_setopt($curl, CURLOPT_FAILONERROR, true); - curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); - curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); - curl_setopt($curl, CURLOPT_TIMEOUT, 45); - curl_setopt($curl, CURLOPT_FILE, $fp); - curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile()); - curl_setopt($curl, CURLOPT_HEADER, true); - - curl_exec($curl); - - if(curl_errno($curl)) - error('Failed downloading newest revision: ' . curl_error($curl)); - - curl_close($curl); - - fflush($fp); - fclose($fp); - - fseek($header, 0); - $version = false; - while($line = fgets($header)) { - if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) { - $version = $m[1]; + if(isset($_POST['install'])) { + // Check if everything is submitted + foreach($theme['config'] as &$c) { + if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox') + error(sprintf($config['error']['required'], $c['title'])); } - } - fclose($header); - - $zip = new ZipArchive(); - if(!$zip->open($temp)) - error('Could not make sense of the ZIP archive.'); - - $version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0)); - - $errors = Array(); - for($i = 1; $i < $zip->numFiles; $i++) { - $filename = str_replace($dir, '', $zip->getNameIndex($i)); - if($filename == 'inc/instance-config.php') - continue; // don't override config + // Clear previous settings + $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query->bindValue(':theme', $_theme); + $query->execute() or error(db_error($query)); + + foreach($theme['config'] as &$c) { + $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)"); + $query->bindValue(':theme', $_theme); + $query->bindValue(':name', $c['name']); + $query->bindValue(':value', $_POST[$c['name']]); + $query->execute() or error(db_error($query)); + } + + $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)"); + $query->bindValue(':theme', $_theme); + $query->execute() or error(db_error($query)); - // are we able to write here? - if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable(dirname($filename))))) { - // nope - $errors[] = 'Cannot write to ' . $filename . '!'; + $result = true; + $body = ''; + if(isset($theme['install_callback'])) { + $ret = $theme['install_callback'](themeSettings($_theme)); + if($ret && !empty($ret)) { + if(is_array($ret) && count($ret) == 2) { + $result = $ret[0]; + $ret = $ret[1]; + } + $body .= '
            ' . $ret . '
            '; + } } - } - - $zip->close(); - - if($errors) { - $body = '

            Error(s) upgrading

            Tinyboard can not self-upgrade until the following is fixed:

              '; - foreach($errors as $error) { - $body .= '
            • ' . $error . '
              • '; + + if($result) { + $body .= '

              Successfully installed and built theme.

              '; + } else { + // install failed + $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query->bindValue(':theme', $_theme); + $query->execute() or error(db_error($query)); } - $body .= '

            Please fix the above errors and refresh to try again.

            '; - unlink($temp); + $body .= '

            Go back to themes.

            '; - echo Element('page.html', Array( - 'config' => $config, - 'title' => 'Error(s) upgrading', - 'body' => $body - )); - exit; - } - - // For some reason, reading the ZIP entries in PHP doesn't seem to work very well. - // Use shell instead. - shell_exec('TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg($temp) . ' -d $TEMP_DIR -x "' . escapeshellarg($dir) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg($dir) . '* "' . getcwd() . '"; rm -rf $TEMP_DIR'); - - unlink($temp); - - echo Element('page.html', Array( - 'config' => $config, - 'title' => 'Upgraded', - 'body' => '

            Upgrading seems to have gone okay. You are now at revision ' . $version . '.

            ' - )); - } elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) { - if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); - - $page = isset($match[2]) ? $match[2] : 1; - - $boards = Array(); - $_boards = listBoards(); - foreach($_boards as &$_b) { - $boards[$_b['id']] = $_b['uri']; - } - - $query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); - $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); - $query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if(!$query->rowCount()) { - $body = '

            (Nothing to display.)

            '; + // Build themes + rebuildThemes('all'); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'), + 'body'=>$body, + 'mod'=>true + ) + ); } else { - $body = '' . - '' . - '' . - '' . - '' . - '' . - '' . - ''; - while($log = $query->fetch()) { - $log_id = 'log_' . md5($log['text']); - - if($config['cache']['enabled'] && $_log = cache::get($log_id)) - $log['text'] = $_log; - else { - - $log['text'] = utf8tohtml($log['text']); - $log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '$1', $log['text']); + $body = ''; + + if(!isset($theme['config']) || empty($theme['config'])) { + $body .= '

            (No configuration required.)

            '; + } else { + $settings = themeSettings($_theme); - if(isset($boards[$log['board']])) { - if(preg_match('/post #(\d+)/', $log['text'], $match)) { - $post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']])); - $post_query->bindValue(':id', $match[1], PDO::PARAM_INT); - $post_query->execute() or error(db_error($query)); - - if($post = $post_query->fetch()) { - $log['text'] = preg_replace('/post (#(\d+))/', - 'post $1', $log['text']); - } else { - $log['text'] = preg_replace('/post (#(\d+))/', 'post $1', $log['text']); - } - - if($config['cache']['enabled']) - cache::set($log_id, $log['text']); - } + $body .= '
            ' . _('User') . '' . _('IP address') . '' . _('Ago') . '' . _('Board') . '' . _('Action') . '
            '; + foreach($theme['config'] as &$c) { + $body .= ''; } - - $body .= '' . - '' . - '' . - '' . - '' - : 'deleted?') - : '-') . - '' . - ''; + $body .= '
            ' . $c['title'] . ''; + switch($c['type']) { + case 'text': + default: + $body .= ''; } + if(isset($c['comment'])) + $body .= ' ' . $c['comment'] . ''; + $body .= '
            ' . - ($log['username'] ? - '' . $log['username'] . '' - : '' . ($log['id'] < 0 ? 'system' : 'deleted?') . '') . - '' . ($log['id'] < 0 ? '–' : '' . $log['ip'] . '') . '' . ago($log['time']) . '' . - ($log['board'] ? - (isset($boards[$log['board']]) ? - '' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '' . $log['text'] . '
            '; } - - $body .= ''; - $query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`"); - $query->execute() or error(db_error($query)); - $count = $query->fetch(); + $body .= '

            '; - $body .= '

            '; - for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) { - $body .= '[' . ($x + 1) . '] '; - } - $body .= '

            '; + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Installing "' . utf8tohtml($theme['name']) . '"', + 'body'=>$body, + 'mod'=>true + ) + ); } + } else { - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Moderation log'), - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/themes\/none$/', $query, $match)) { - if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); - - // Clearsettings - query("TRUNCATE TABLE `theme_settings`") or error(db_error()); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'No theme', - 'body'=>'

            Successfully uninstalled all themes.

            ' . - '

            Go back to themes.

            ', - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) { - if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); - - rebuildTheme($match[1], 'all'); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Rebuilt', - 'body'=>'

            Successfully rebuilt the ' . $match[1] . ' theme.

            ' . - '

            Go back to themes.

            ', - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) { - if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); - - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); - $query->bindValue(':theme', $match[1]); - $query->execute() or error(db_error($query)); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Uninstalled', - 'body'=>'

            Successfully uninstalled the ' . $match[1] . ' theme.

            ' . - '

            Go back to themes.

            ', - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) { - if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); - - if(!is_dir($config['dir']['themes'])) - error(_('Themes directory doesn\'t exist!')); - if(!$dir = opendir($config['dir']['themes'])) - error(_('Cannot open themes directory; check permissions.')); + $themes_in_use = array(); + $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); + while($theme = $query->fetch()) { + $themes_in_use[$theme['theme']] = true; + } - if(isset($match[2])) { - $_theme = &$match[2]; - - if(!$theme = loadThemeConfig($_theme)) { - error($config['error']['invalidtheme']); - } - - if(isset($_POST['install'])) { - // Check if everything is submitted - foreach($theme['config'] as &$c) { - if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox') - error(sprintf($config['error']['required'], $c['title'])); - } - - // Clear previous settings - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); - $query->bindValue(':theme', $_theme); - $query->execute() or error(db_error($query)); - - foreach($theme['config'] as &$c) { - $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)"); - $query->bindValue(':theme', $_theme); - $query->bindValue(':name', $c['name']); - $query->bindValue(':value', $_POST[$c['name']]); - $query->execute() or error(db_error($query)); - } - - $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)"); - $query->bindValue(':theme', $_theme); - $query->execute() or error(db_error($query)); - - $result = true; - $body = ''; - if(isset($theme['install_callback'])) { - $ret = $theme['install_callback'](themeSettings($_theme)); - if($ret && !empty($ret)) { - if(is_array($ret) && count($ret) == 2) { - $result = $ret[0]; - $ret = $ret[1]; - } - $body .= '
            ' . $ret . '
            '; - } - } - - if($result) { - $body .= '

            Successfully installed and built theme.

            '; - } else { - // install failed - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); - $query->bindValue(':theme', $_theme); - $query->execute() or error(db_error($query)); - } - - $body .= '

            Go back to themes.

            '; - - // Build themes - rebuildThemes('all'); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'), - 'body'=>$body, - 'mod'=>true - ) - ); - } else { - $body = '
            '; - - if(!isset($theme['config']) || empty($theme['config'])) { - $body .= '

            (No configuration required.)

            '; - } else { - $settings = themeSettings($_theme); - - $body .= ''; - foreach($theme['config'] as &$c) { - $body .= ''; - } - $body .= '
            ' . $c['title'] . ''; - switch($c['type']) { - case 'text': - default: - $body .= ''; - } - if(isset($c['comment'])) - $body .= ' ' . $c['comment'] . ''; - $body .= '
            '; - } - - $body .= '

            '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Installing "' . utf8tohtml($theme['name']) . '"', - 'body'=>$body, - 'mod'=>true - ) - ); - } - } else { - - $themes_in_use = Array(); - $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); - while($theme = $query->fetch()) { - $themes_in_use[$theme['theme']] = true; - } - - // Scan directory for themes - $themes = Array(); - while($file = readdir($dir)) { - if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) { - $themes[] = $file; - } - } - closedir($dir); - - $body = ''; - if(empty($themes)) { - $body = '

            (No themes installed.)

            '; - } else { - $body .= ''; - foreach($themes as &$_theme) { - $theme = loadThemeConfig($_theme); - - markup($theme['description']); - - $body .= '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - ''; - } - $body .= '
            ' . _('Name') . '' . utf8tohtml($theme['name']) . '
            ' . _('Version') . '' . utf8tohtml($theme['version']) . '
            ' . _('Description') . '' . $theme['description'] . '
            ' . _('Thumbnail') . '
            ' . _('Actions') . '
            '; + // Scan directory for themes + $themes = array(); + while($file = readdir($dir)) { + if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) { + $themes[] = $file; } - - if(!empty($themes_in_use)) - $body .= '

            ' . _('Uninstall all themes.') . '

            '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Manage themes'), - 'body'=>$body, - 'mod'=>true - ) - ); } - } elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) { - if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); - - $query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id"); - $query->bindValue(':id', $match[1], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($config['cache']['enabled']) - cache::delete('noticeboard_preview'); - - header('Location: ?/noticeboard', true, $config['redirect_http']); - } elseif(preg_match('/^\/noticeboard$/', $query)) { - if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']); + closedir($dir); $body = ''; - - if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { - $query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); - $query->bindvalue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':subject', utf8tohtml($_POST['subject'])); - - markup($_POST['body']); - $query->bindValue(':body', $_POST['body']); - $query->execute() or error(db_error($query)); + if(empty($themes)) { + $body = '

            (No themes installed.)

            '; + } else { + $body .= ''; + foreach($themes as &$_theme) { + $theme = loadThemeConfig($_theme); - if($config['cache']['enabled']) - cache::delete('noticeboard_preview'); + markup($theme['description']); - header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']); - } else { - - if(hasPermission($config['mod']['noticeboard_post'])) { - $body .= '
            New post
            ' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '
            ' . $mod['username'] . '
            ' . _('Subject') . '
            ' . _('Body') . '
            ' . - ''; - } - - $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); - $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - while($notice = $query->fetch()) { - $body .= '
            ' . - (hasPermission($config['mod']['noticeboard_delete']) ? - '[delete]' - : '') . - '

            ' . - ($notice['subject'] ? - $notice['subject'] - : - '' . _('no subject') . '' - ) . - ' — by ' . - (isset($notice['username']) ? - utf8tohtml($notice['username']) - : - '???' - ) . - ' at ' . - strftime($config['post_date'], $notice['time']) . - '

            ' . $notice['body'] . '

            '; + $body .= '' . + '' . _('Name') . '' . + '' . utf8tohtml($theme['name']) . '' . + '' . + '' . + '' . _('Version') . '' . + '' . utf8tohtml($theme['version']) . '' . + '' . + '' . + '' . _('Description') . '' . + '' . $theme['description'] . '' . + '' . + '' . + '' . _('Thumbnail') . '' . + '' . + '' . + '' . + '' . _('Actions') . '' . + '' . + '' . + '
            '; } - - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Noticeboard'), - 'body'=>$body, - 'mod'=>true - ) - ); + $body .= ''; } - } elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) { - if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); - - $query = prepare("DELETE FROM `news` WHERE `id` = :id"); - $query->bindValue(':id', $match[1], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - rebuildThemes('news'); - header('Location: ?/news', true, $config['redirect_http']); - } elseif(preg_match('/^\/news$/', $query)) { - $body = ''; + if(!empty($themes_in_use)) + $body .= '

            ' . _('Uninstall all themes.') . '

            '; - if(hasPermission($config['mod']['news'])) { - if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { - $query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)"); - - if(isset($_POST['name']) && hasPermission($config['mod']['news_custom'])) - $name = &$_POST['name']; - else - $name = &$mod['username']; - - $query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT); - $query->bindvalue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':subject', utf8tohtml($_POST['subject'])); - - markup($_POST['body']); - $query->bindValue(':body', $_POST['body']); - $query->execute() or error(db_error($query)); - - rebuildThemes('news'); - } + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Manage themes'), + 'body'=>$body, + 'mod'=>true + ) + ); + } + } elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) { + if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); + + $query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id"); + $query->bindValue(':id', $match[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($config['cache']['enabled']) + cache::delete('noticeboard_preview'); + + header('Location: ?/noticeboard', true, $config['redirect_http']); + } elseif(preg_match('/^\/noticeboard$/', $query)) { + if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']); + + $body = ''; + + if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { + $query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindvalue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':subject', utf8tohtml($_POST['subject'])); + + markup($_POST['body']); + $query->bindValue(':body', $_POST['body']); + $query->execute() or error(db_error($query)); + + if($config['cache']['enabled']) + cache::delete('noticeboard_preview'); + header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']); + } else { + + if(hasPermission($config['mod']['noticeboard_post'])) { $body .= '
            New post
            ' . '' . - '' . - (hasPermission($config['mod']['news_custom']) ? - '' - : - '') . + '' . + '' . '' . '' . '' . @@ -840,572 +755,695 @@ '' . '' . '' . - '' . + '' . '
            ' . _('Name') . '' . $mod['username'] . '' . $mod['username'] . '
            ' . _('Subject') . '' . _('Body') . '
            ' . '
            '; } - $query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit"); + $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - while($news = $query->fetch()) { + while($notice = $query->fetch()) { $body .= '
            ' . - (hasPermission($config['mod']['news_delete']) ? - '[delete]' + (hasPermission($config['mod']['noticeboard_delete']) ? + '[delete]' : '') . - '

            ' . - ($news['subject'] ? - $news['subject'] + '

            ' . + ($notice['subject'] ? + $notice['subject'] : '' . _('no subject') . '' ) . ' — by ' . - $news['name'] . + (isset($notice['username']) ? + utf8tohtml($notice['username']) + : + '???' + ) . ' at ' . - strftime($config['post_date'], $news['time']) . - '

            ' . $news['body'] . '

            '; + strftime($config['post_date'], $notice['time']) . + '

            ' . $notice['body'] . '

            '; } - - - echo Element('page.html', Array( + + + echo Element('page.html', array( 'config'=>$config, - 'title'=>_('News'), + 'title'=>_('Noticeboard'), 'body'=>$body, 'mod'=>true ) ); - } elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) { - $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id"); - $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + } + } elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) { + if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); + + $query = prepare("DELETE FROM `news` WHERE `id` = :id"); + $query->bindValue(':id', $match[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + rebuildThemes('news'); + + header('Location: ?/news', true, $config['redirect_http']); + } elseif(preg_match('/^\/news$/', $query)) { + $body = ''; + + if(hasPermission($config['mod']['news'])) { + if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { + $query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)"); + + if(isset($_POST['name']) && hasPermission($config['mod']['news_custom'])) + $name = &$_POST['name']; + else + $name = &$mod['username']; + + $query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT); + $query->bindvalue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':subject', utf8tohtml($_POST['subject'])); + + markup($_POST['body']); + $query->bindValue(':body', $_POST['body']); + $query->execute() or error(db_error($query)); + + rebuildThemes('news'); + } - modLog('Marked all PMs as read'); + $body .= '
            New post
            ' . + '' . + '' . + (hasPermission($config['mod']['news_custom']) ? + '' + : + '') . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
            ' . _('Name') . '' . $mod['username'] . '
            ' . _('Subject') . '
            ' . _('Body') . '
            ' . + '
            '; + } + + $query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit"); + $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + while($news = $query->fetch()) { + $body .= '
            ' . + (hasPermission($config['mod']['news_delete']) ? + '[delete]' + : '') . + '

            ' . + ($news['subject'] ? + $news['subject'] + : + '' . _('no subject') . '' + ) . + ' — by ' . + $news['name'] . + ' at ' . + strftime($config['post_date'], $news['time']) . + '

            ' . $news['body'] . '

            '; + } + + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('News'), + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) { + $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id"); + $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + modLog('Marked all PMs as read'); + + header('Location: ?/inbox', true, $config['redirect_http']); + } elseif(preg_match('/^\/inbox$/', $query, $match)) { + $query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC"); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() == 0) { + $body = '

            (' . _('No private messages for you.') . ')

            '; + } else { + $unread_pms = 0; + + $body = ''; + while($pm = $query->fetch()) { + $body .= '' . + '' . + '' . + '' . + '' . + ''; + + if($pm['unread']) + $unread_pms++; + } + $body .= '
            IDFromDateMessage snippet
            ' . $pm['id'] . '' . + ($pm['username'] ? + '' . $pm['username'] . '' + : 'deleted?') . + '' . strftime($config['post_date'], $pm['time']) . '' . pm_snippet($pm['message']) . '
            '; - header('Location: ?/inbox', true, $config['redirect_http']); - } elseif(preg_match('/^\/inbox$/', $query, $match)) { - $query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC"); + if($unread_pms) { + $body = '

            (Mark all as read)

            ' . $body; + } + } + + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')', + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { + $id = &$match[1]; + + if(hasPermission($config['mod']['master_pm'])) { + $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id"); + } else { + $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + } + + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(!$pm = $query->fetch()) { + // Mod doesn't exist + error($config['error']['404']); + } + + if(isset($_POST['delete'])) { + $query = prepare("DELETE FROM `pms` WHERE `id` = :id"); + $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - if($query->rowCount() == 0) { - $body = '

            (' . _('No private messages for you.') . ')

            '; - } else { - $unread_pms = 0; - - $body = ''; - while($pm = $query->fetch()) { - $body .= '' . - '' . - '' . - '' . - '' . - ''; - - if($pm['unread']) - $unread_pms++; - } - $body .= '
            IDFromDateMessage snippet
            ' . $pm['id'] . '' . - ($pm['username'] ? - '' . $pm['username'] . '' - : 'deleted?') . - '' . strftime($config['post_date'], $pm['time']) . '' . pm_snippet($pm['message']) . '
            '; + modLog('Deleted a PM'); + + header('Location: ?/inbox', true, $config['redirect_http']); + } else { + if($pm['unread']) { + $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id"); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + modLog('Read a PM'); + } + + if($pm['to'] != $mod['id']) { + $query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); + $query->bindValue(':id', $pm['to'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); - if($unread_pms) { - $body = '

            (Mark all as read)

            ' . $body; + if($_mod = $query->fetch()) { + $__to = &$_mod['username']; + } else { + $__to = false; } } + $body = '
            ' . + + '' . + + (isset($__to) ? + '' + : '') . + + '' . + + '' . + + '
            From' . + (!$pm['username'] ? + '???' + : + '' . utf8tohtml($pm['username']) . '' + ) . + '
            To' . + ($__to === false ? + '???' + : + '' . utf8tohtml($__to) . '' + ) . + '
            Date ' . strftime($config['post_date'], $pm['time']) . '
            Message ' . $pm['message'] . '
            ' . - echo Element('page.html', Array( + '

            ' . + + '
            ' . + + '

            Reply with quote

            '; + + echo Element('page.html', array( 'config'=>$config, - 'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')', + 'title'=>'Private message', 'body'=>$body, 'mod'=>true ) ); - } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { - $id = &$match[1]; + } + } elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) { + if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); + + $to = &$match[1]; + + $query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id"); + $query->bindValue(':id', $to, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if(!$to = $query->fetch()) { + // Mod doesn't exist + error($config['error']['404']); + } + + if(isset($_POST['message'])) { + // Post message + $message = &$_POST['message']; - if(hasPermission($config['mod']['master_pm'])) { - $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id"); - } else { - $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); - } + if(empty($message)) + error($config['error']['tooshort_body']); - $query->bindValue(':id', $id, PDO::PARAM_INT); + markup($message); + + $query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)"); + $query->bindValue(':sender', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':to', $to['id'], PDO::PARAM_INT); + $query->bindValue(':message', $message); + $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); - if(!$pm = $query->fetch()) { - // Mod doesn't exist - error($config['error']['404']); - } + modLog('Sent a PM to ' . $to['username']); - if(isset($_POST['delete'])) { - $query = prepare("DELETE FROM `pms` WHERE `id` = :id"); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - modLog('Deleted a PM'); + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'PM sent', + 'body'=>'

            Message sent successfully to ' . utf8tohtml($to['username']) . '.

            ', + 'mod'=>true + ) + ); + } else { + $value = ''; + if(isset($match[3])) { + $reply = &$match[3]; - header('Location: ?/inbox', true, $config['redirect_http']); - } else { - if($pm['unread']) { - $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id"); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - modLog('Read a PM'); + $query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id"); + $query->bindValue(':sender', $to['id'], PDO::PARAM_INT); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':id', $reply, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + if($pm = $query->fetch()) { + $value = quote($pm['message']); } + } + + + $body = '
            ' . + + '' . + + '' . + + '' . + + '
            To' . + (hasPermission($config['mod']['editusers']) ? + '' . utf8tohtml($to['username']) . '' : + utf8tohtml($to['username']) + ) . + '
            Message
            ' . + + '

            ' . + + '
            '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'New PM for ' . utf8tohtml($to['username']), + 'body'=>$body, + 'mod'=>true + ) + ); + } + } elseif(preg_match('/^\/search$/', $query)) { + if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']); + + $body = '

            Search

            ' . + '

            ' . + '' . + '' . + '

            ' . + '

            (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)

            ' . + '
            '; + + if(isset($_POST['search']) && !empty($_POST['search'])) { + $phrase = &$_POST['search']; + $_body = ''; + + $filters = array(); + + function search_filters($m) { + global $filters; + $name = $m[2]; + $value = isset($m[4]) ? $m[4] : $m[3]; - if($pm['to'] != $mod['id']) { - $query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); - $query->bindValue(':id', $pm['to'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($_mod = $query->fetch()) { - $__to = &$_mod['username']; - } else { - $__to = false; - } - } - - $body = '
            ' . - - '' . - - (isset($__to) ? - '' - : '') . - - '' . - - '' . - - '
            From' . - (!$pm['username'] ? - '???' - : - '' . utf8tohtml($pm['username']) . '' - ) . - '
            To' . - ($__to === false ? - '???' - : - '' . utf8tohtml($__to) . '' - ) . - '
            Date ' . strftime($config['post_date'], $pm['time']) . '
            Message ' . $pm['message'] . '
            ' . - - '

            ' . - - '
            ' . + if(!in_array($name, array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) { + // unknown filter + return $m[0]; + } - '

            Reply with quote

            '; + $filters[$name] = $value; - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Private message', - 'body'=>$body, - 'mod'=>true - ) - ); + return $m[1]; } - } elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) { - if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); - $to = &$match[1]; + $phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase)); - $query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id"); - $query->bindValue(':id', $to, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + // Escape escape character + $phrase = str_replace('!', '!!', $phrase); - if(!$to = $query->fetch()) { - // Mod doesn't exist - error($config['error']['404']); + // Remove SQL wildcard + $phrase = str_replace('%', '!%', $phrase); + + // Use asterisk as wildcard to suit convention + $phrase = str_replace('*', '%', $phrase); + + $like = ''; + $match = array(); + + // Find exact phrases + if(preg_match_all('/"(.+?)"/', $phrase, $m)) { + foreach($m[1] as &$quote) { + $phrase = str_replace("\"{$quote}\"", '', $phrase); + $match[] = $pdo->quote($quote); + } } - if(isset($_POST['message'])) { - // Post message - $message = &$_POST['message']; - - if(empty($message)) - error($config['error']['tooshort_body']); - - markup($message); + $words = explode(' ', $phrase); + foreach($words as &$word) { + if(empty($word)) + continue; + $match[] = $pdo->quote($word); + } + + $like = ''; + foreach($match as &$phrase) { + if(!empty($like)) + $like .= ' AND '; + $phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); + $like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; + } + + foreach($filters as $name => $value) { + if(!empty($like)) + $like .= ' AND '; + $like .= '`' . $name . '` = '. $pdo->quote($value); + } + + $like = str_replace('%', '%%', $like); + + $boards = listBoards(); + foreach($boards as &$_b) { + openBoard($_b['uri']); - $query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)"); - $query->bindValue(':sender', $mod['id'], PDO::PARAM_INT); - $query->bindValue(':to', $to['id'], PDO::PARAM_INT); - $query->bindValue(':message', $message); - $query->bindValue(':time', time(), PDO::PARAM_INT); + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); + $query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - modLog('Sent a PM to ' . $to['username']); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'PM sent', - 'body'=>'

            Message sent successfully to ' . utf8tohtml($to['username']) . '.

            ', - 'mod'=>true - ) - ); - } else { - $value = ''; - if(isset($match[3])) { - $reply = &$match[3]; - - $query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id"); - $query->bindValue(':sender', $to['id'], PDO::PARAM_INT); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); - $query->bindValue(':id', $reply, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - if($pm = $query->fetch()) { - $value = quote($pm['message']); + $temp = ''; + while($post = $query->fetch()) { + if(!$post['thread']) { + $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); + } else { + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } + $temp .= $po->build(true) . '
            '; } - - $body = '
            ' . - - '' . - - '' . - '

            ' . + '' . - ''; + '' . - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'New PM for ' . utf8tohtml($to['username']), - 'body'=>$body, - 'mod'=>true - ) - ); + ''; + } + + $body .= '
            To' . - (hasPermission($config['mod']['editusers']) ? - '' . utf8tohtml($to['username']) . '' : - utf8tohtml($to['username']) - ) . + if(!empty($temp)) + $_body .= '
            ' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on ' . + sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . + '' . $temp . '
            '; + } + + $body .= '
            '; + if(!empty($_body)) + $body .= $_body; + else + $body .= '

            (No results.)

            '; + } + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Search', + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/users$/', $query)) { + if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); + + $body = ''; + + $query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error()); + while($_mod = $query->fetch()) { + $type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin'); + + $_mod['boards'] = explode(',', $_mod['boards']); + foreach($_mod['boards'] as &$_board) { + if($_board != '*') + $_board = '/' . $_board . '/'; + } + + $body .= '' . + '' . - '' . + '' . - '
            ' . _('ID') . '' . _('Username') . '' . _('Type') . '' . _('Boards') . '' . _('Last action') . '
            ' . + $_mod['id'] . '
            Message' . + utf8tohtml($_mod['username']) . + '
            ' . + '            		' . + $type . + '' . + implode(', ', $_mod['boards']) . + '' . + ($_mod['last'] ? + (hasPermission($config['mod']['modlog']) ? + '' . ago($_mod['last']) . '' + : ago($_mod['last'])) + : 'never') . + '' . + (hasPermission($config['mod']['promoteusers']) ? + ($_mod['type'] != ADMIN ? + 'â–²' + :'') . + ($_mod['type'] != JANITOR ? + 'â–¼' + :'') + : '' + ) . + (hasPermission($config['mod']['editusers']) || + (hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])? + '[edit]' + : '' ) . + (hasPermission($config['mod']['create_pm']) ? + '[PM]' + : '' ) . + '
            '; + + if(hasPermission($config['mod']['createusers'])) { + $body .= '

            ' . _('Create new user') . '

            '; + } + + $body .= ''; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Manage users'), + 'body'=>$body + ,'mod'=>true + ) + ); + } elseif(preg_match('/^\/users\/new$/', $query)) { + if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']); + + if(isset($_POST['username']) && isset($_POST['password'])) { + if(!isset($_POST['type'])) { + error(sprintf($config['error']['required'], 'type')); } - } elseif(preg_match('/^\/search$/', $query)) { - if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']); - - $body = '

            Search

            ' . - '

            ' . - '' . - '' . - '

            ' . - '

            (Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)

            ' . - '
            '; - if(isset($_POST['search']) && !empty($_POST['search'])) { - $phrase = &$_POST['search']; - $_body = ''; - - $filters = Array(); - - function search_filters($m) { - global $filters; - $name = $m[2]; - $value = isset($m[4]) ? $m[4] : $m[3]; - - if(!in_array($name, Array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) { - // unknown filter - return $m[0]; - } - - $filters[$name] = $value; - - return $m[1]; - } - - $phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase)); - - // Escape escape character - $phrase = str_replace('!', '!!', $phrase); - - // Remove SQL wildcard - $phrase = str_replace('%', '!%', $phrase); - - // Use asterisk as wildcard to suit convention - $phrase = str_replace('*', '%', $phrase); - - $like = ''; - $match = Array(); - - // Find exact phrases - if(preg_match_all('/"(.+?)"/', $phrase, $m)) { - foreach($m[1] as &$quote) { - $phrase = str_replace("\"{$quote}\"", '', $phrase); - $match[] = $pdo->quote($quote); - } - } - - $words = explode(' ', $phrase); - foreach($words as &$word) { - if(empty($word)) - continue; - $match[] = $pdo->quote($word); - } - - $like = ''; - foreach($match as &$phrase) { - if(!empty($like)) - $like .= ' AND '; - $phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); - $like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; - } - - foreach($filters as $name => $value) { - if(!empty($like)) - $like .= ' AND '; - $like .= '`' . $name . '` = '. $pdo->quote($value); - } - - $like = str_replace('%', '%%', $like); - - $boards = listBoards(); - foreach($boards as &$_b) { - openBoard($_b['uri']); - - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); - $query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $temp = ''; - while($post = $query->fetch()) { - if(!$post['thread']) { - $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); - } else { - $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); - } - $temp .= $po->build(true) . '
            '; - } - - if(!empty($temp)) - $_body .= '
            ' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on ' . - sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . - '' . $temp . '
            '; - } - - $body .= '
            '; - if(!empty($_body)) - $body .= $_body; - else - $body .= '

            (No results.)

            '; + if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) { + error(sprintf($config['error']['invalidfield'], 'type')); } - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Search', - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/users$/', $query)) { - if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); - $body = '
            '; + // Check if already exists + $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); + $query->bindValue(':username', $_POST['username']); + $query->execute() or error(db_error($query)); - $query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error()); - while($_mod = $query->fetch()) { - $type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin'); - - $_mod['boards'] = explode(',', $_mod['boards']); - foreach($_mod['boards'] as &$_board) { - if($_board != '*') - $_board = '/' . $_board . '/'; - } - - $body .= '' . - '' . - - '' . - - '' . - - '' . - - '' . - - ''; + if($_mod = $query->fetch()) { + error(sprintf($config['error']['modexists'], $_mod['id'])); } - $body .= '
            ' . _('ID') . '' . _('Username') . '' . _('Type') . '' . _('Boards') . '' . _('Last action') . '
            ' . - $_mod['id'] . - '' . - utf8tohtml($_mod['username']) . - '' . - $type . - '' . - implode(', ', $_mod['boards']) . - '' . - ($_mod['last'] ? - (hasPermission($config['mod']['modlog']) ? - '' . ago($_mod['last']) . '' - : ago($_mod['last'])) - : 'never') . - '' . - (hasPermission($config['mod']['promoteusers']) ? - ($_mod['type'] != ADMIN ? - 'â–²' - :'') . - ($_mod['type'] != JANITOR ? - 'â–¼' - :'') - : '' - ) . - (hasPermission($config['mod']['editusers']) || - (hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])? - '[edit]' - : '' ) . - (hasPermission($config['mod']['create_pm']) ? - '[PM]' - : '' ) . - '
            '; + $boards = array(); + foreach($_POST as $name => $null) { + if(preg_match('/^board_(.+)$/', $name, $m)) + $boards[] = $m[1]; + } + $boards = implode(',', $boards); + + $query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)"); + $query->bindValue(':username', $_POST['username']); + $query->bindValue(':password', sha1($_POST['password'])); + $query->bindValue(':type', $_POST['type'], PDO::PARAM_INT); + $query->bindValue(':boards', $boards); + $query->execute() or error(db_error($query)); - if(hasPermission($config['mod']['createusers'])) { - $body .= '

            ' . _('Create new user') . '

            '; + modLog('Create a new user: "' . $_POST['username'] . '"'); + header('Location: ?/users', true, $config['redirect_http']); + } else { + + $__boards = '
              '; + $boards = array_merge( + array(array('uri' => '*', 'title' => 'All') + ), listBoards()); + foreach($boards as &$_board) { + $__boards .= '
            • ' . + '' . + '' . + '
              • '; } + + $body = '
              New user' . - $body .= ''; + // Begin form + '
              ' . - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Manage users'), - 'body'=>$body - ,'mod'=>true - ) - ); - } elseif(preg_match('/^\/users\/new$/', $query)) { - if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']); + '' . - if(isset($_POST['username']) && isset($_POST['password'])) { - if(!isset($_POST['type'])) { - error(sprintf($config['error']['required'], 'type')); - } - - if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) { - error(sprintf($config['error']['invalidfield'], 'type')); - } + '' . + '' . + '' . + '' . + '
              Username
              Password
              Type' . + '
              ' . + '
              ' . + '
              ' . + '
              Boards' . $__boards . '
              ' . + + '' . + + // End form + '
              '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'New user', + 'body'=>$body + ,'mod'=>true + ) + ); + } + } elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) { + $modID = &$matches[1]; + + if(isset($matches[2])) { + if($matches[3] == 'delete') { + if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']); - // Check if already exists - $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); - $query->bindValue(':username', $_POST['username']); + $query = prepare("DELETE FROM `mods` WHERE `id` = :id"); + $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - if($_mod = $query->fetch()) { - error(sprintf($config['error']['modexists'], $_mod['id'])); - } + modLog('Deleted user #' . $modID); + } else { + // Promote/demote + if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); - $boards = Array(); - foreach($_POST as $name => $null) { - if(preg_match('/^board_(.+)$/', $name, $m)) - $boards[] = $m[1]; + if($matches[3] == 'promote') { + $query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id"); + $query->bindValue(':admin', ADMIN, PDO::PARAM_INT); + } else { + $query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id"); + $query->bindValue(':janitor', JANITOR, PDO::PARAM_INT); } - $boards = implode(',', $boards); - $query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)"); - $query->bindValue(':username', $_POST['username']); - $query->bindValue(':password', sha1($_POST['password'])); - $query->bindValue(':type', $_POST['type'], PDO::PARAM_INT); - $query->bindValue(':boards', $boards); + $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - - modLog('Create a new user: "' . $_POST['username'] . '"'); - header('Location: ?/users', true, $config['redirect_http']); - } else { + } + header('Location: ?/users', true, $config['redirect_http']); + } else { + // Edit user + if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password'])) + error($config['error']['noaccess']); - $__boards = '
                '; - $boards = array_merge( - Array(Array('uri' => '*', 'title' => 'All') - ), listBoards()); - foreach($boards as &$_board) { - $__boards .= '
              • ' . - '' . - '' . - '
                • '; - } + $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); + $query->bindValue(':id', $modID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); - $body = '
                New user' . - - // Begin form - '
                ' . - - '' . - - '' . - '' . - '' . - '' . - '
                Username
                Password
                Type' . - '
                ' . - '
                ' . - '
                ' . - '
                Boards' . $__boards . '
                ' . - - '' . - - // End form - '
                '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'New user', - 'body'=>$body - ,'mod'=>true - ) - ); - } - } elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) { - $modID = &$matches[1]; + if(!$_mod = $query->fetch()) { + error($config['error']['404']); + } - if(isset($matches[2])) { - if($matches[3] == 'delete') { - if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']); + if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true)) + error($config['error']['noaccess']); + + if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { + if(!isset($change_password_only)) { + $boards = array(); + foreach($_POST as $name => $null) { + if(preg_match('/^board_(.+)$/', $name, $m)) + $boards[] = $m[1]; + } + $boards = implode(',', $boards); - $query = prepare("DELETE FROM `mods` WHERE `id` = :id"); + $query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id"); + $query->bindValue(':username', $_POST['username'], PDO::PARAM_STR); + $query->bindValue(':boards', $boards, PDO::PARAM_STR); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - - modLog('Deleted user #' . $modID); + modLog('Edited login details for user "' . $_mod['username'] . '"'); } else { - // Promote/demote - if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); - - if($matches[3] == 'promote') { - $query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id"); - $query->bindValue(':admin', ADMIN, PDO::PARAM_INT); - } else { - $query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id"); - $query->bindValue(':janitor', JANITOR, PDO::PARAM_INT); - } - + modLog('Changed own password'); + } + if(!empty($_POST['password'])) { + $query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id"); + $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } - header('Location: ?/users', true, $config['redirect_http']); - } else { - // Edit user - if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password'])) - error($config['error']['noaccess']); + // Refresh $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1414,262 +1452,269 @@ error($config['error']['404']); } - if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true)) - error($config['error']['noaccess']); - - if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) { - if(!isset($change_password_only)) { - $boards = Array(); - foreach($_POST as $name => $null) { - if(preg_match('/^board_(.+)$/', $name, $m)) - $boards[] = $m[1]; - } - $boards = implode(',', $boards); - - $query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id"); - $query->bindValue(':username', $_POST['username'], PDO::PARAM_STR); - $query->bindValue(':boards', $boards, PDO::PARAM_STR); - $query->bindValue(':id', $modID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - modLog('Edited login details for user "' . $_mod['username'] . '"'); - } else { - modLog('Changed own password'); - } - if(!empty($_POST['password'])) { - $query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id"); - $query->bindValue(':password', sha1($_POST['password'])); - $query->bindValue(':id', $modID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - } - - // Refresh - $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); - $query->bindValue(':id', $modID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if(!$_mod = $query->fetch()) { - error($config['error']['404']); - } + if($_mod['id'] == $mod['id']) { + // Changed own password. Update cookies - if($_mod['id'] == $mod['id']) { - // Changed own password. Update cookies - - if(!login($_mod['username'], $_mod['password'], false, true)) - error(_('Could not re-login after changing password. (?)')); - - setCookies(); - } + if(!login($_mod['username'], $_mod['password'], false, true)) + error(_('Could not re-login after changing password. (?)')); - if(hasPermission($config['mod']['manageusers'])) - header('Location: ?/users', true, $config['redirect_http']); - else - header('Location: ?/', true, $config['redirect_http']); - exit; - } - - $__boards = '
                  '; - $boards = array_merge( - Array(Array('uri' => '*', 'title' => 'All') - ), listBoards()); - - $_mod['boards'] = explode(',', $_mod['boards']); - foreach($boards as &$_board) { - $__boards .= '
                • ' . - ' ' . - '' . - '
                  • '; + setCookies(); } - $__boards .= '
                '; - - $body = '
                Edit user' . - - // Begin form - '
                ' . - - '' . - '' . - '' . - - (isset($change_password_only) ? '' : - '' - ) . - - '
                Username' . - - (isset($change_password_only) ? - utf8tohtml($_mod['username']) - : '') . - - '
                Password (new; optional)
                Boards' . $__boards . '
                ' . - - '' . - - // End form - '
                ' . - - // Delete button - (hasPermission($config['mod']['deleteusers']) ? - '

                Delete user

                ' - :'') . - - '
                '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Edit user', - 'body'=>$body - ,'mod'=>true - ) - ); + if(hasPermission($config['mod']['manageusers'])) + header('Location: ?/users', true, $config['redirect_http']); + else + header('Location: ?/', true, $config['redirect_http']); + exit; } - } elseif(preg_match('/^\/reports$/', $query)) { - if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); - $body = ''; - $reports = 0; + $__boards = '
                  '; + $boards = array_merge( + array(array('uri' => '*', 'title' => 'All') + ), listBoards()); - $query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit"); - $query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + $_mod['boards'] = explode(',', $_mod['boards']); + foreach($boards as &$_board) { + $__boards .= '
                • ' . + ' ' . + '' . + '
                  • '; + } + $__boards .= '
                '; + + $body = '
                Edit user' . + + // Begin form + '
                ' . + + '' . + + '' . + '' . + + (isset($change_password_only) ? '' : + '' + ) . + + '
                Username' . - while($report = $query->fetch()) { - $p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri'])); + (isset($change_password_only) ? + utf8tohtml($_mod['username']) + : '') . + + '
                Password (new; optional)
                Boards' . $__boards . '
                ' . + + '' . + + // End form + '
                ' . + + // Delete button + (hasPermission($config['mod']['deleteusers']) ? + '

                Delete user

                ' + :'') . + + '
                '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Edit user', + 'body'=>$body + ,'mod'=>true + ) + ); + } + } elseif(preg_match('/^\/reports$/', $query)) { + if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); + + $body = ''; + $reports = 0; + + $query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit"); + $query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + while($report = $query->fetch()) { + $p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri'])); + $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); + $p_query->execute() or error(db_error($query)); + + if(!$post = $p_query->fetch()) { + // Invalid report (post has since been deleted) + $p_query = prepare("DELETE FROM `reports` WHERE `post` = :id"); $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); $p_query->execute() or error(db_error($query)); - - if(!$post = $p_query->fetch()) { - // Invalid report (post has since been deleted) - $p_query = prepare("DELETE FROM `reports` WHERE `post` = :id"); - $p_query->bindValue(':id', $report['post'], PDO::PARAM_INT); - $p_query->execute() or error(db_error($query)); - continue; - } - - $reports++; - openBoard($report['uri']); - - if(!$post['thread']) { - $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); - } else { - $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); - } - - $append_html = - '
                ' . - '
                ' . - 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
                ' . - 'Reason: ' . $report['reason'] . '
                ' . - 'Report date: ' . strftime($config['post_date'], $report['time']) . '
                ' . - (hasPermission($config['mod']['show_ip']) ? - 'Reported by: ' . $report['ip'] . '
                ' - : '') . - '
                ' . - (hasPermission($config['mod']['report_dismiss']) ? - 'Dismiss | ' : '') . - (hasPermission($config['mod']['report_dismiss_ip']) ? - 'Dismiss+' : '') . - '
                '; - - // Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21 - $po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '
                ')); - - if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) { - // still too long. temporarily increase limit in the config - $__old_body_truncate_char = $config['body_truncate_char']; - $config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html); - } - - $po->body .= $append_html; - - $body .= $po->build(true) . '
                '; - - if(isset($__old_body_truncate_char)) - $config['body_truncate_char'] = $__old_body_truncate_char; + continue; } - $query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error()); - $count = $query->fetch(); + $reports++; + openBoard($report['uri']); + + if(!$post['thread']) { + $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); + } else { + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); + } - $body .= '

                Showing ' . - ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.

                '; + $append_html = + '
                ' . + '
                ' . + 'Board: ' . sprintf($config['board_abbreviation'], $report['uri']) . '
                ' . + 'Reason: ' . $report['reason'] . '
                ' . + 'Report date: ' . strftime($config['post_date'], $report['time']) . '
                ' . + (hasPermission($config['mod']['show_ip']) ? + 'Reported by: ' . $report['ip'] . '
                ' + : '') . + '
                ' . + (hasPermission($config['mod']['report_dismiss']) ? + 'Dismiss | ' : '') . + (hasPermission($config['mod']['report_dismiss_ip']) ? + 'Dismiss+' : '') . + '
                '; - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Report queue') . ' (' . $count['count'] . ')', - 'body'=>$body, - 'mod'=>true - )); - } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { - if(isset($matches[2]) && $matches[2] == '/all') { - if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']); - - $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); - $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + // Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21 + $po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '
                ')); + + if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) { + // still too long. temporarily increase limit in the config + $__old_body_truncate_char = $config['body_truncate_char']; + $config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html); + } + + $po->body .= $append_html; + + $body .= $po->build(true) . '
                '; + + if(isset($__old_body_truncate_char)) + $config['body_truncate_char'] = $__old_body_truncate_char; + } + + $query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error()); + $count = $query->fetch(); + + $body .= '

                Showing ' . + ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.

                '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Report queue') . ' (' . $count['count'] . ')', + 'body'=>$body, + 'mod'=>true + )); + } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { + if(isset($matches[2]) && $matches[2] == '/all') { + if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']); + + $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); + $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($report = $query->fetch()) { + $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); + $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - if($report = $query->fetch()) { - $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); - $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - modLog('Dismissed all reports by ' . $report['ip']); - } - } else { - if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']); + modLog('Dismissed all reports by ' . $report['ip']); + } + } else { + if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']); + + $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); + $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($report = $query->fetch()) { + modLog('Dismissed a report for post #' . $report['post'], $report['board']); - $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); - $query->bindValue(':id', $matches[1], PDO::PARAM_INT); + $query = prepare("DELETE FROM `reports` WHERE `post` = :post AND `board` = :board"); + $query->bindValue(':board', $report['board'], PDO::PARAM_INT); + $query->bindValue(':post', $report['post'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - - if($report = $query->fetch()) { - modLog('Dismissed a report for post #' . $report['post'], $report['board']); - - $query = prepare("DELETE FROM `reports` WHERE `post` = :post AND `board` = :board"); - $query->bindValue(':board', $report['board'], PDO::PARAM_INT); - $query->bindValue(':post', $report['post'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + } + } + + // Redirect + header('Location: ?/reports', true, $config['redirect_http']); + } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { + if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']); + + if(!openBoard($matches[1])) + error($config['error']['noboard']); + + if(isset($matches[2]) && $matches[2] == '/delete') { + if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']); + // Delete board + + modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); + + // Delete entire board directory + rrmdir($board['uri'] . '/'); + + // Delete posting table + $query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error()); + + // Clear reports + $query = prepare("DELETE FROM `reports` WHERE `board` = :id"); + $query->bindValue(':id', $board['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + // Delete from table + $query = prepare("DELETE FROM `boards` WHERE `id` = :id"); + $query->bindValue(':id', $board['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($config['cache']['enabled']) { + cache::delete('board_' . $board['uri']); + cache::delete('all_boards'); + } + + $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board"); + $query->bindValue(':board', $board['uri']); + $query->execute() or error(db_error($query)); + while($cite = $query->fetch()) { + if($board['uri'] != $cite['board']) { + if(!isset($tmp_board)) + $tmp_board = $board; + openBoard($cite['board']); + rebuildPost($cite['post']); } } - // Redirect - header('Location: ?/reports', true, $config['redirect_http']); - } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { - if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']); + if(isset($tmp_board)) + $board = $tmp_board; - if(!openBoard($matches[1])) - error($config['error']['noboard']); + $query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board"); + $query->bindValue(':board', $board['uri']); + $query->execute() or error(db_error($query)); - if(isset($matches[2]) && $matches[2] == '/delete') { - if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']); - // Delete board - - modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); - - // Delete entire board directory - rrmdir($board['uri'] . '/'); - - // Delete posting table - $query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error()); + $_board = $board; + + rebuildThemes('boards'); + + $board = $_board; + + header('Location: ?/', true, $config['redirect_http']); + } else { + if(isset($_POST['title']) && isset($_POST['subtitle'])) { + $query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id"); + $query->bindValue(':title', utf8tohtml($_POST['title'], true)); - // Clear reports - $query = prepare("DELETE FROM `reports` WHERE `board` = :id"); - $query->bindValue(':id', $board['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + if(!empty($_POST['subtitle'])) + $query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true)); + else + $query->bindValue(':subtitle', null, PDO::PARAM_NULL); - // Delete from table - $query = prepare("DELETE FROM `boards` WHERE `id` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1678,1452 +1723,1407 @@ cache::delete('all_boards'); } - $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board"); - $query->bindValue(':board', $board['uri']); - $query->execute() or error(db_error($query)); - while($cite = $query->fetch()) { - if($board['uri'] != $cite['board']) { - if(!isset($tmp_board)) - $tmp_board = $board; - openBoard($cite['board']); - rebuildPost($cite['post']); - } - } - - if(isset($tmp_board)) - $board = $tmp_board; - - $query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board"); - $query->bindValue(':board', $board['uri']); - $query->execute() or error(db_error($query)); - $_board = $board; rebuildThemes('boards'); $board = $_board; - header('Location: ?/', true, $config['redirect_http']); - } else { - if(isset($_POST['title']) && isset($_POST['subtitle'])) { - $query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id"); - $query->bindValue(':title', utf8tohtml($_POST['title'], true)); - - if(!empty($_POST['subtitle'])) - $query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true)); - else - $query->bindValue(':subtitle', null, PDO::PARAM_NULL); - - $query->bindValue(':id', $board['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - if($config['cache']['enabled']) { - cache::delete('board_' . $board['uri']); - cache::delete('all_boards'); - } - - $_board = $board; - - rebuildThemes('boards'); - - $board = $_board; - - openBoard($board['uri']); + openBoard($board['uri']); + } + + $body = + '
                ' . + sprintf($config['board_abbreviation'], $board['uri']) . '' . + ' - ' . $board['name'] . '' . + + // Begin form + '
                ' . + + '' . + + '' . + '' . + '' . + + '
                URI' . $board['uri'] . '
                Title
                Subtitle
                ' . + + '' . + + // End form + '
                ' . + + // Delete button + (hasPermission($config['mod']['deleteboard']) ? + '

                Delete board

                ' + :'') . + + '
                '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']), + 'body'=>$body, + 'mod'=>true + )); + } + } elseif(preg_match('/^\/bans$/', $query)) { + if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); + + if(isset($_POST['unban'])) { + if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); + + foreach($_POST as $post => $value) { + if(preg_match('/^ban_(\d+)$/', $post, $m)) { + removeBan($m[1]); } + } + } + if(hasPermission($config['mod']['view_banexpired'])) { + $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } else { + // Filter out expired bans + $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + + if($query->rowCount() < 1) { + $body = '

                (There are no active bans.)

                '; + } else { + $body = '
                '; + $body .= ''; + + while($ban = $query->fetch()) { + $body .= + '' . - $body = - '
                ' . - sprintf($config['board_abbreviation'], $board['uri']) . '' . - ' - ' . $board['name'] . '' . - - // Begin form - '' . - - '
                ' . _('IP address') . '' . _('Reason') . '' . _('Board') . '' . _('Set') . '' . _('Expires') . '' . _('Staff') . '
                ' . - - '' . - '' . - '' . + '
                URI' . $board['uri'] . '
                Title
                Subtitle
                ' . - '
                ' . + // Checkbox + ' ' . - '' . + // IP address + (preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? + ''. $ban['ip'] . '' + : utf8tohtml($ban['ip'])) . - // End form - '
                ' . + '' . - // Delete button - (hasPermission($config['mod']['deleteboard']) ? - '

                Delete board

                ' - :'') . + // Reason + '' . ($ban['reason'] ? $ban['reason'] : '-') . '' . - ''; - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']), - 'body'=>$body, - 'mod'=>true - )); - } - } elseif(preg_match('/^\/bans$/', $query)) { - if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); - - if(isset($_POST['unban'])) { - if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); + '' . + (isset($ban['uri']) ? + sprintf($config['board_abbreviation'], $ban['uri']) + : + '' . _('all boards') . '' + ) . '' . - foreach($_POST as $post => $value) { - if(preg_match('/^ban_(\d+)$/', $post, $m)) { - removeBan($m[1]); - } - } - } - if(hasPermission($config['mod']['view_banexpired'])) { - $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - } else { - // Filter out expired bans - $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - } - - if($query->rowCount() < 1) { - $body = '

                (There are no active bans.)

                '; - } else { - $body = '
                '; - $body .= ''; + // Set + '' . - while($ban = $query->fetch()) { - $body .= - '' . - - '' . - - // Reason - '' . - - - '' . - - // Set - '' . - - // Expires - '' . - - // Staff - '' . + + // Staff + '' . - - ''; - } - - $body .= '
                ' . _('IP address') . '' . _('Reason') . '' . _('Board') . '' . _('Set') . '' . _('Expires') . '' . _('Staff') . '
                ' . strftime($config['post_date'], $ban['set']) . '' . - - // Checkbox - ' ' . - - // IP address - (preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ? - ''. $ban['ip'] . '' - : utf8tohtml($ban['ip'])) . - - '' . ($ban['reason'] ? $ban['reason'] : '-') . '' . - (isset($ban['uri']) ? - sprintf($config['board_abbreviation'], $ban['uri']) + // Expires + '' . + ($ban['expires'] == 0 ? + 'Never' : - '' . _('all boards') . '' - ) . '' . strftime($config['post_date'], $ban['set']) . '' . - ($ban['expires'] == 0 ? - 'Never' - : - strftime($config['post_date'], $ban['expires']) - ) . - '' . - (isset($ban['username']) ? - (!hasPermission($config['mod']['view_banstaff']) ? - ($config['mod']['view_banquestionmark'] ? - '?' - : - ($ban['type'] == JANITOR ? 'Janitor' : - ($ban['type'] == MOD ? 'Mod' : - ($ban['type'] == ADMIN ? 'Admin' : - '?'))) - ) + strftime($config['post_date'], $ban['expires']) + ) . + '' . + (isset($ban['username']) ? + (!hasPermission($config['mod']['view_banstaff']) ? + ($config['mod']['view_banquestionmark'] ? + '?' : - utf8tohtml($ban['username']) + ($ban['type'] == JANITOR ? 'Janitor' : + ($ban['type'] == MOD ? 'Mod' : + ($ban['type'] == ADMIN ? 'Admin' : + '?'))) ) : - 'deleted?' - ) . - '
                ' . - - (hasPermission($config['mod']['unban']) ? - '

                ' - : '') . + utf8tohtml($ban['username']) + ) + : + 'deleted?' + ) . + '' . - '
                '; - } - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Ban list'), - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/flush$/', $query)) { - if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); - if(!$config['cache']['enabled']) error(_('Cache is not enabled.')); - - if(cache::flush()) { - $body = 'Successfully invalidated all items in cache.'; - modLog('Cleared cache'); - } else { - $body = 'An error occured while trying to flush cache.'; + ''; } - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Flushed', - 'body'=>'

                ' . $body . '

                ', - 'mod'=>true - )); - } elseif(preg_match('/^\/rebuild$/', $query)) { - if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); - - set_time_limit($config['mod']['rebuild_timelimit']); + $body .= '' . - $body = '

                Rebuilding…

                '; + (hasPermission($config['mod']['unban']) ? + '

                ' + : '') . - $body .= 'Clearing template cache…
                '; - $twig = new Twig_Environment($loader, Array( - 'cache' => "{$config['dir']['template']}/cache" - )); - $twig->clearCacheFiles(); + ''; + } + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Ban list'), + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/flush$/', $query)) { + if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); + if(!$config['cache']['enabled']) error(_('Cache is not enabled.')); + + if(cache::flush()) { + $body = 'Successfully invalidated all items in cache.'; + modLog('Cleared cache'); + } else { + $body = 'An error occured while trying to flush cache.'; + } + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Flushed', + 'body'=>'

                ' . $body . '

                ', + 'mod'=>true + )); + } elseif(preg_match('/^\/rebuild$/', $query)) { + if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); + + set_time_limit($config['mod']['rebuild_timelimit']); - $body .= 'Regenerating theme files…
                '; - rebuildThemes('all'); + $body = '

                Rebuilding…

                '; + + $body .= 'Clearing template cache…
                '; + $twig = new Twig_Environment($loader, array( + 'cache' => "{$config['dir']['template']}/cache" + )); + $twig->clearCacheFiles(); + + $body .= 'Regenerating theme files…
                '; + rebuildThemes('all'); + + $body .= 'Generating Javascript file…
                '; + buildJavascript(); + + $main_js = $config['file_script']; + + $boards = listBoards(); + + foreach($boards as &$board) { + $body .= "Opening board /{$board['uri']}/
                "; + openBoard($board['uri']); - $body .= 'Generating Javascript file…
                '; - buildJavascript(); + $body .= 'Creating index pages
                '; + buildIndex(); - $main_js = $config['file_script']; + if($config['file_script'] != $main_js) { + // different javascript file + $body .= 'Generating Javascript file…
                '; + buildJavascript(); + } - $boards = listBoards(); + $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); + while($post = $query->fetch()) { + $body .= "Rebuilding #{$post['id']}
                "; + buildThread($post['id']); + } + } + $body .= 'Complete!

                '; + + unset($board); + modLog('Rebuilt everything'); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'Rebuilt', + 'body'=>$body, + 'mod'=>true + )); + } elseif(preg_match('/^\/config\/edit$/', $query)) { + if(!hasPermission($config['mod']['edit_config'])) + error($config['error']['noaccess']); + + // TODO: display "unset variables" + // $config_file = file_get_contents('inc/config.php'); + // preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches); + // $config_variables = array_unique($matches[1]); + + $body = '
                ' . _('Configuration') . '
                '; + + $var_force_string = array('blotter'); + $var_system = array('version'); + + if(isset($_POST['save_changes'])) { + $config_append = ''; - foreach($boards as &$board) { - $body .= "Opening board /{$board['uri']}/
                "; - openBoard($board['uri']); + foreach($config as $name => $original_value) { + if(in_array($name, $var_system)) + continue; + $type = gettype($original_value); + if($type == 'array' || $type == 'NULL') + continue; - $body .= 'Creating index pages
                '; - buildIndex(); + if($type == 'boolean' && in_array($name, $var_force_string)) + $type = 'string'; - if($config['file_script'] != $main_js) { - // different javascript file - $body .= 'Generating Javascript file…
                '; - buildJavascript(); - } + if(!isset($_POST[$name]) && $type != 'boolean') + continue; - $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); - while($post = $query->fetch()) { - $body .= "Rebuilding #{$post['id']}
                "; - buildThread($post['id']); - } - } - $body .= 'Complete!

                '; - - unset($board); - modLog('Rebuilt everything'); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Rebuilt', - 'body'=>$body, - 'mod'=>true - )); - } elseif(preg_match('/^\/config\/edit$/', $query)) { - if(!hasPermission($config['mod']['edit_config'])) - error($config['error']['noaccess']); - - // TODO: display "unset variables" - // $config_file = file_get_contents('inc/config.php'); - // preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches); - // $config_variables = array_unique($matches[1]); - - $body = '
                ' . _('Configuration') . '
                '; - - $var_force_string = Array('blotter'); - $var_system = Array('version'); - - if(isset($_POST['save_changes'])) { - $config_append = ''; + if($type == 'boolean') + $value = isset($_POST[$name]); + else + $value = $_POST[$name]; - foreach($config as $name => $original_value) { - if(in_array($name, $var_system)) - continue; - $type = gettype($original_value); - if($type == 'array' || $type == 'NULL') - continue; - - if($type == 'boolean' && in_array($name, $var_force_string)) - $type = 'string'; - - if(!isset($_POST[$name]) && $type != 'boolean') - continue; - + if($value != $original_value) { + // value has been changed + $config_append .= "\$config['" . addslashes($name) . "'] = "; if($type == 'boolean') - $value = isset($_POST[$name]); - else - $value = $_POST[$name]; - - if($value != $original_value) { - // value has been changed - $config_append .= "\$config['" . addslashes($name) . "'] = "; - if($type == 'boolean') - $config_append .= $value ? 'true' : 'false'; - elseif($type == 'integer') - $config_append .= (int)$value; - elseif($type == 'string') - $config_append .= '\'' . addslashes($value) . '\''; - $config_append .= ";\n"; - } - } - - if(!empty($config_append)) { - $config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n"; - if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) { - header('Location: ?/config' . $b['uri'], true, $config['redirect_http']); - exit; - } else { - $config_append = htmlentities($config_append); - - if($config['minify_html']) - $config_append = str_replace("\n", ' ', $config_append); - $page = Array(); - $page['title'] = 'Cannot write to file!'; - $page['config'] = $config; - $page['body'] = ' -

                Tinyboard could not write to inc/instance-config.php with the ammended configuration, probably due to a permissions error.

                -

                You may proceed with these changes manually by copying and pasting the following code to the bottom of inc/instance-config.php:

                - - '; - echo Element('page.html', $page); - exit; - } + $config_append .= $value ? 'true' : 'false'; + elseif($type == 'integer') + $config_append .= (int)$value; + elseif($type == 'string') + $config_append .= '\'' . addslashes($value) . '\''; + $config_append .= ";\n"; } } - foreach($config as $name => $value) { - $body .= ''; - - $body .= ''; - $type = gettype($value); - if($type == 'array') { - $body .= ''; + if(!empty($config_append)) { + $config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n"; + if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) { + header('Location: ?/config' . $b['uri'], true, $config['redirect_http']); + exit; } else { - if($type == 'string' || $type == 'integer') { - $body .= ''; - } elseif($type == 'boolean') { - if(in_array($name, $var_force_string)) - $body .= ''; - else - $body .= ''; - } else { - $body .= ''; - } + $config_append = htmlentities($config_append); + + if($config['minify_html']) + $config_append = str_replace("\n", ' ', $config_append); + $page = array(); + $page['title'] = 'Cannot write to file!'; + $page['config'] = $config; + $page['body'] = ' +

                Tinyboard could not write to inc/instance-config.php with the ammended configuration, probably due to a permissions error.

                +

                You may proceed with these changes manually by copying and pasting the following code to the bottom of inc/instance-config.php:

                + + '; + echo Element('page.html', $page); + exit; } - - $body .= ''; } + } + + foreach($config as $name => $value) { + $body .= ''; - $body .= '
                ' . utf8tohtml($name) . '[edit]' . '' . utf8tohtml($value) . '
                '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Configuration'), - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/config$/', $query)) { - if(!hasPermission($config['mod']['show_config'])) - error($config['error']['noaccess']); - - // Show instance-config.php + $body .= '' . utf8tohtml($name) . ''; + $type = gettype($value); + if($type == 'array') { + $body .= '[edit]' . ''; + } else { + if($type == 'string' || $type == 'integer') { + $body .= ''; + } elseif($type == 'boolean') { + if(in_array($name, $var_force_string)) + $body .= ''; + else + $body .= ''; + } else { + $body .= '' . utf8tohtml($value) . ''; + } + } - $data = ''; + $body .= ''; + } + + $body .= '
                '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Configuration'), + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/config$/', $query)) { + if(!hasPermission($config['mod']['show_config'])) + error($config['error']['noaccess']); + + // Show instance-config.php + + $data = ''; + + function do_array_part($array, $prefix = '') { + global $data, $config; - function do_array_part($array, $prefix = '') { - global $data, $config; - - foreach($array as $name => $value) { - if(is_array($value)) { - do_array_part($value, $prefix . $name . ' → '); - } else { - if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') { - $value = 'hidden'; - } elseif(gettype($value) == 'boolean') { - $value = $value ? 'On' : 'Off'; - } elseif(gettype($value) == 'string') { - if(empty($value)) - $value = 'empty'; - else - $value = '' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '…' : '')) . ''; - } elseif(gettype($value) == 'integer') { - $value = '' . $value . ''; - } elseif(is_object($value) && get_class($value) == 'Closure') { - $value = '[callback]'; - } - - $data .= - '' . - $prefix . (gettype($name) == 'integer' ? '[]' : utf8tohtml($name)) . - '' . - $value . - ''; - } + foreach($array as $name => $value) { + if(is_array($value)) { + do_array_part($value, $prefix . $name . ' → '); + } else { + if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') { + $value = 'hidden'; + } elseif(gettype($value) == 'boolean') { + $value = $value ? 'On' : 'Off'; + } elseif(gettype($value) == 'string') { + if(empty($value)) + $value = 'empty'; + else + $value = '' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '…' : '')) . ''; + } elseif(gettype($value) == 'integer') { + $value = '' . $value . ''; + } elseif(is_object($value) && get_class($value) == 'Closure') { + $value = '[callback]'; + } + + $data .= + '' . + $prefix . (gettype($name) == 'integer' ? '[]' : utf8tohtml($name)) . + '' . + $value . + ''; } } + } + + do_array_part($config); + + + $body = (hasPermission($config['mod']['edit_config']) ? + '

                ' . + '[Edit using web editor]' : '') . + '

                ' . _('Configuration') . '' . $data . '
                '; + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>_('Configuration'), + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/new$/', $query)) { + if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); + + // New board + $body = ''; + + if(isset($_POST['new_board'])) { + // Create new board + if( !isset($_POST['uri']) || + !isset($_POST['title']) || + !isset($_POST['subtitle']) + ) error($config['error']['missedafield']); + + $b = array( + 'uri' => $_POST['uri'], + 'title' => $_POST['title'], + 'subtitle' => $_POST['subtitle'] + ); - do_array_part($config); - + // HTML characters + $b['title'] = utf8tohtml($b['title'], true); + $b['subtitle'] = utf8tohtml($b['subtitle'], true); - $body = (hasPermission($config['mod']['edit_config']) ? - '

                ' . - '[Edit using web editor]' : '') . - '

                ' . _('Configuration') . '' . $data . '
                '; + // Check required fields + if(empty($b['uri'])) + error(sprintf($config['error']['required'], 'URI')); + if(empty($b['title'])) + error(sprintf($config['error']['required'], 'title')); - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>_('Configuration'), - 'body'=>$body, - 'mod'=>true - ) - ); - } elseif(preg_match('/^\/new$/', $query)) { - if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); + if(!preg_match('/^\w+$/', $b['uri'])) + error(sprintf($config['error']['invalidfield'], 'URI')); - // New board - $body = ''; + if(openBoard($b['uri'])) { + unset($board); + error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); + } - if(isset($_POST['new_board'])) { - // Create new board - if( !isset($_POST['uri']) || - !isset($_POST['title']) || - !isset($_POST['subtitle']) - ) error($config['error']['missedafield']); - - $b = Array( - 'uri' => $_POST['uri'], - 'title' => $_POST['title'], - 'subtitle' => $_POST['subtitle'] - ); - - // HTML characters - $b['title'] = utf8tohtml($b['title'], true); - $b['subtitle'] = utf8tohtml($b['subtitle'], true); - - // Check required fields - if(empty($b['uri'])) - error(sprintf($config['error']['required'], 'URI')); - if(empty($b['title'])) - error(sprintf($config['error']['required'], 'title')); - - if(!preg_match('/^\w+$/', $b['uri'])) - error(sprintf($config['error']['invalidfield'], 'URI')); - - if(openBoard($b['uri'])) { - unset($board); - error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); - } - - $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); - $query->bindValue(':uri', $b['uri']); - $query->bindValue(':title', $b['title']); - if(!empty($b['subtitle'])) { - $query->bindValue(':subtitle', $b['subtitle']); - } else { - $query->bindValue(':subtitle', null, PDO::PARAM_NULL); - } - $query->execute() or error(db_error($query)); - - // Record the action - modLog("Created a new board: {$b['title']}"); - - // Open the board - openBoard($b['uri']) or error(_("Couldn't open board after creation.")); - - // Create the posts table - query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error()); - - if($config['cache']['enabled']) - cache::delete('all_boards'); - - // Build the board - buildIndex(); - - rebuildThemes('boards'); - - header('Location: ?/board/' . $b['uri'], true, $config['redirect_http']); + $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); + $query->bindValue(':uri', $b['uri']); + $query->bindValue(':title', $b['title']); + if(!empty($b['subtitle'])) { + $query->bindValue(':subtitle', $b['subtitle']); } else { - - $body .= form_newBoard(); - - // TODO: Statistics, etc, in the dashboard. - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'New board', - 'body'=>$body, - 'mod'=>true - ) - ); + $query->bindValue(':subtitle', null, PDO::PARAM_NULL); } - } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { - // Board index - - $boardName = &$matches[1]; + $query->execute() or error(db_error($query)); - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); + // Record the action + modLog("Created a new board: {$b['title']}"); - $page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2]; + // Open the board + openBoard($b['uri']) or error(_("Couldn't open board after creation.")); - if(!$page = index($page_no, $mod)) { - error($config['error']['404']); - } + // Create the posts table + query(Element('posts.sql', array('board' => $board['uri']))) or error(db_error()); - $page['pages'] = getPages(true); - $page['pages'][$page_no-1]['selected'] = true; - $page['btn'] = getPageButtons($page['pages'], true); - $page['mod'] = true; + if($config['cache']['enabled']) + cache::delete('all_boards'); - echo Element('index.html', $page); - } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { - // View thread + // Build the board + buildIndex(); - $boardName = &$matches[1]; - $thread = &$matches[2]; - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); + rebuildThemes('boards'); - $page = buildThread($thread, true, $mod); + header('Location: ?/board/' . $b['uri'], true, $config['redirect_http']); + } else { - echo $page; - } elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) { - // Edit post body + $body .= form_newBoard(); - $boardName = &$matches[1]; + // TODO: Statistics, etc, in the dashboard. - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'New board', + 'body'=>$body, + 'mod'=>true + ) + ); + } + } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { + // Board index + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + $page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2]; + + if(!$page = index($page_no, $mod)) { + error($config['error']['404']); + } + + $page['pages'] = getPages(true); + $page['pages'][$page_no-1]['selected'] = true; + $page['btn'] = getPageButtons($page['pages'], true); + $page['mod'] = true; + + echo Element('index.html', $page); + } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { + // View thread + + $boardName = &$matches[1]; + $thread = &$matches[2]; + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + $page = buildThread($thread, true, $mod); + + echo $page; + } elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) { + // Edit post body + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']); + + $postID = &$matches[2]; + + $query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $postID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + $post = $query->fetch() or error($config['error']['invalidpost']); + + if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) { + if(mb_strlen($_POST['subject']) > 100) + error(sprintf($config['error']['toolong'], 'subject')); - if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']); + $body = $_POST['body']; + $body_nomarkup = $body; - $postID = &$matches[2]; + wordfilters($body); + $tracked_cites = markup($body, true); - $query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post"); + $query->bindValue(':board', $board['uri']); + $query->bindValue(':post', $postID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); + $query->bindValue(':body', $body); + $query->bindValue(':body_nomarkup', $body_nomarkup); + $query->bindValue(':subject', utf8tohtml($_POST['subject'])); $query->execute() or error(db_error($query)); - $post = $query->fetch() or error($config['error']['invalidpost']); - - if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) { - if(mb_strlen($_POST['subject']) > 100) - error(sprintf($config['error']['toolong'], 'subject')); - - $body = $_POST['body']; - $body_nomarkup = $body; - - wordfilters($body); - $tracked_cites = markup($body, true); - - $query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post"); - $query->bindValue(':board', $board['uri']); - $query->bindValue(':post', $postID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $postID, PDO::PARAM_INT); - $query->bindValue(':body', $body); - $query->bindValue(':body_nomarkup', $body_nomarkup); - $query->bindValue(':subject', utf8tohtml($_POST['subject'])); - $query->execute() or error(db_error($query)); - - if(isset($tracked_cites)) { - foreach($tracked_cites as $cite) { - $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); - $query->bindValue(':board', $board['uri']); - $query->bindValue(':post', $postID, PDO::PARAM_INT); - $query->bindValue(':target_board',$cite[0]); - $query->bindValue(':target', $cite[1], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - } + if(isset($tracked_cites)) { + foreach($tracked_cites as $cite) { + $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); + $query->bindValue(':board', $board['uri']); + $query->bindValue(':post', $postID, PDO::PARAM_INT); + $query->bindValue(':target_board',$cite[0]); + $query->bindValue(':target', $cite[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); } - - // Record the action - modLog("Edited post #{$postID}"); - - buildThread($post['thread'] ? $post['thread'] : $postID); - - // Rebuild board - buildIndex(); - - // Redirect - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - exit; } - - $post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']); - - if($config['minify_html']) - $post['body_nomarkup'] = str_replace("\n", ' ', $post['body_nomarkup']); - - $body = '
                ' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '
                Name' . utf8tohtml($post['name']) . '
                Subject' . - '' . - '' . - '
                Body' . - '' . - '
                ' . - '
                '; - - echo Element('page.html', Array( - 'config' => $config, - 'body' => $body, - 'title' => 'Edit Post #' . $postID - )); - } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { - // Delete file from post - - $boardName = &$matches[1]; - - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']); - - $post = &$matches[2]; - - // Delete post - deleteFile($post); - + // Record the action - modLog("Removed file from post #{$post}"); + modLog("Edited post #{$postID}"); + + buildThread($post['thread'] ? $post['thread'] : $postID); // Rebuild board buildIndex(); - + // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { - // Delete post - - $boardName = &$matches[1]; - - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); - - $post = &$matches[2]; - - // Delete post - deletePost($post); - + exit; + } + + $post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']); + + if($config['minify_html']) + $post['body_nomarkup'] = str_replace("\n", ' ', $post['body_nomarkup']); + + $body = '
                ' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
                Name' . utf8tohtml($post['name']) . '
                Subject' . + '' . + '' . + '
                Body' . + '' . + '
                ' . + '
                '; + + echo Element('page.html', array( + 'config' => $config, + 'body' => $body, + 'title' => 'Edit Post #' . $postID + )); + } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { + // Delete file from post + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']); + + $post = &$matches[2]; + + // Delete post + deleteFile($post); + + // Record the action + modLog("Removed file from post #{$post}"); + + // Rebuild board + buildIndex(); + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { + // Delete post + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); + + $post = &$matches[2]; + + // Delete post + deletePost($post); + + // Record the action + modLog("Deleted post #{$post}"); + + // Rebuild board + buildIndex(); + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { + // Add/remove sticky + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']); + + $post = &$matches[3]; + + $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + + if($matches[2] == 'un') { + // Record the action + modLog("Unstickied post #{$post}"); + $query->bindValue(':sticky', 0, PDO::PARAM_INT); + } else { // Record the action - modLog("Deleted post #{$post}"); + modLog("Stickied post #{$post}"); + $query->bindValue(':sticky', 1, PDO::PARAM_INT); + } + + $query->execute() or error(db_error($query)); + + buildIndex(); + buildThread($post); + + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { + // Lock/Unlock + + $boardName = &$matches[1]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']); + + $post = &$matches[3]; + + $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + + if($matches[2] == 'un') { + // Record the action + modLog("Unlocked post #{$post}"); + $query->bindValue(':locked', 0, PDO::PARAM_INT); + } else { + // Record the action + modLog("Locked post #{$post}"); + $query->bindValue(':locked', 1, PDO::PARAM_INT); + } + + $query->execute() or error(db_error($query)); + + buildIndex(); + buildThread($post); + + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) { + // Lock/Unlock + + $boardName = &$matches[1]; + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']); + + $post = &$matches[3]; + + $query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + + if($matches[2] == 'un') { + // Record the action + modLog("Unbumplocked post #{$post}"); + $query->bindValue(':bumplocked', 0, PDO::PARAM_INT); + } else { + // Record the action + modLog("Bumplocked post #{$post}"); + $query->bindValue(':bumplocked', 1, PDO::PARAM_INT); + } + + $query->execute() or error(db_error($query)); + + buildIndex(); + buildThread($post); + + + // Redirect + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)(\/global)?$/', $query, $matches)) { + // Delete all posts by an IP + + $boardName = &$matches[1]; + $post = &$matches[2]; + $global = isset($matches[3]) && $matches[3] == '/global'; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $post); + $query->execute() or error(db_error($query)); + + if(!$post = $query->fetch()) + error($config['error']['invalidpost']); + + $ip = $post['ip']; + + if($global) + $boards = listBoards(); + else + $boards = array(array('uri' => $board['uri'])); + + $query = ''; + foreach($boards as $_board) { + $query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); + } + $query = preg_replace('/UNION ALL $/', '', $query); + + $query = prepare($query); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) + error($config['error']['invalidpost']); + + $boards = array(); + while($post = $query->fetch()) { + openBoard($post['board']); + $boards[] = $post['board']; - // Rebuild board + deletePost($post['id'], false); + } + + foreach($boards as &$_board) { + openBoard($_board); buildIndex(); - - // Redirect - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { - // Add/remove sticky - - $boardName = &$matches[1]; - - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']); - - $post = &$matches[3]; - - $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - - if($matches[2] == 'un') { - // Record the action - modLog("Unstickied post #{$post}"); - $query->bindValue(':sticky', 0, PDO::PARAM_INT); - } else { - // Record the action - modLog("Stickied post #{$post}"); - $query->bindValue(':sticky', 1, PDO::PARAM_INT); + } + + // Record the action + modLog("Deleted all posts by IP address: {$ip}"); + + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + } elseif(preg_match('/^\/ban$/', $query)) { + if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); + // Ban page + + if(isset($_POST['new_ban'])) { + if( !isset($_POST['ip']) || + !isset($_POST['reason']) || + !isset($_POST['length']) || + !isset($_POST['board_id']) + ) error($config['error']['missedafield']); + + // Check required fields + if(empty($_POST['ip'])) + error(sprintf($config['error']['required'], 'IP address')); + + $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)"); + + // 1yr2hrs30mins + // 1y2h30m + $expire = 0; + if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { + if(isset($m[2])) { + // Years + $expire += $m[2]*60*60*24*365; + } + if(isset($m[4])) { + // Months + $expire += $m[4]*60*60*24*30; + } + if(isset($m[6])) { + // Weeks + $expire += $m[6]*60*60*24*7; + } + if(isset($m[8])) { + // Days + $expire += $m[8]*60*60*24; + } + if(isset($m[10])) { + // Hours + $expire += $m[10]*60*60; + } + if(isset($m[12])) { + // Minutes + $expire += $m[12]*60; + } + if(isset($m[14])) { + // Seconds + $expire += $m[14]; + } } - - $query->execute() or error(db_error($query)); - - buildIndex(); - buildThread($post); - - - // Redirect - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { - // Lock/Unlock - - $boardName = &$matches[1]; - - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']); - - $post = &$matches[3]; - - $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - - if($matches[2] == 'un') { - // Record the action - modLog("Unlocked post #{$post}"); - $query->bindValue(':locked', 0, PDO::PARAM_INT); + if($expire) { + $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); } else { - // Record the action - modLog("Locked post #{$post}"); - $query->bindValue(':locked', 1, PDO::PARAM_INT); + // Never expire + $query->bindValue(':expires', null, PDO::PARAM_NULL); } - $query->execute() or error(db_error($query)); - - buildIndex(); - buildThread($post); - - - // Redirect - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) { - // Lock/Unlock - - $boardName = &$matches[1]; - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']); + $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':set', time(), PDO::PARAM_INT); - $post = &$matches[3]; - $query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - if($matches[2] == 'un') { - // Record the action - modLog("Unbumplocked post #{$post}"); - $query->bindValue(':bumplocked', 0, PDO::PARAM_INT); + if(!empty($_POST['reason'])) { + $reason = $_POST['reason']; + markup($reason); + $query->bindValue(':reason', $reason, PDO::PARAM_STR); } else { - // Record the action - modLog("Bumplocked post #{$post}"); - $query->bindValue(':bumplocked', 1, PDO::PARAM_INT); - } - - $query->execute() or error(db_error($query)); - - buildIndex(); - buildThread($post); - - - // Redirect - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)(\/global)?$/', $query, $matches)) { - // Delete all posts by an IP - - $boardName = &$matches[1]; - $post = &$matches[2]; - $global = isset($matches[3]) && $matches[3] == '/global'; - - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $post); - $query->execute() or error(db_error($query)); - - if(!$post = $query->fetch()) - error($config['error']['invalidpost']); - - $ip = $post['ip']; - - if($global) - $boards = listBoards(); - else - $boards = Array(Array('uri' => $board['uri'])); - - $query = ''; - foreach($boards as $_board) { - $query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); - } - $query = preg_replace('/UNION ALL $/', '', $query); - - $query = prepare($query); - $query->bindValue(':ip', $ip); - $query->execute() or error(db_error($query)); - - if($query->rowCount() < 1) - error($config['error']['invalidpost']); - - $boards = Array(); - while($post = $query->fetch()) { - openBoard($post['board']); - $boards[] = $post['board']; - - deletePost($post['id'], false); + $query->bindValue(':reason', null, PDO::PARAM_NULL); } - foreach($boards as &$_board) { - openBoard($_board); - buildIndex(); - } - - // Record the action - modLog("Deleted all posts by IP address: {$ip}"); - - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - } elseif(preg_match('/^\/ban$/', $query)) { - if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); - // Ban page - - if(isset($_POST['new_ban'])) { - if( !isset($_POST['ip']) || - !isset($_POST['reason']) || - !isset($_POST['length']) || - !isset($_POST['board_id']) - ) error($config['error']['missedafield']); - - // Check required fields - if(empty($_POST['ip'])) - error(sprintf($config['error']['required'], 'IP address')); - - $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)"); - - // 1yr2hrs30mins - // 1y2h30m - $expire = 0; - if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { - if(isset($m[2])) { - // Years - $expire += $m[2]*60*60*24*365; - } - if(isset($m[4])) { - // Months - $expire += $m[4]*60*60*24*30; - } - if(isset($m[6])) { - // Weeks - $expire += $m[6]*60*60*24*7; - } - if(isset($m[8])) { - // Days - $expire += $m[8]*60*60*24; - } - if(isset($m[10])) { - // Hours - $expire += $m[10]*60*60; - } - if(isset($m[12])) { - // Minutes - $expire += $m[12]*60; - } - if(isset($m[14])) { - // Seconds - $expire += $m[14]; - } - } - if($expire) { - $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); - } else { - // Never expire - $query->bindValue(':expires', null, PDO::PARAM_NULL); - } - - $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); - $query->bindValue(':set', time(), PDO::PARAM_INT); - - - - if(!empty($_POST['reason'])) { - $reason = $_POST['reason']; - markup($reason); - $query->bindValue(':reason', $reason, PDO::PARAM_STR); - } else { - $query->bindValue(':reason', null, PDO::PARAM_NULL); - } + if($_POST['board_id'] < 0) { + $query->bindValue(':board', null, PDO::PARAM_NULL); + } else { + $query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT); + } + + // Record the action + modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason')); + + $query->execute() or error(db_error($query)); + + if(isset($_POST['board'])) + openBoard($_POST['board']); + + // Delete too + if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) { + $post = round($_POST['delete']); - if($_POST['board_id'] < 0) { - $query->bindValue(':board', null, PDO::PARAM_NULL); - } else { - $query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT); - } + deletePost($post); // Record the action - modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason')); + modLog("Deleted post #{$post}"); - $query->execute() or error(db_error($query)); + // Rebuild board + buildIndex(); + } + + if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { + $post = round($_POST['post']); - if(isset($_POST['board'])) - openBoard($_POST['board']); + $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + $query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); + $query->execute() or error(db_error($query)); - // Delete too - if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) { - $post = round($_POST['delete']); - - deletePost($post); - - // Record the action - modLog("Deleted post #{$post}"); - - // Rebuild board - buildIndex(); - } + // Rebuild thread + $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + $thread = $query->fetch(); + if($thread['thread']) + buildThread($thread['thread']); + else + buildThread($post); - if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { - $post = round($_POST['post']); - - $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - $query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); - $query->execute() or error(db_error($query)); - - // Rebuild thread - $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - $thread = $query->fetch(); - if($thread['thread']) - buildThread($thread['thread']); - else - buildThread($post); - - // Rebuild board - buildIndex(); - - // Record the action - modLog("Attached a public ban message for post #{$post}: " . $_POST['message']); - } + // Rebuild board + buildIndex(); - // Redirect - if(isset($_POST['continue'])) - header('Location: ' . $_POST['continue'], true, $config['redirect_http']); - elseif(isset($board)) - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); - else - header('Location: ?/', true, $config['redirect_http']); + // Record the action + modLog("Attached a public ban message for post #{$post}: " . $_POST['message']); } - } elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) { - $boardName = &$matches[1]; - $postID = $matches[2]; + // Redirect + if(isset($_POST['continue'])) + header('Location: ' . $_POST['continue'], true, $config['redirect_http']); + elseif(isset($board)) + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); + else + header('Location: ?/', true, $config['redirect_http']); + } + } elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) { + + $boardName = &$matches[1]; + $postID = $matches[2]; + + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']); + + if(isset($_POST['board'])) { + $targetBoard = $_POST['board']; + $shadow = isset($_POST['shadow']); - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); + if($targetBoard == $boardName) + error(_("Target and source board are the same.")); - if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']); + // copy() if leaving a shadow thread behind. otherwise, rename(). + $clone = $shadow ? 'copy' : 'rename'; - if(isset($_POST['board'])) { - $targetBoard = $_POST['board']; - $shadow = isset($_POST['shadow']); - - if($targetBoard == $boardName) - error(_("Target and source board are the same.")); - - // copy() if leaving a shadow thread behind. otherwise, rename(). - $clone = $shadow ? 'copy' : 'rename'; + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri'])); + $query->bindValue(':id', $postID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + if(!$post = $query->fetch()) { + error($config['error']['nonexistant']); + } + $post['op'] = true; + + if($post['file']) { + $post['has_file'] = true; + $post['width'] = &$post['filewidth']; + $post['height'] = &$post['fileheight']; - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri'])); - $query->bindValue(':id', $postID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - if(!$post = $query->fetch()) { - error($config['error']['nonexistant']); - } - $post['op'] = true; + $file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; + $file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; + } else $post['has_file'] = false; + + // allow thread to keep its same traits (stickied, locked, etc.) + $post['mod'] = true; + + if(!openBoard($targetBoard)) + error($config['error']['noboard']); + + $newID = post($post); + + if($post['has_file']) { + $clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); + $clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); + } + + // move replies too... + openBoard($boardName); + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri'])); + $query->bindValue(':id', $postID, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $replies = array(); + while($post = $query->fetch()) { + $post['mod'] = true; + $post['thread'] = $newID; if($post['file']) { $post['has_file'] = true; $post['width'] = &$post['filewidth']; $post['height'] = &$post['fileheight']; - $file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; - $file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; + $post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; + $post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; } else $post['has_file'] = false; - // allow thread to keep its same traits (stickied, locked, etc.) - $post['mod'] = true; - - if(!openBoard($targetBoard)) - error($config['error']['noboard']); + $replies[] = $post; + } + + $newIDs = array($postID => $newID); + + openBoard($targetBoard); + foreach($replies as &$post) { + $query = prepare("SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post"); + $query->bindValue(':board', $boardName); + $query->bindValue(':post', $post['id'], PDO::PARAM_INT); + $query->execute() or error(db_error($qurey)); + while($cite = $query->fetch(PDO::FETCH_ASSOC)) { + if(isset($newIDs[$cite['target']])) { + $post['body_nomarkup'] = preg_replace( + '/(>>(>\/' . preg_quote($boardName, '/') . '\/)?)' . preg_quote($cite['target'], '/') . '/', + '>>' . $newIDs[$cite['target']], + $post['body_nomarkup']); + + $post['body'] = $post['body_nomarkup']; + } + } + $post['op'] = false; + $post['tracked_cites'] = markup($post['body'], true); - $newID = post($post); + $newIDs[$post['id']] = $newPostID = post($post); if($post['has_file']) { - $clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); - $clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); + $clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); + $clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); } - // move replies too... - openBoard($boardName); - - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri'])); + foreach($post['tracked_cites'] as $cite) { + $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); + $query->bindValue(':board', $board['uri']); + $query->bindValue(':post', $newPostID, PDO::PARAM_INT); + $query->bindValue(':target_board',$cite[0]); + $query->bindValue(':target', $cite[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + } + + // build thread + buildThread($newID); + buildIndex(); + + // trigger themes + rebuildThemes('post'); + + openBoard($boardName); + + if($shadow) { + // lock thread + $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - $replies = Array(); - while($post = $query->fetch()) { - $post['mod'] = true; - $post['thread'] = $newID; - - if($post['file']) { - $post['has_file'] = true; - $post['width'] = &$post['filewidth']; - $post['height'] = &$post['fileheight']; - - $post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; - $post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; - } else $post['has_file'] = false; - - $replies[] = $post; - } + $post = array( + 'mod' => true, + 'subject' => '', + 'email' => '', + 'name' => $config['mod']['shadow_name'], + 'capcode' => $config['mod']['shadow_capcode'], + 'trip' => '', + 'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID), + 'password' => '', + 'has_file' => false, + // attach to original thread + 'thread' => $postID, + 'op' => false + ); - $newIDs = Array($postID => $newID); + markup($post['body']); - openBoard($targetBoard); - foreach($replies as &$post) { - $query = prepare("SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post"); - $query->bindValue(':board', $boardName); - $query->bindValue(':post', $post['id'], PDO::PARAM_INT); - $query->execute() or error(db_error($qurey)); - while($cite = $query->fetch(PDO::FETCH_ASSOC)) { - if(isset($newIDs[$cite['target']])) { - $post['body_nomarkup'] = preg_replace( - '/(>>(>\/' . preg_quote($boardName, '/') . '\/)?)' . preg_quote($cite['target'], '/') . '/', - '>>' . $newIDs[$cite['target']], - $post['body_nomarkup']); - - $post['body'] = $post['body_nomarkup']; - } - } - $post['op'] = false; - $post['tracked_cites'] = markup($post['body'], true); - - $newIDs[$post['id']] = $newPostID = post($post); - - if($post['has_file']) { - $clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); - $clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); - } - - foreach($post['tracked_cites'] as $cite) { - $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); - $query->bindValue(':board', $board['uri']); - $query->bindValue(':post', $newPostID, PDO::PARAM_INT); - $query->bindValue(':target_board',$cite[0]); - $query->bindValue(':target', $cite[1], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - } - } + $botID = post($post); + buildThread($postID); - // build thread - buildThread($newID); + header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']); + } else { + deletePost($postID); buildIndex(); - // trigger themes - rebuildThemes('post'); - - openBoard($boardName); - - if($shadow) { - // lock thread - $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $postID, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - $post = Array( - 'mod' => true, - 'subject' => '', - 'email' => '', - 'name' => $config['mod']['shadow_name'], - 'capcode' => $config['mod']['shadow_capcode'], - 'trip' => '', - 'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID), - 'password' => '', - 'has_file' => false, - // attach to original thread - 'thread' => $postID, - 'op' => false - ); - - markup($post['body']); - - $botID = post($post); - buildThread($postID); - - header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']); - } else { - deletePost($postID); - buildIndex(); - - openBoard($targetBoard); - header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']); - } - } else { - - $body = '
                Move thread' . - '
                ' . - '' - ; - - $boards = listBoards(); - if(count($boards) <= 1) - error(_('No board to move to; there is only one.')); - - $__boards = ''; - foreach($boards as &$_board) { - if($_board['uri'] == $board['uri']) - continue; - $__boards .= '
              • ' . - '' . - '' . - '
                • '; - } - - $body .= '' . - '' . - '' . - '' . - - '' . - '' . - '' . - '' . - - '' . - '' . - '' . - '' . - - '' . - '' . - '' . - '' . - '
                Thread ID
                ' . - '' . - ' (locks thread; replies to it with a link.)' . - '
                Target board
                  ' . $__boards . '
                ' . - '
                '; - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'Move #' . $postID, - 'body'=>$body, - 'mod'=>true - ) - ); + openBoard($targetBoard); + header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']); } - } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { - - // Ban by post - - $boardName = &$matches[1]; - // Open board - if(!openBoard($boardName)) - error($config['error']['noboard']); - - if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']); - - $delete = isset($matches[2]) && $matches[2] == '&delete'; - if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); - - $post = $matches[3]; - - $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); - $query->bindValue(':id', $post, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + } else { + + $body = '
                Move thread' . + '
                ' . + '' + ; + + $boards = listBoards(); + if(count($boards) <= 1) + error(_('No board to move to; there is only one.')); - if($query->rowCount() < 1) { - error($config['error']['invalidpost']); + $__boards = ''; + foreach($boards as &$_board) { + if($_board['uri'] == $board['uri']) + continue; + $__boards .= '
              • ' . + '' . + '' . + '
                • '; } - $post = $query->fetch(); - - $body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete); - - echo Element('page.html', Array( + $body .= '' . + '' . + '' . + '' . + + '' . + '' . + '' . + '' . + + '' . + '' . + '' . + '' . + + '' . + '' . + '' . + '' . + '
                Thread ID
                ' . + '' . + ' (locks thread; replies to it with a link.)' . + '
                Target board
                  ' . $__boards . '
                ' . + '
                '; + + echo Element('page.html', array( 'config'=>$config, - 'title'=>'New ban', + 'title'=>'Move #' . $postID, 'body'=>$body, 'mod'=>true ) ); - } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P\d+)$/', $query, $matches)) { - if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']); - - $ip = $matches[1]; - $id = $matches['id']; + } + } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { + + // Ban by post + + $boardName = &$matches[1]; + // Open board + if(!openBoard($boardName)) + error($config['error']['noboard']); + + if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']); + + $delete = isset($matches[2]) && $matches[2] == '&delete'; + if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); + + $post = $matches[3]; + + $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query->bindValue(':id', $post, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($query->rowCount() < 1) { + error($config['error']['invalidpost']); + } + + $post = $query->fetch(); + + $body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'New ban', + 'body'=>$body, + 'mod'=>true + ) + ); + } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P\d+)$/', $query, $matches)) { + if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']); + + $ip = $matches[1]; + $id = $matches['id']; - $query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id"); + $query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id"); + $query->bindValue(':ip', $ip); + $query->bindValue(':id', $id); + $query->execute() or error(db_error($query)); + + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); + } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) { + // View information on an IP address + + $ip = $matches[1]; + $host = $config['mod']['dns_lookup'] ? rDNS($ip) : false; + + if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) { + removeBan($_POST['ban_id']); + header('Location: ?/IP/' . $ip, true, $config['redirect_http']); + } elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) { + $query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)"); $query->bindValue(':ip', $ip); - $query->bindValue(':id', $id); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + $query->bindValue(':time', time(), PDO::PARAM_INT); + markup($_POST['note']); + $query->bindValue(':body', $_POST['note']); $query->execute() or error(db_error($query)); header('Location: ?/IP/' . $ip, true, $config['redirect_http']); - } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) { - // View information on an IP address - - $ip = $matches[1]; - $host = $config['mod']['dns_lookup'] ? rDNS($ip) : false; + } else { + $body = ''; + $boards = listBoards(); + foreach($boards as &$_board) { + openBoard($_board['uri']); - if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) { - removeBan($_POST['ban_id']); - header('Location: ?/IP/' . $ip, true, $config['redirect_http']); - } elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) { - $query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)"); + $temp = ''; + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); $query->bindValue(':ip', $ip); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); - $query->bindValue(':time', time(), PDO::PARAM_INT); - markup($_POST['note']); - $query->bindValue(':body', $_POST['note']); + $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - - header('Location: ?/IP/' . $ip, true, $config['redirect_http']); - } else { - $body = ''; - $boards = listBoards(); - foreach($boards as &$_board) { - openBoard($_board['uri']); - - $temp = ''; - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri'])); - $query->bindValue(':ip', $ip); - $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); - - while($post = $query->fetch()) { - if(!$post['thread']) { - $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); - } else { - $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); - } - $temp .= $po->build(true) . '
                '; + + while($post = $query->fetch()) { + if(!$post['thread']) { + $po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false); + } else { + $po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod); } - - if(!empty($temp)) - $body .= '
                Last ' . $query->rowCount() . ' posts on ' . - sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . - '' . $temp . '
                '; + $temp .= $po->build(true) . '
                '; } - if(hasPermission($config['mod']['view_notes'])) { - $query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC"); - $query->bindValue(':ip', $ip); - $query->execute() or error(db_error($query)); - - if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) { - $body .= '
                ' . - $query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . - ''; - if($query->rowCount() > 0) { - $body .= '' . - '' . - (hasPermission($config['mod']['remove_notes']) ? '' : '') . - ''; - while($note = $query->fetch()) { - - if($note['mod']) { - $_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); - $_query->bindValue(':id', $note['mod']); - $_query->execute() or error(db_error($_query)); - if($_mod = $_query->fetch()) { - $staff = '' . utf8tohtml($_mod['username']) . ''; - } else { - $staff = '???'; - } + if(!empty($temp)) + $body .= '
                Last ' . $query->rowCount() . ' posts on ' . + sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] . + '' . $temp . '
                '; + } + + if(hasPermission($config['mod']['view_notes'])) { + $query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); + + if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) { + $body .= '
                ' . + $query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . + ''; + if($query->rowCount() > 0) { + $body .= '
                StaffNoteDateActions
                ' . + '' . + (hasPermission($config['mod']['remove_notes']) ? '' : '') . + ''; + while($note = $query->fetch()) { + + if($note['mod']) { + $_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); + $_query->bindValue(':id', $note['mod']); + $_query->execute() or error(db_error($_query)); + if($_mod = $_query->fetch()) { + $staff = '' . utf8tohtml($_mod['username']) . ''; } else { - $staff = 'system'; + $staff = '???'; } - $body .= '' . - '' . - (hasPermission($config['mod']['remove_notes']) ? - '' - : '') . - ''; + } else { + $staff = 'system'; } - $body .= '
                StaffNoteDateActions
                ' . - $staff . - '' . - $note['body'] . - '' . - strftime($config['post_date'], $note['time']) . - '[delete]
                '; + $body .= '' . + '' . + $staff . + '' . + $note['body'] . + '' . + strftime($config['post_date'], $note['time']) . + '' . + (hasPermission($config['mod']['remove_notes']) ? + '[delete]' + : '') . + ''; } - - if(hasPermission($config['mod']['create_notes'])) { - $body .= '
                ' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '
                Staff' . $mod['username'] . '
                ' . - '
                '; - } - - $body .= '
                '; + $body .= ''; } + + if(hasPermission($config['mod']['create_notes'])) { + $body .= '
                ' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
                Staff' . $mod['username'] . '
                ' . + '
                '; + } + + $body .= ''; } + } + + if(hasPermission($config['mod']['view_ban'])) { + $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query->bindValue(':ip', $ip); + $query->execute() or error(db_error($query)); - if(hasPermission($config['mod']['view_ban'])) { - $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); - $query->bindValue(':ip', $ip); - $query->execute() or error(db_error($query)); + if($query->rowCount() > 0) { + $body .= '
                Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record'; - if($query->rowCount() > 0) { - $body .= '
                Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record'; + while($ban = $query->fetch()) { + $body .= '
                ' . + '' . - while($ban = $query->fetch()) { - $body .= '' . - '
                Status' . + ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? + 'Expired' + : 'Active') . + '
                ' . - - // IP - '' . - - // Reason - '' . - - // Board - '' . + + // Reason + '' . + + // Board + '' . + + // Set + '' . + + // Expires + '' . - - // Set - '' . - - // Expires - '' . - - // Staff - '' . + + // Staff + '
                Status' . - ($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ? - 'Expired' - : 'Active') . - '
                IP' . $ban['ip'] . '
                Reason' . $ban['reason'] . '
                Board' . - (isset($ban['board']) ? - (isset($ban['uri']) ? - sprintf($config['board_abbreviation'], $ban['uri']) - : - 'deleted?' - ) + // IP + '
                IP' . $ban['ip'] . '
                Reason' . $ban['reason'] . '
                Board' . + (isset($ban['board']) ? + (isset($ban['uri']) ? + sprintf($config['board_abbreviation'], $ban['uri']) + : + 'deleted?' + ) + : + '' . _('all boards') . '' + ) . + '
                Set' . strftime($config['post_date'], $ban['set']) . '
                Expires' . + ($ban['expires'] == 0 ? + 'Never' : - '' . _('all boards') . '' + strftime($config['post_date'], $ban['expires']) ) . - '
                Set' . strftime($config['post_date'], $ban['set']) . '
                Expires' . - ($ban['expires'] == 0 ? - 'Never' - : - strftime($config['post_date'], $ban['expires']) - ) . - '
                Staff' . - (isset($ban['username']) ? - (!hasPermission($config['mod']['view_banstaff']) ? - ($config['mod']['view_banquestionmark'] ? - '?' - : - ($ban['type'] == JANITOR ? 'Janitor' : - ($ban['type'] == MOD ? 'Mod' : - ($ban['type'] == ADMIN ? 'Admin' : - '?'))) - ) + '
                Staff' . + (isset($ban['username']) ? + (!hasPermission($config['mod']['view_banstaff']) ? + ($config['mod']['view_banquestionmark'] ? + '?' : - utf8tohtml($ban['username']) + ($ban['type'] == JANITOR ? 'Janitor' : + ($ban['type'] == MOD ? 'Mod' : + ($ban['type'] == ADMIN ? 'Admin' : + '?'))) ) - : 'deleted?' - ) . - '
                ' . - - '' . - - '
                '; - } + : + utf8tohtml($ban['username']) + ) + : 'deleted?' + ) . + '' . - $body .= '
                '; + '' . + ''; } + + $body .= '
                '; + } - - if(hasPermission($config['mod']['ip_banform'])) - $body .= form_newBan($ip, null, '?/IP/' . $ip); - - echo Element('page.html', Array( - 'config'=>$config, - 'title'=>'IP: ' . $ip, - 'subtitle' => $host, - 'body'=>$body, - 'mod'=>true - ) - ); } - } else { - error($config['error']['404']); + + if(hasPermission($config['mod']['ip_banform'])) + $body .= form_newBan($ip, null, '?/IP/' . $ip); + + echo Element('page.html', array( + 'config'=>$config, + 'title'=>'IP: ' . $ip, + 'subtitle' => $host, + 'body'=>$body, + 'mod'=>true + ) + ); } + } else { + error($config['error']['404']); } +} -?> diff --git a/post.php b/post.php index d2023f07..9b983842 100644 --- a/post.php +++ b/post.php @@ -1,583 +1,586 @@ $value) { - if(preg_match('/^delete_(\d+)$/', $post, $m)) { - $delete[] = (int)$m[1]; - } + $_GET = strip_array($_GET); + $_POST = strip_array($_POST); +} + +if(isset($_POST['delete'])) { + // Delete + + if(!isset($_POST['board'], $_POST['password'])) + error($config['error']['bot']); + + $password = &$_POST['password']; + + if($password == '') + error($config['error']['invalidpassword']); + + $delete = array(); + foreach($_POST as $post => $value) { + if(preg_match('/^delete_(\d+)$/', $post, $m)) { + $delete[] = (int)$m[1]; } + } + + checkDNSBL(); - checkDNSBL(); - - // Check if board exists - if(!openBoard($_POST['board'])) - error($config['error']['noboard']); + // Check if board exists + if(!openBoard($_POST['board'])) + error($config['error']['noboard']); + + // Check if banned + checkBan($board['uri']); + + if(empty($delete)) + error($config['error']['nodelete']); - // Check if banned - checkBan($board['uri']); + foreach($delete as &$id) { + $query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); - if(empty($delete)) - error($config['error']['nodelete']); + if($post = $query->fetch()) { + if($password != '' && $post['password'] != $password) + error($config['error']['invalidpassword']); - foreach($delete as &$id) { - $query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + if($post['time'] >= time() - $config['delete_time']) { + error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time']))); + } - if($post = $query->fetch()) { - if($password != '' && $post['password'] != $password) - error($config['error']['invalidpassword']); - - if($post['time'] >= time() - $config['delete_time']) { - error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time']))); - } - - if(isset($_POST['file'])) { - // Delete just the file - deleteFile($id); - } else { - // Delete entire post - deletePost($id); - } - - _syslog(LOG_INFO, 'Deleted post: ' . - '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : '') - ); + if(isset($_POST['file'])) { + // Delete just the file + deleteFile($id); + } else { + // Delete entire post + deletePost($id); } + + _syslog(LOG_INFO, 'Deleted post: ' . + '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : '') + ); } - - buildIndex(); - - $is_mod = isset($_POST['mod']) && $_POST['mod']; - $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; - - header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); + } - } elseif(isset($_POST['report'])) { - if(!isset($_POST['board'], $_POST['password'], $_POST['reason'])) - error($config['error']['bot']); - - $report = Array(); - foreach($_POST as $post => $value) { - if(preg_match('/^delete_(\d+)$/', $post, $m)) { - $report[] = (int)$m[1]; - } + buildIndex(); + + $is_mod = isset($_POST['mod']) && $_POST['mod']; + $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; + + header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); + +} elseif(isset($_POST['report'])) { + if(!isset($_POST['board'], $_POST['password'], $_POST['reason'])) + error($config['error']['bot']); + + $report = array(); + foreach($_POST as $post => $value) { + if(preg_match('/^delete_(\d+)$/', $post, $m)) { + $report[] = (int)$m[1]; } + } + + checkDNSBL(); - checkDNSBL(); - - // Check if board exists - if(!openBoard($_POST['board'])) - error($config['error']['noboard']); - - // Check if banned - checkBan($board['uri']); - - if(empty($report)) - error($config['error']['noreport']); - - if(count($report) > $config['report_limit']) - error($config['error']['toomanyreports']); - - $reason = &$_POST['reason']; - markup($reason); - - foreach($report as &$id) { - $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); - $query->bindValue(':id', $id, PDO::PARAM_INT); + // Check if board exists + if(!openBoard($_POST['board'])) + error($config['error']['noboard']); + + // Check if banned + checkBan($board['uri']); + + if(empty($report)) + error($config['error']['noreport']); + + if(count($report) > $config['report_limit']) + error($config['error']['toomanyreports']); + + $reason = &$_POST['reason']; + markup($reason); + + foreach($report as &$id) { + $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + $post = $query->fetch(); + + if($post) { + if($config['syslog']) + _syslog(LOG_INFO, 'Reported post: ' . + '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : '') . + ' for "' . $reason . '"' + ); + $query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); + $query->bindValue(':board', $board['id'], PDO::PARAM_INT); + $query->bindValue(':post', $id, PDO::PARAM_INT); + $query->bindValue(':reason', $reason, PDO::PARAM_STR); $query->execute() or error(db_error($query)); - - $post = $query->fetch(); - - if($post) { - if($config['syslog']) - _syslog(LOG_INFO, 'Reported post: ' . - '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $id) . ($post['thread'] ? '#' . $id : '') . - ' for "' . $reason . '"' - ); - $query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)"); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); - $query->bindValue(':board', $board['id'], PDO::PARAM_INT); - $query->bindValue(':post', $id, PDO::PARAM_INT); - $query->bindValue(':reason', $reason, PDO::PARAM_STR); - $query->execute() or error(db_error($query)); - } } + } + + $is_mod = isset($_POST['mod']) && $_POST['mod']; + $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; + + header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); +} elseif(isset($_POST['post'])) { + + if(!isset($_POST['subject'], $_POST['body'], $_POST['board'])) + error($config['error']['bot']); + + if(!isset($_POST['name'])) + $_POST['name'] = $config['anonymous']; + + if(!isset($_POST['email'])) + $_POST['email'] = ''; + + if(!isset($_POST['password'])) + $_POST['password'] = ''; + + $post = array('board' => $_POST['board']); + + if(isset($_POST['thread'])) { + $post['op'] = false; + $post['thread'] = round($_POST['thread']); + } elseif($config['quick_reply'] && isset($_POST['quick-reply'])) { + $post['op'] = false; + $post['thread'] = round($_POST['quick-reply']); + } else + $post['op'] = true; + + if(!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || + (!$post['op'] && $_POST['post'] == $config['button_reply']))) + error($config['error']['bot']); + + // Check the referrer + if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER'])) + error($config['error']['referer']); + + checkDNSBL(); - $is_mod = isset($_POST['mod']) && $_POST['mod']; - $root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; - - header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']); - } elseif(isset($_POST['post'])) { - - if(!isset($_POST['subject'], $_POST['body'], $_POST['board'])) - error($config['error']['bot']); - - if(!isset($_POST['name'])) - $_POST['name'] = $config['anonymous']; - - if(!isset($_POST['email'])) - $_POST['email'] = ''; - - if(!isset($_POST['password'])) - $_POST['password'] = ''; - - $post = Array('board' => $_POST['board']); - - if(isset($_POST['thread'])) { - $post['op'] = false; - $post['thread'] = round($_POST['thread']); - } elseif($config['quick_reply'] && isset($_POST['quick-reply'])) { - $post['op'] = false; - $post['thread'] = round($_POST['quick-reply']); - } else - $post['op'] = true; - - if(!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || - (!$post['op'] && $_POST['post'] == $config['button_reply']))) + // Check if board exists + if(!openBoard($post['board'])) + error($config['error']['noboard']); + + // Check if banned + checkBan($board['uri']); + + // Check for CAPTCHA right after opening the board so the "return" link is in there + if($config['recaptcha']) { + if(!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) error($config['error']['bot']); - - // Check the referrer - if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER'])) - error($config['error']['referer']); - - checkDNSBL(); - - // Check if board exists - if(!openBoard($post['board'])) - error($config['error']['noboard']); - - // Check if banned - checkBan($board['uri']); - - // Check for CAPTCHA right after opening the board so the "return" link is in there - if($config['recaptcha']) { - if(!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) - error($config['error']['bot']); - // Check what reCAPTCHA has to say... - $resp = recaptcha_check_answer($config['recaptcha_private'], - $_SERVER['REMOTE_ADDR'], - $_POST['recaptcha_challenge_field'], - $_POST['recaptcha_response_field']); - if(!$resp->is_valid) { - error($config['error']['captcha']); - } - } - - if(checkSpam(Array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null))) - error($config['error']['spam']); - - if($config['robot_enable'] && $config['robot_mute']) { - checkMute(); + // Check what reCAPTCHA has to say... + $resp = recaptcha_check_answer($config['recaptcha_private'], + $_SERVER['REMOTE_ADDR'], + $_POST['recaptcha_challenge_field'], + $_POST['recaptcha_response_field']); + if(!$resp->is_valid) { + error($config['error']['captcha']); } - - //Check if thread exists - if(!$post['op']) { - $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); - $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); - $query->execute() or error(db_error()); - - if(!$thread = $query->fetch()) { - // Non-existant - error($config['error']['nonexistant']); - } + } + + if(checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null))) + error($config['error']['spam']); + + if($config['robot_enable'] && $config['robot_mute']) { + checkMute(); + } + + //Check if thread exists + if(!$post['op']) { + $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); + $query->execute() or error(db_error()); + + if(!$thread = $query->fetch()) { + // Non-existant + error($config['error']['nonexistant']); } - + } - // Check for an embed field - if($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) { - // yep; validate it - $value = $_POST['embed']; - foreach($config['embedding'] as &$embed) { - if($html = preg_replace($embed[0], $embed[1], $value)) { - if($html == $value) { - // Nope. - continue; - } - - // Width and height - $html = str_replace('%%tb_width%%', $config['embed_width'], $html); - $html = str_replace('%%tb_height%%', $config['embed_height'], $html); - - // Validated. It works. - $post['embed'] = $html; - // This looks messy right now, I know. I'll work on a better alternative later. - $post['no_longer_require_an_image_for_op'] = true; - break; + + // Check for an embed field + if($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) { + // yep; validate it + $value = $_POST['embed']; + foreach($config['embedding'] as &$embed) { + if($html = preg_replace($embed[0], $embed[1], $value)) { + if($html == $value) { + // Nope. + continue; } + + // Width and height + $html = str_replace('%%tb_width%%', $config['embed_width'], $html); + $html = str_replace('%%tb_height%%', $config['embed_height'], $html); + + // Validated. It works. + $post['embed'] = $html; + // This looks messy right now, I know. I'll work on a better alternative later. + $post['no_longer_require_an_image_for_op'] = true; + break; } - if(!isset($post['embed'])) { - error($config['error']['invalid_embed']); - } - } - - if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) { - require 'inc/mod.php'; - if(!$mod) { - // Liar. You're not a mod. - error($config['error']['notamod']); - } - - $post['sticky'] = $post['op'] && isset($_POST['sticky']); - $post['locked'] = $post['op'] && isset($_POST['lock']); - $post['raw'] = isset($_POST['raw']); - - if($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) - error($config['error']['noaccess']); - if($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) - error($config['error']['noaccess']); - if($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) - error($config['error']['noaccess']); - } - - if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) { - if($config['field_disable_name']) - $_POST['name'] = $config['anonymous']; // "forced anonymous" - - if($config['field_disable_email']) - $_POST['email'] = ''; - - if($config['field_disable_password']) - $_POST['password'] = ''; - } - - // Check for a file - if($post['op'] && !isset($post['no_longer_require_an_image_for_op'])) { - if(!isset($_FILES['file']['tmp_name']) || $_FILES['file']['tmp_name'] == '' && $config['force_image_op']) - error($config['error']['noimage']); } - - $post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous']; - $post['subject'] = $_POST['subject']; - $post['email'] = utf8tohtml($_POST['email']); - $post['body'] = $_POST['body']; - $post['password'] = $_POST['password']; - $post['has_file'] = !isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && $_FILES['file']['tmp_name'] != '')); - - if($post['has_file']) - $post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']); - - if(!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) { - $stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']); - if($stripped_whitespace == '') { - error($config['error']['tooshort_body']); - } + if(!isset($post['embed'])) { + error($config['error']['invalid_embed']); } - - // Check if thread is locked - // but allow mods to post - if(!$post['op'] && !hasPermission($config['mod']['postinlocked'], $board['uri'])) { - if($thread['locked']) - error($config['error']['locked']); + } + + if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) { + require 'inc/mod.php'; + if(!$mod) { + // Liar. You're not a mod. + error($config['error']['notamod']); } - if($post['has_file']) { - $size = $_FILES['file']['size']; - if($size > $config['max_filesize']) - error(sprintf3($config['error']['filesize'], array( - 'sz'=>commaize($size), - 'filesz'=>commaize($size), - 'maxsz'=>commaize($config['max_filesize'])))); - } + $post['sticky'] = $post['op'] && isset($_POST['sticky']); + $post['locked'] = $post['op'] && isset($_POST['lock']); + $post['raw'] = isset($_POST['raw']); - if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { - if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) { - $post['capcode'] = utf8tohtml($match[3]); - $post['name'] = $match[2] != '' ? $match[2] : $config['anonymous']; - } - } else { - $post['capcode'] = false; + if($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) + error($config['error']['noaccess']); + if($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) + error($config['error']['noaccess']); + if($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) + error($config['error']['noaccess']); + } + + if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) { + if($config['field_disable_name']) + $_POST['name'] = $config['anonymous']; // "forced anonymous" + + if($config['field_disable_email']) + $_POST['email'] = ''; + + if($config['field_disable_password']) + $_POST['password'] = ''; + } + + // Check for a file + if($post['op'] && !isset($post['no_longer_require_an_image_for_op'])) { + if(!isset($_FILES['file']['tmp_name']) || $_FILES['file']['tmp_name'] == '' && $config['force_image_op']) + error($config['error']['noimage']); + } + + $post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous']; + $post['subject'] = $_POST['subject']; + $post['email'] = utf8tohtml($_POST['email']); + $post['body'] = $_POST['body']; + $post['password'] = $_POST['password']; + $post['has_file'] = !isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && $_FILES['file']['tmp_name'] != '')); + + if($post['has_file']) + $post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']); + + if(!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) { + $stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']); + if($stripped_whitespace == '') { + error($config['error']['tooshort_body']); } - - $trip = generate_tripcode($post['name']); - $post['name'] = $trip[0]; - $post['trip'] = isset($trip[1]) ? $trip[1] : ''; - - if(strtolower($post['email']) == 'noko') { - $noko = true; - $post['email'] = ''; - } else $noko = false; - - if($post['has_file']) { - $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); - if(isset($config['filename_func'])) - $post['file_id'] = $config['filename_func']($post); - else - $post['file_id'] = time() . substr(microtime(), 2, 3); - - $post['file'] = $board['dir'] . $config['dir']['img'] . $post['file_id'] . '.' . $post['extension']; - $post['thumb'] = $board['dir'] . $config['dir']['thumb'] . $post['file_id'] . '.' . ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']); + } + + // Check if thread is locked + // but allow mods to post + if(!$post['op'] && !hasPermission($config['mod']['postinlocked'], $board['uri'])) { + if($thread['locked']) + error($config['error']['locked']); + } + + if($post['has_file']) { + $size = $_FILES['file']['size']; + if($size > $config['max_filesize']) + error(sprintf3($config['error']['filesize'], array( + 'sz' => number_format($size), + 'filesz' => number_format($size), + 'maxsz' => number_format($config['max_filesize']) + ))); + } + + if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) { + if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) { + $post['capcode'] = utf8tohtml($match[3]); + $post['name'] = $match[2] != '' ? $match[2] : $config['anonymous']; } + } else { + $post['capcode'] = false; + } + + $trip = generate_tripcode($post['name']); + $post['name'] = $trip[0]; + $post['trip'] = isset($trip[1]) ? $trip[1] : ''; + + if(strtolower($post['email']) == 'noko') { + $noko = true; + $post['email'] = ''; + } else $noko = false; + + if($post['has_file']) { + $post['extension'] = strtolower(substr($post['filename'], strrpos($post['filename'], '.') + 1)); + if(isset($config['filename_func'])) + $post['file_id'] = $config['filename_func']($post); + else + $post['file_id'] = time() . substr(microtime(), 2, 3); + + $post['file'] = $board['dir'] . $config['dir']['img'] . $post['file_id'] . '.' . $post['extension']; + $post['thumb'] = $board['dir'] . $config['dir']['thumb'] . $post['file_id'] . '.' . ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension']); + } + + // Check string lengths + if(mb_strlen($post['name']) > 35) + error(sprintf($config['error']['toolong'], 'name')); + if(mb_strlen($post['email']) > 40) + error(sprintf($config['error']['toolong'], 'email')); + if(mb_strlen($post['subject']) > 100) + error(sprintf($config['error']['toolong'], 'subject')); + if(!$mod && mb_strlen($post['body']) > $config['max_body']) + error($config['error']['toolong_body']); + if(mb_strlen($post['password']) > 20) + error(sprintf($config['error']['toolong'], 'password')); + + wordfilters($post['body']); + + $post['body_nomarkup'] = $post['body']; + + if(!($mod && isset($post['raw']) && $post['raw'])) + $post['tracked_cites'] = markup($post['body'], true); + + // Check for a flood + if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) { + error($config['error']['flood']); + } + + require_once 'inc/filters.php'; + + do_filters($post); + + if($post['has_file']) { + if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files'])) + error($config['error']['unknownext']); - // Check string lengths - if(mb_strlen($post['name']) > 35) - error(sprintf($config['error']['toolong'], 'name')); - if(mb_strlen($post['email']) > 40) - error(sprintf($config['error']['toolong'], 'email')); - if(mb_strlen($post['subject']) > 100) - error(sprintf($config['error']['toolong'], 'subject')); - if(!$mod && mb_strlen($post['body']) > $config['max_body']) - error($config['error']['toolong_body']); - if(mb_strlen($post['password']) > 20) - error(sprintf($config['error']['toolong'], 'password')); - - wordfilters($post['body']); + $is_an_image = !in_array($post['extension'], $config['allowed_ext_files']); - $post['body_nomarkup'] = $post['body']; + // Truncate filename if it is too long + $post['filename'] = substr($post['filename'], 0, $config['max_filename_len']); - if(!($mod && isset($post['raw']) && $post['raw'])) - $post['tracked_cites'] = markup($post['body'], true); + $upload = $_FILES['file']['tmp_name']; - // Check for a flood - if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) { - error($config['error']['flood']); - } + if(!is_readable($upload)) + error($config['error']['nomove']); - do_filters($post); + $post['filehash'] = $config['file_hash']($upload); + $post['filesize'] = filesize($upload); - if($post['has_file']) { - if(!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files'])) - error($config['error']['unknownext']); - - $is_an_image = !in_array($post['extension'], $config['allowed_ext_files']); - - // Truncate filename if it is too long - $post['filename'] = substr($post['filename'], 0, $config['max_filename_len']); - - $upload = $_FILES['file']['tmp_name']; - - if(!is_readable($upload)) - error($config['error']['nomove']); + if($is_an_image) { + // Check IE MIME type detection XSS exploit + $buffer = file_get_contents($upload, null, null, null, 255); + if(preg_match($config['ie_mime_type_detection'], $buffer)) { + undoImage($post); + error($config['error']['mime_exploit']); + } - $post['filehash'] = $config['file_hash']($upload); - $post['filesize'] = filesize($upload); + require_once 'inc/image.php'; - if($is_an_image) { - // Check IE MIME type detection XSS exploit - $buffer = file_get_contents($upload, null, null, null, 255); - if(preg_match($config['ie_mime_type_detection'], $buffer)) { - undoImage($post); - error($config['error']['mime_exploit']); - } + if($config['thumb_method'] == 'imagick') { + // This is tricky, because Imagick won't let us find + // an image's dimensions without loading it all into + // memory first, unlike GD which provides the + // getimagesize() to do exactly that. This section + // is why GD is required, even when using Imagick + // instead. There doesn't seem to be an alternative. + // Necessary for security, as Imagick even ignores + // PHP's memory limit. - require_once 'inc/image.php'; - - if($config['thumb_method'] == 'imagick') { - // This is tricky, because Imagick won't let us find - // an image's dimensions without loading it all into - // memory first, unlike GD which provides the - // getimagesize() to do exactly that. This section - // is why GD is required, even when using Imagick - // instead. There doesn't seem to be an alternative. - // Necessary for security, as Imagick even ignores - // PHP's memory limit. - - // first try GD's getimagesize() - if($size = @getimagesize($upload)) { - if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { - - error($config['error']['maxsize']); - } - } else { - // GD failed - // TODO? - } - } else { - // find dimensions of an image using GD - if(!$size = @getimagesize($upload)) { - error($config['error']['invalidimg']); - } + // first try GD's getimagesize() + if($size = @getimagesize($upload)) { if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { + error($config['error']['maxsize']); } - } - - // create image object - $image = new Image($upload, $post['extension']); - - if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) { - $image->delete(); - error($config['error']['maxsize']); - } - - $post['width'] = $image->size->width; - $post['height'] = $image->size->height; - - if($config['spoiler_images'] && isset($_POST['spoiler'])) { - $post['thumb'] = 'spoiler'; - - $size = @getimagesize($config['spoiler_image']); - $post['thumbwidth'] = $size[0]; - $post['thumbheight'] = $size[1]; - } elseif($config['minimum_copy_resize'] && - $image->size->width <= $config['thumb_width'] && - $image->size->height <= $config['thumb_height'] && - $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) { - - // Copy, because there's nothing to resize - copy($upload, $post['thumb']); - - $post['thumbwidth'] = $image->size->width; - $post['thumbheight'] = $image->size->height; } else { - $thumb = $image->resize( - $config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'], - $post['op'] ? $config['thumb_op_width'] : $config['thumb_width'], - $post['op'] ? $config['thumb_op_height'] : $config['thumb_height'] - ); - - $thumb->to($post['thumb']); - - $post['thumbwidth'] = $thumb->width; - $post['thumbheight'] = $thumb->height; - - $thumb->_destroy(); + // GD failed + // TODO? } - - if($config['redraw_image']) { - $image->to($post['file']); - } else { - if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) - error($config['error']['nomove']); - } - $image->destroy(); } else { - // not an image - - //copy($config['file_thumb'], $post['thumb']); - $post['thumb'] = 'file'; + // find dimensions of an image using GD + if(!$size = @getimagesize($upload)) { + error($config['error']['invalidimg']); + } + if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { + error($config['error']['maxsize']); + } + } + + // create image object + $image = new Image($upload, $post['extension']); + + if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) { + $image->delete(); + error($config['error']['maxsize']); + } + + $post['width'] = $image->size->width; + $post['height'] = $image->size->height; + + if($config['spoiler_images'] && isset($_POST['spoiler'])) { + $post['thumb'] = 'spoiler'; - $size = @getimagesize($config['file_thumb']); + $size = @getimagesize($config['spoiler_image']); $post['thumbwidth'] = $size[0]; $post['thumbheight'] = $size[1]; - } - } - - if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) { - undoImage($post); - error(sprintf($config['error']['fileexists'], - $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'] . - $board['dir'] . $config['dir']['res'] . - ($p['thread'] ? - $p['thread'] . '.html#' . $p['id'] - : - $p['id'] . '.html' - ) - )); - } - - if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) { - undoImage($post); - if($config['robot_mute']) { - error(sprintf($config['error']['muted'], mute())); + } elseif($config['minimum_copy_resize'] && + $image->size->width <= $config['thumb_width'] && + $image->size->height <= $config['thumb_height'] && + $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) { + + // Copy, because there's nothing to resize + copy($upload, $post['thumb']); + + $post['thumbwidth'] = $image->size->width; + $post['thumbheight'] = $image->size->height; } else { - error($config['error']['unoriginal']); + $thumb = $image->resize( + $config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'], + $post['op'] ? $config['thumb_op_width'] : $config['thumb_width'], + $post['op'] ? $config['thumb_op_height'] : $config['thumb_height'] + ); + + $thumb->to($post['thumb']); + + $post['thumbwidth'] = $thumb->width; + $post['thumbheight'] = $thumb->height; + + $thumb->_destroy(); } - } - - // Remove board directories before inserting them into the database. - if($post['has_file']) { - $post['file_path'] = $post['file']; - $post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img'])); - if($is_an_image && $post['thumb'] != 'spoiler') - $post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb'])); - } - - $post = (object)$post; - if($error = event('post', $post)) { - undoImage((array)$post); - error($error); - } - $post = (array)$post; - - $id = post($post); - - if(isset($post['tracked_cites'])) { - foreach($post['tracked_cites'] as $cite) { - $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); - $query->bindValue(':board', $board['uri']); - $query->bindValue(':post', $id, PDO::PARAM_INT); - $query->bindValue(':target_board',$cite[0]); - $query->bindValue(':target', $cite[1], PDO::PARAM_INT); - $query->execute() or error(db_error($query)); + + if($config['redraw_image']) { + $image->to($post['file']); + } else { + if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) + error($config['error']['nomove']); } - } - - buildThread($post['op'] ? $id : $post['thread']); - - if(!$post['op'] && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) { - bumpThread($post['thread']); - } - - if($post['op']) - clean(); - - event('post-after', $post); - - buildIndex(); - - if(isset($_SERVER['HTTP_REFERER'])) { - // Tell Javascript that we posted successfully - if(isset($_COOKIE[$config['cookies']['js']])) - $js = json_decode($_COOKIE[$config['cookies']['js']]); - else - $js = (object) Array(); - // Tell it to delete the cached post for referer - $js->{$_SERVER['HTTP_REFERER']} = true; - // Encode and set cookie - setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false); - } - - $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; - - if($config['always_noko'] || $noko) { - $redirect = $root . $board['dir'] . $config['dir']['res'] . - sprintf($config['file_page'], $post['op'] ? $id:$post['thread']) . (!$post['op'] ? '#' . $id : ''); + $image->destroy(); } else { - $redirect = $root . $board['dir'] . $config['file_index']; + // not an image + //copy($config['file_thumb'], $post['thumb']); + $post['thumb'] = 'file'; + + $size = @getimagesize($config['file_thumb']); + $post['thumbwidth'] = $size[0]; + $post['thumbheight'] = $size[1]; } - - if($config['syslog']) - _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . - sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$$post['op'] ? '#' . $id : '')); - - rebuildThemes('post'); - header('Location: ' . $redirect, true, $config['redirect_http']); - } else { - if(!file_exists($config['has_installed'])) { - header('Location: install.php', true, $config['redirect_http']); + } + + if($post['has_file'] && $config['image_reject_repost'] && $p = getPostByHash($post['filehash'])) { + undoImage($post); + error(sprintf($config['error']['fileexists'], + $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'] . + $board['dir'] . $config['dir']['res'] . + ($p['thread'] ? + $p['thread'] . '.html#' . $p['id'] + : + $p['id'] . '.html' + ) + )); + } + + if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) { + undoImage($post); + if($config['robot_mute']) { + error(sprintf($config['error']['muted'], mute())); } else { - // They opened post.php in their browser manually. - error($config['error']['nopost']); + error($config['error']['unoriginal']); } } -?> + + // Remove board directories before inserting them into the database. + if($post['has_file']) { + $post['file_path'] = $post['file']; + $post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img'])); + if($is_an_image && $post['thumb'] != 'spoiler') + $post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb'])); + } + + $post = (object)$post; + if($error = event('post', $post)) { + undoImage((array)$post); + error($error); + } + $post = (array)$post; + + $id = post($post); + + if(isset($post['tracked_cites'])) { + foreach($post['tracked_cites'] as $cite) { + $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); + $query->bindValue(':board', $board['uri']); + $query->bindValue(':post', $id, PDO::PARAM_INT); + $query->bindValue(':target_board',$cite[0]); + $query->bindValue(':target', $cite[1], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + } + } + + buildThread($post['op'] ? $id : $post['thread']); + + if(!$post['op'] && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) { + bumpThread($post['thread']); + } + + if($post['op']) + clean(); + + event('post-after', $post); + + buildIndex(); + + if(isset($_SERVER['HTTP_REFERER'])) { + // Tell Javascript that we posted successfully + if(isset($_COOKIE[$config['cookies']['js']])) + $js = json_decode($_COOKIE[$config['cookies']['js']]); + else + $js = (object) array(); + // Tell it to delete the cached post for referer + $js->{$_SERVER['HTTP_REFERER']} = true; + // Encode and set cookie + setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false); + } + + $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; + + if($config['always_noko'] || $noko) { + $redirect = $root . $board['dir'] . $config['dir']['res'] . + sprintf($config['file_page'], $post['op'] ? $id:$post['thread']) . (!$post['op'] ? '#' . $id : ''); + } else { + $redirect = $root . $board['dir'] . $config['file_index']; + + } + + if($config['syslog']) + _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . + sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$$post['op'] ? '#' . $id : '')); + + rebuildThemes('post'); + header('Location: ' . $redirect, true, $config['redirect_http']); +} else { + if(!file_exists($config['has_installed'])) { + header('Location: install.php', true, $config['redirect_http']); + } else { + // They opened post.php in their browser manually. + error($config['error']['nopost']); + } +} +