1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-15 03:17:38 +01:00
vichan/mod.php

174 lines
6.0 KiB
PHP
Raw Normal View History

2010-12-01 11:53:11 +01:00
<?php
2012-04-11 18:49:22 +02:00
/*
2013-01-20 11:23:46 +01:00
* Copyright (c) 2010-2013 Tinyboard Development Group
2012-04-11 18:49:22 +02:00
*/
require 'inc/functions.php';
2012-04-12 18:11:41 +02:00
require 'inc/mod/pages.php';
require 'inc/mod/auth.php';
2012-04-11 18:49:22 +02:00
2012-04-12 18:11:41 +02:00
// Fix for magic quotes
2012-04-11 18:49:22 +02:00
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
2012-04-11 18:49:22 +02:00
}
2010-12-01 11:53:11 +01:00
2012-04-11 18:49:22 +02:00
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
2013-07-31 08:08:55 +02:00
$query = isset($_SERVER['QUERY_STRING']) ? urldecode($_SERVER['QUERY_STRING']) : '';
2012-04-11 18:49:22 +02:00
2012-04-12 18:11:41 +02:00
$pages = array(
2012-05-06 04:44:37 +02:00
'' => ':?/', // redirect to dashboard
'/' => 'dashboard', // dashboard
'/confirm/(.+)' => 'confirm', // confirm action (if javascript didn't work)
'/logout' => 'logout', // logout
2012-04-16 08:40:24 +02:00
2012-05-06 04:44:37 +02:00
'/users' => 'users', // manage users
'/users/(\d+)' => 'user', // edit user
'/users/(\d+)/(promote|demote)' => 'user_promote', // prmote/demote user
'/users/new' => 'user_new', // create a new user
'/new_PM/([^/]+)' => 'new_pm', // create a new pm
'/PM/(\d+)(/reply)?' => 'pm', // read a pm
'/inbox' => 'inbox', // pm inbox
2012-04-13 02:41:30 +02:00
2012-05-06 04:44:37 +02:00
'/noticeboard' => 'noticeboard', // view noticeboard
'/noticeboard/(\d+)' => 'noticeboard', // view noticeboard
'/noticeboard/delete/(\d+)' => 'noticeboard_delete',// delete from noticeboard
'/log' => 'log', // modlog
'/log/(\d+)' => 'log', // modlog
2012-08-27 14:13:47 +02:00
'/log:([^/]+)' => 'user_log', // modlog
'/log:([^/]+)/(\d+)' => 'user_log', // modlog
2012-05-06 04:44:37 +02:00
'/news' => 'news', // view news
'/news/(\d+)' => 'news', // view news
'/news/delete/(\d+)' => 'news_delete', // delete from news
2012-05-05 17:33:10 +02:00
2013-07-31 08:08:55 +02:00
'/edit/(\%b)' => 'edit_board', // edit board details
2012-05-06 04:44:37 +02:00
'/new-board' => 'new_board', // create a new board
2012-05-05 17:33:10 +02:00
2012-05-06 04:44:37 +02:00
'/rebuild' => 'rebuild', // rebuild static files
'/reports' => 'reports', // report queue
'/reports/(\d+)/dismiss(all)?' => 'report_dismiss', // dismiss a report
2012-05-06 04:44:37 +02:00
'/IP/([\w.:]+)' => 'ip', // view ip address
'/IP/([\w.:]+)/remove_note/(\d+)' => 'ip_remove_note', // remove note from ip address
'/bans' => 'bans', // ban list
'/bans/(\d+)' => 'bans', // ban list
'/search' => 'search_redirect', // search
2013-07-20 18:05:42 +02:00
'/search/(posts|IP_notes|bans|log)/(.+)/(\d+)' => 'search', // search
'/search/(posts|IP_notes|bans|log)/(.+)' => 'search', // search
2012-08-27 07:19:05 +02:00
// CSRF-protected moderator actions
'/ban' => 'secure_POST ban', // new ban
2013-07-31 08:08:55 +02:00
'/(\%b)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
'/(\%b)/move/(\d+)' => 'secure_POST move', // move thread
'/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
'/(\%b)/delete/(\d+)' => 'secure delete', // delete post
'/(\%b)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
'/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
'/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread
'/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread
'/(\%b)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread
2012-04-16 12:11:10 +02:00
2012-08-12 16:18:13 +02:00
'/themes' => 'themes_list', // manage themes
'/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme
'/themes/(\w+)/rebuild' => 'theme_rebuild', // rebuild theme
'/themes/(\w+)/uninstall' => 'theme_uninstall', // uninstall theme
2012-05-20 12:20:50 +02:00
'/config' => 'config', // config editor
2012-04-16 12:11:10 +02:00
// these pages aren't listed in the dashboard without $config['debug']
2012-05-06 04:44:37 +02:00
'/debug/antispam' => 'debug_antispam',
'/debug/recent' => 'debug_recent_posts',
2013-01-25 13:57:51 +01:00
'/debug/sql' => 'secure_POST debug_sql',
2012-04-11 18:49:22 +02:00
2012-04-12 18:11:41 +02:00
// This should always be at the end:
2013-07-31 08:08:55 +02:00
'/(\%b)/' => 'view_board',
'/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board',
'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board',
'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
2012-05-06 04:44:37 +02:00
str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
2012-04-12 18:11:41 +02:00
);
2012-05-05 17:33:10 +02:00
if (!$mod) {
$pages = array('!^(.+)?$!' => 'login');
2012-05-05 17:33:10 +02:00
} elseif (isset($_GET['status'], $_GET['r'])) {
2012-05-06 04:29:54 +02:00
header('Location: ' . $_GET['r'], true, (int)$_GET['status']);
2012-05-06 04:44:37 +02:00
exit;
}
if (isset($config['mod']['custom_pages'])) {
2012-05-05 17:33:10 +02:00
$pages = array_merge($pages, $config['mod']['custom_pages']);
}
2012-04-12 18:11:41 +02:00
2012-05-06 04:44:37 +02:00
$new_pages = array();
foreach ($pages as $key => $callback) {
if (is_string($callback) && preg_match('/^secure /', $callback))
2012-08-27 07:19:05 +02:00
$key .= '(/(?P<token>[a-f0-9]{8}))?';
2013-07-31 08:08:55 +02:00
$key = str_replace('\%b', $config['board_regex'], $key);
$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
2012-05-06 04:44:37 +02:00
}
$pages = $new_pages;
2012-04-12 18:11:41 +02:00
foreach ($pages as $uri => $handler) {
if (preg_match($uri, $query, $matches)) {
$matches = array_slice($matches, 1);
if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {
2012-08-27 07:19:05 +02:00
$secure_post_only = isset($m[1]);
if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') {
$token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false);
if ($token === false) {
if ($secure_post_only)
error($config['error']['csrf']);
else {
mod_confirm(substr($query, 1));
exit;
}
}
// CSRF-protected page; validate security token
$actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);
if ($token != make_secure_link_token(substr($actual_query, 1))) {
error($config['error']['csrf']);
}
}
$handler = preg_replace('/^secure(_POST)? /', '', $handler);
}
2012-04-12 18:11:41 +02:00
if ($config['debug']) {
$debug['mod_page'] = array(
'req' => $query,
'match' => $uri,
'handler' => $handler
2012-04-11 18:49:22 +02:00
);
}
2012-05-05 17:33:10 +02:00
if (is_string($handler)) {
if ($handler[0] == ':') {
header('Location: ' . substr($handler, 1), true, $config['redirect_http']);
} elseif (is_callable("mod_page_$handler")) {
call_user_func_array("mod_page_$handler", $matches);
} elseif (is_callable("mod_$handler")) {
call_user_func_array("mod_$handler", $matches);
} else {
error("Mod page '$handler' not found!");
}
} elseif (is_callable($handler)) {
call_user_func_array($handler, $matches);
2012-04-11 18:49:22 +02:00
} else {
2012-05-05 17:33:10 +02:00
error("Mod page '$handler' not a string, and not callable!");
2012-04-11 18:49:22 +02:00
}
2012-04-12 18:11:41 +02:00
exit;
2010-12-01 11:53:11 +01:00
}
2012-04-11 18:49:22 +02:00
}
2012-04-12 18:11:41 +02:00
error($config['error']['404']);