2011-06-15 19:11:52 +02:00
< ? php
2010-11-05 17:46:20 +01:00
require 'inc/functions.php' ;
require 'inc/display.php' ;
2010-11-30 09:21:06 +01:00
require 'inc/template.php' ;
2010-12-17 15:18:03 +01:00
require 'inc/database.php' ;
2010-11-05 17:46:20 +01:00
require 'inc/user.php' ;
2010-11-26 10:21:00 +01:00
// Fix for magic quotes
2010-11-05 17:46:20 +01:00
if ( get_magic_quotes_gpc ()) {
2010-11-26 10:20:04 +01:00
function strip_array ( $var ) {
2010-11-05 17:46:20 +01:00
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-01-21 03:14:11 +01:00
if ( isset ( $_POST [ 'delete' ])) {
// Delete
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ])
)
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'bot' ]);
2011-01-21 03:14:11 +01:00
2011-05-25 11:08:09 +02:00
$password = & $_POST [ 'password' ];
2011-01-21 03:14:11 +01:00
if ( empty ( $password ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-01-21 03:14:11 +01:00
$delete = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$delete [] = ( int ) $m [ 1 ];
}
}
2011-05-19 09:37:23 +02:00
checkDNSBL ();
2011-01-21 03:14:11 +01:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-21 03:14:11 +01:00
2011-07-27 05:40:27 +02:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-01-21 03:14:11 +01:00
if ( empty ( $delete ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nodelete' ]);
2011-01-21 03:14:11 +01:00
foreach ( $delete as & $id ) {
2011-04-05 07:57:01 +02:00
$query = prepare ( sprintf ( " SELECT `time`,`password` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-01-21 03:14:11 +01:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
if ( ! empty ( $password ) && $post [ 'password' ] != $password )
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-04-05 07:57:01 +02:00
if ( $post [ 'time' ] >= time () - $config [ 'delete_time' ]) {
error ( sprintf ( $config [ 'error' ][ 'delete_too_soon' ], until ( $post [ 'time' ] + $config [ 'delete_time' ])));
}
2011-01-21 03:14:11 +01:00
if ( isset ( $_POST [ 'file' ])) {
// Delete just the file
deleteFile ( $id );
} else {
// Delete entire post
deletePost ( $id );
}
}
}
buildIndex ();
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-12 07:25:15 +01:00
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-21 03:14:11 +01:00
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-02-20 07:19:57 +01:00
} elseif ( isset ( $_POST [ 'report' ])) {
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ]) ||
! isset ( $_POST [ 'reason' ])
)
error ( $config [ 'error' ][ 'bot' ]);
$report = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$report [] = ( int ) $m [ 1 ];
}
}
2011-05-19 09:37:23 +02:00
checkDNSBL ();
2011-02-20 07:19:57 +01:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
error ( $config [ 'error' ][ 'noboard' ]);
2011-07-27 05:40:27 +02:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-02-20 07:19:57 +01:00
if ( empty ( $report ))
error ( $config [ 'error' ][ 'noreport' ]);
if ( count ( $report ) > $config [ 'report_limit' ])
error ( $config [ 'error' ][ 'toomanyreports' ]);
2011-05-25 11:08:09 +02:00
$reason = & $_POST [ 'reason' ];
2011-02-20 08:28:39 +01:00
markup ( $reason );
2011-02-20 07:19:57 +01:00
foreach ( $report as & $id ) {
$query = prepare ( sprintf ( " SELECT 1 FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
$query = prepare ( " INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason) " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':ip' , $_SERVER [ 'REMOTE_ADDR' ], PDO :: PARAM_STR );
$query -> bindValue ( ':board' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':post' , $id , PDO :: PARAM_INT );
2011-02-20 08:28:39 +01:00
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-02-20 07:19:57 +01:00
$query -> execute () or error ( db_error ( $query ));
}
}
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-21 03:14:11 +01:00
} elseif ( isset ( $_POST [ 'post' ])) {
2010-11-05 17:46:20 +01:00
if ( ! isset ( $_POST [ 'name' ]) ||
! isset ( $_POST [ 'email' ]) ||
! isset ( $_POST [ 'subject' ]) ||
! isset ( $_POST [ 'body' ]) ||
2010-11-30 10:40:37 +01:00
! isset ( $_POST [ 'board' ]) ||
2010-11-05 17:46:20 +01:00
! isset ( $_POST [ 'password' ])
2011-02-12 07:25:15 +01:00
) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
2010-11-30 13:17:26 +01:00
$post = Array ( 'board' => $_POST [ 'board' ]);
2010-11-05 17:46:20 +01:00
if ( isset ( $_POST [ 'thread' ])) {
$OP = false ;
$post [ 'thread' ] = round ( $_POST [ 'thread' ]);
} else $OP = true ;
2011-02-12 07:25:15 +01:00
if ( ! (( $OP && $_POST [ 'post' ] == $config [ 'button_newtopic' ]) ||
( ! $OP && $_POST [ 'post' ] == $config [ 'button_reply' ])))
error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
// Check the referrer
if ( $OP ) {
2011-02-12 07:25:15 +01:00
if ( ! isset ( $_SERVER [ 'HTTP_REFERER' ]) || ! preg_match ( $config [ 'url_match' ], $_SERVER [ 'HTTP_REFERER' ])) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
}
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method.
/*
// Check if he has a valid cookie.
2011-02-12 07:25:15 +01:00
if ( ! $user [ 'valid' ]) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
// Check how long he has been here.
if ( time () - $user [ 'appeared' ] < LURKTIME ) error ( ERROR_LURK );
*/
2011-05-19 09:37:23 +02:00
checkDNSBL ();
2011-01-19 02:37:31 +01:00
2010-11-30 13:17:26 +01:00
// Check if board exists
if ( ! openBoard ( $post [ 'board' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-11-30 13:17:26 +01:00
2011-07-27 05:40:27 +02:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-06-15 20:59:16 +02:00
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ( $config [ 'recaptcha' ]) {
if ( ! isset ( $_POST [ 'recaptcha_challenge_field' ]) || ! isset ( $_POST [ 'recaptcha_response_field' ]))
error ( $config [ 'error' ][ 'bot' ]);
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer ( $config [ 'recaptcha_private' ],
$_SERVER [ 'REMOTE_ADDR' ],
$_POST [ 'recaptcha_challenge_field' ],
$_POST [ 'recaptcha_response_field' ]);
if ( ! $resp -> is_valid ) {
error ( $config [ 'error' ][ 'captcha' ]);
}
}
2011-09-15 12:34:45 +02:00
if ( checkSpam ())
error ( $config [ 'error' ][ 'spam' ]);
2011-02-17 15:27:20 +01:00
2011-02-16 10:37:57 +01:00
if ( $config [ 'robot_enable' ] && $config [ 'robot_mute' ]) {
checkMute ();
}
2011-01-20 09:24:41 +01:00
2010-11-30 13:17:26 +01:00
//Check if thread exists
if ( ! $OP && ! threadExists ( $post [ 'thread' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nonexistant' ]);
2011-05-18 09:05:48 +02:00
// Check for an embed field
2011-05-25 11:08:09 +02:00
if ( $config [ 'enable_embedding' ] && isset ( $_POST [ 'embed' ]) && ! empty ( $_POST [ 'embed' ])) {
2011-05-18 09:05:48 +02:00
// yep; validate it
2011-05-25 11:08:09 +02:00
$value = & $_POST [ 'embed' ];
2011-05-18 09:05:48 +02:00
foreach ( $config [ 'embedding' ] as & $embed ) {
if ( $html = preg_replace ( $embed [ 0 ], $embed [ 1 ], $value )) {
if ( $html == $value ) {
// Nope.
continue ;
}
// Width and height
$html = str_replace ( '%%tb_width%%' , $config [ 'embed_width' ], $html );
$html = str_replace ( '%%tb_height%%' , $config [ 'embed_height' ], $html );
// Validated. It works.
$post [ 'embed' ] = $html ;
// This looks messy right now, I know. I'll work on a better alternative later.
$post [ 'no_longer_require_an_image_for_op' ] = true ;
2011-05-25 11:11:22 +02:00
break ;
2011-05-18 09:05:48 +02:00
}
}
if ( ! isset ( $post [ 'embed' ])) {
error ( $config [ 'error' ][ 'invalid_embed' ]);
}
}
2010-11-05 17:46:20 +01:00
// Check for a file
2011-05-18 09:05:48 +02:00
if ( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) {
2010-11-05 17:46:20 +01:00
if ( ! isset ( $_FILES [ 'file' ][ 'tmp_name' ]) || empty ( $_FILES [ 'file' ][ 'tmp_name' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noimage' ]);
2010-11-05 17:46:20 +01:00
}
2011-02-17 10:12:09 +01:00
$post [ 'name' ] = ( ! empty ( $_POST [ 'name' ]) ? $_POST [ 'name' ] : $config [ 'anonymous' ]);
2011-05-25 11:08:09 +02:00
$post [ 'subject' ] = & $_POST [ 'subject' ];
2010-11-05 17:46:20 +01:00
$post [ 'email' ] = utf8tohtml ( $_POST [ 'email' ]);
2011-05-25 11:08:09 +02:00
$post [ 'body' ] = & $_POST [ 'body' ];
$post [ 'password' ] = & $_POST [ 'password' ];
2011-05-25 11:11:22 +02:00
$post [ 'has_file' ] = ! isset ( $post [ 'embed' ]) && (( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) || ( isset ( $_FILES [ 'file' ]) && ! empty ( $_FILES [ 'file' ][ 'tmp_name' ])));
2011-02-22 16:21:16 +01:00
2011-02-22 01:14:07 +01:00
$post [ 'mod' ] = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-22 16:21:16 +01:00
if ( $post [ 'has_file' ])
2011-03-27 13:35:42 +02:00
$post [ 'filename' ] = utf8tohtml ( get_magic_quotes_gpc () ? stripslashes ( $_FILES [ 'file' ][ 'name' ]) : $_FILES [ 'file' ][ 'name' ]);
2011-09-15 12:32:49 +02:00
elseif ( empty ( $post [ 'body' ]))
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-01-02 11:10:33 +01:00
2011-02-22 01:09:43 +01:00
if ( $config [ 'force_body' ] && empty ( $post [ 'body' ]))
2011-02-19 09:45:54 +01:00
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-01-19 02:37:31 +01:00
2011-09-15 12:32:49 +02:00
if ( $config [ 'force_body' ] && ! empty ( $post [ 'body' ])) {
2011-02-22 01:09:43 +01:00
$stripped_whitespace = preg_replace ( '/[\s]/u' , '' , $post [ 'body' ]);
if ( empty ( $stripped_whitespace ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
}
2011-01-02 11:10:33 +01:00
if ( $post [ 'mod' ]) {
require 'inc/mod.php' ;
if ( ! $mod ) {
// Liar. You're not a mod.
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'notamod' ]);
2011-01-02 11:10:33 +01:00
}
2011-01-02 11:15:59 +01:00
2011-01-02 12:30:49 +01:00
$post [ 'sticky' ] = $OP && isset ( $_POST [ 'sticky' ]);
$post [ 'locked' ] = $OP && isset ( $_POST [ 'lock' ]);
2011-02-03 10:28:14 +01:00
$post [ 'raw' ] = isset ( $_POST [ 'raw' ]);
2011-01-02 15:15:55 +01:00
2011-02-12 07:25:15 +01:00
if ( $post [ 'sticky' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'locked' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'raw' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'rawhtml' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 11:10:33 +01:00
}
2010-11-05 17:46:20 +01:00
2011-01-02 15:33:57 +01:00
// Check if thread is locked
// but allow mods to post
2011-02-12 07:25:15 +01:00
if ( ! $OP && ( ! $mod || $mod [ 'type' ] < $config [ 'mod' ][ 'postinlocked' ])) {
2011-01-02 15:41:14 +01:00
if ( threadLocked ( $post [ 'thread' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'locked' ]);
2011-01-02 15:33:57 +01:00
}
2010-11-05 17:46:20 +01:00
if ( $post [ 'has_file' ]) {
$size = $_FILES [ 'file' ][ 'size' ];
2011-02-12 07:25:15 +01:00
if ( $size > $config [ 'max_filesize' ])
error ( sprintf3 ( $config [ 'error' ][ 'filesize' ], array (
2010-11-04 16:20:19 +01:00
'sz' => commaize ( $size ),
'filesz' => commaize ( $size ),
2011-02-12 07:25:15 +01:00
'maxsz' => commaize ( $config [ 'max_filesize' ]))));
2010-11-05 17:46:20 +01:00
}
2011-02-12 07:25:15 +01:00
if ( $mod && $mod [ 'type' ] >= MOD && preg_match ( '/^((.+) )?## (.+)$/' , $post [ 'name' ], $match )) {
if (( $mod [ 'type' ] == MOD && $match [ 3 ] == 'Mod' ) || $mod [ 'type' ] >= ADMIN ) {
2011-04-12 13:08:54 +02:00
$post [ 'capcode' ] = utf8tohtml ( $match [ 3 ]);
2011-02-17 10:12:09 +01:00
$post [ 'name' ] = ! empty ( $match [ 2 ]) ? $match [ 2 ] : $config [ 'anonymous' ];
2011-01-19 02:37:31 +01:00
}
} else {
2011-04-12 13:08:54 +02:00
$post [ 'capcode' ] = false ;
2011-01-19 02:37:31 +01:00
}
2010-11-05 17:46:20 +01:00
$trip = generate_tripcode ( $post [ 'name' ]);
2011-05-25 11:08:09 +02:00
$post [ 'name' ] = & $trip [ 0 ];
2010-11-05 17:46:20 +01:00
$post [ 'trip' ] = ( isset ( $trip [ 1 ]) ? $trip [ 1 ] : '' );
2011-03-28 06:52:02 +02:00
if ( strtolower ( $post [ 'email' ]) == 'noko' ) {
2010-11-05 17:46:20 +01:00
$noko = true ;
$post [ 'email' ] = '' ;
} else $noko = false ;
if ( $post [ 'has_file' ]) {
$post [ 'extension' ] = strtolower ( substr ( $post [ 'filename' ], strrpos ( $post [ 'filename' ], '.' ) + 1 ));
2011-02-03 10:28:14 +01:00
$post [ 'file_id' ] = time () . rand ( 100 , 999 );
2011-02-12 07:25:15 +01:00
$post [ 'file' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'img' ] . $post [ 'file_id' ] . '.' . $post [ 'extension' ];
2011-04-12 20:08:59 +02:00
$post [ 'thumb' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ] . $post [ 'file_id' ] . '.' . ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ]);
2010-11-05 17:46:20 +01:00
}
// Check string lengths
2011-02-12 07:25:15 +01:00
if ( strlen ( $post [ 'name' ]) > 50 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'name' ));
2011-02-17 11:20:04 +01:00
if ( strlen ( $post [ 'email' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'email' ));
2011-08-27 04:11:34 +02:00
if ( strlen ( $post [ 'subject' ]) > 100 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subject' ));
2011-03-26 08:43:19 +01:00
if ( ! $mod && strlen ( $post [ 'body' ]) > $config [ 'max_body' ]) error ( $config [ 'error' ][ 'toolong_body' ]);
2011-09-15 12:34:45 +02:00
if ( $config [ 'force_body_op' ] && empty ( $post [ 'body' ])) error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-02-12 07:25:15 +01:00
if ( strlen ( $post [ 'password' ]) > 20 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'password' ));
2010-11-05 17:46:20 +01:00
2011-04-06 11:18:36 +02:00
wordfilters ( $post [ 'body' ]);
2011-01-20 09:24:41 +01:00
$post [ 'body_nomarkup' ] = $post [ 'body' ];
2011-02-03 10:28:14 +01:00
2011-06-11 08:08:29 +02:00
if ( ! ( $mod && isset ( $post [ 'raw' ]) && $post [ 'raw' ]))
2011-02-03 10:28:14 +01:00
markup ( $post [ 'body' ]);
2010-11-05 17:46:20 +01:00
2011-01-18 07:11:28 +01:00
// Check for a flood
2011-09-15 12:34:45 +02:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'flood' ]) && checkFlood ( $post )) {
error ( $config [ 'error' ][ 'flood' ]);
}
2011-01-18 14:41:43 +01:00
2011-03-26 12:50:03 +01:00
// Custom anti-spam filters
if ( isset ( $config [ 'flood_filters' ])) {
foreach ( $config [ 'flood_filters' ] as & $filter ) {
2011-03-27 11:38:11 +02:00
unset ( $did_not_match );
2011-03-26 12:50:03 +01:00
// Set up default stuff
if ( ! isset ( $filter [ 'action' ]))
$filter [ 'action' ] = 'reject' ;
if ( ! isset ( $filter [ 'message' ]))
$filter [ 'message' ] = 'Posting throttled by flood filter.' ;
2011-09-17 19:17:54 +02:00
foreach ( $filter [ 'condition' ] as $condition => $value ) {
2011-03-26 12:50:03 +01:00
if ( $condition == 'posts_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X posts in the past X minutes (on this board)
$query = prepare ( sprintf ( " SELECT COUNT(*) AS `posts` FROM `posts_%s` WHERE `time` >= :time " , $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
} elseif ( $condition == 'threads_with_no_replies_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X new empty threads posted in the past X minutes (on this board)
// Confusing query. I couldn't think of anything simpler...
$query = prepare ( sprintf ( " SELECT ((SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL AND `time` >= :time) - COUNT(DISTINCT(`threads`.`id`))) AS `posts` FROM `posts_%s` AS `threads` INNER JOIN `posts_%s` AS `replies` ON `replies`.`thread` = `threads`.`id` WHERE `threads`.`thread` IS NULL AND `threads`.`time` >= :time " , $board [ 'uri' ], $board [ 'uri' ], $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
2011-03-27 14:06:57 +02:00
} elseif ( $condition == 'name' ) {
if ( preg_match ( $value , $post [ 'name' ]))
continue ;
} elseif ( $condition == 'trip' ) {
if ( preg_match ( $value , $post [ 'trip' ]))
continue ;
} elseif ( $condition == 'email' ) {
if ( preg_match ( $value , $post [ 'email' ]))
continue ;
} elseif ( $condition == 'subject' ) {
if ( preg_match ( $value , $post [ 'subject' ]))
continue ;
} elseif ( $condition == 'body' ) {
if ( preg_match ( $value , $post [ 'body_nomarkup' ]))
continue ;
2011-03-27 14:23:12 +02:00
} elseif ( $condition == 'extension' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'extension' ]))
continue ;
} elseif ( $condition == 'filename' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'filename' ]))
continue ;
} elseif ( $condition == 'has_file' ) {
if ( $value == $post [ 'has_file' ])
continue ;
} elseif ( $condition == 'ip' ) {
2011-03-27 14:13:24 +02:00
if ( preg_match ( $value , $_SERVER [ 'REMOTE_ADDR' ]))
continue ;
2011-03-26 12:50:03 +01:00
} elseif ( $condition == 'OP' ) {
// Am I OP?
2011-03-27 11:38:11 +02:00
if ( $value == $OP )
2011-03-26 12:50:03 +01:00
continue ;
} else {
// Unknown block
continue ;
}
$did_not_match = true ;
break ;
}
2011-09-17 19:17:54 +02:00
if ( ! isset ( $did_not_match )) {
// Matched filter!
if ( isset ( $filter ) && $filter [ 'action' ] == 'reject' ) {
error ( $filter [ 'message' ]);
}
2011-03-26 12:50:03 +01:00
}
}
}
2010-11-05 17:46:20 +01:00
if ( $post [ 'has_file' ]) {
2011-04-13 12:57:41 +02:00
if ( ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext' ]) && ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]))
error ( $config [ 'error' ][ 'unknownext' ]);
if ( in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]))
$__file = true ;
2010-11-05 17:46:20 +01:00
// Just trim the filename if it's too long
if ( strlen ( $post [ 'filename' ]) > 30 ) $post [ 'filename' ] = substr ( $post [ 'filename' ], 0 , 27 ) . '…' ;
// Move the uploaded file
2011-02-12 07:25:15 +01:00
if ( !@ move_uploaded_file ( $_FILES [ 'file' ][ 'tmp_name' ], $post [ 'file' ])) error ( $config [ 'error' ][ 'nomove' ]);
2010-11-05 17:46:20 +01:00
2011-04-13 12:57:41 +02:00
if ( ! isset ( $__file )) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents ( $post [ 'file' ], null , null , null , 255 );
if ( preg_match ( $config [ 'ie_mime_type_detection' ], $buffer )) {
undoImage ( $post );
error ( $config [ 'error' ][ 'mime_exploit' ]);
}
2011-04-12 14:58:01 +02:00
2011-07-12 12:29:35 +02:00
require_once 'inc/image.php' ;
2011-08-24 10:22:07 +02:00
if ( $config [ 'imagick' ]) {
// This is tricky, because Imagick won't let us find
// an image's dimensions without loading it all into
// memory first, unlike GD which provides the
// getimagesize() to do exactly that. This section
// is why GD is required, even when using Imagick
// instead. There doesn't seem to be an alternative.
// Necessary for security, as Imagick even ignores
// PHP's memory limit.
// first try GD's getimagesize()
if ( $size = @ getimagesize ( $post [ 'file' ])) {
if ( $size [ 0 ] > $config [ 'max_width' ] || $size [ 1 ] > $config [ 'max_height' ]) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'maxsize' ]);
}
} else {
// GD failed
// TODO?
}
} else {
// find dimensions of an image using GD
if ( ! $size = @ getimagesize ( $post [ 'file' ])) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'invalidimg' ]);
}
if ( $size [ 0 ] > $config [ 'max_width' ] || $size [ 1 ] > $config [ 'max_height' ]) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'maxsize' ]);
}
}
2011-07-12 12:29:35 +02:00
// create image object
$image = new Image ( $post [ 'file' ], $post [ 'extension' ]);
if ( $image -> size -> width > $config [ 'max_width' ] || $image -> size -> height > $config [ 'max_height' ]) {
$image -> delete ();
error ( $config [ 'error' ][ 'maxsize' ]);
}
2011-07-18 14:06:24 +02:00
$post [ 'width' ] = $image -> size -> width ;
$post [ 'height' ] = $image -> size -> height ;
2011-07-12 12:29:35 +02:00
if ( $config [ 'minimum_copy_resize' ] &&
$image -> size -> width <= $config [ 'thumb_width' ] &&
$image -> size -> height <= $config [ 'thumb_height' ] &&
$post [ 'extension' ] == ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ])) {
2011-04-13 12:57:41 +02:00
// Copy, because there's nothing to resize
copy ( $post [ 'file' ], $post [ 'thumb' ]);
2011-07-12 12:29:35 +02:00
$post [ 'thumbwidth' ] = $image -> size -> width ;
$post [ 'thumbheight' ] = $image -> size -> height ;
2011-04-13 12:57:41 +02:00
} else {
2011-07-12 12:29:35 +02:00
$thumb = $image -> resize ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ], $config [ 'thumb_width' ], $config [ 'thumb_height' ]);
$thumb -> to ( $post [ 'thumb' ]);
2011-04-13 12:57:41 +02:00
2011-07-12 12:29:35 +02:00
$post [ 'thumbwidth' ] = $thumb -> width ;
$post [ 'thumbheight' ] = $thumb -> height ;
2011-07-18 14:06:24 +02:00
2011-07-12 12:29:35 +02:00
$thumb -> _destroy ();
2011-04-13 12:57:41 +02:00
}
2011-07-12 12:29:35 +02:00
$image -> destroy ();
2011-04-13 12:57:41 +02:00
} else {
copy ( $config [ 'file_thumb' ], $post [ 'thumb' ]);
$size = @ getimagesize ( $post [ 'thumb' ]);
$post [ 'thumbwidth' ] = $size [ 0 ];
$post [ 'thumbheight' ] = $size [ 1 ];
2011-04-12 14:58:01 +02:00
}
2011-04-13 12:57:41 +02:00
$post [ 'filehash' ] = $config [ 'file_hash' ]( $post [ 'file' ]);
$post [ 'filesize' ] = filesize ( $post [ 'file' ]);
2010-11-05 17:46:20 +01:00
}
2011-02-19 10:39:13 +01:00
if ( $post [ 'has_file' ] && $config [ 'image_reject_repost' ] && $p = getPostByHash ( $post [ 'filehash' ])) {
2011-02-19 09:45:54 +01:00
undoImage ( $post );
error ( sprintf ( $config [ 'error' ][ 'fileexists' ],
$post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ] .
$board [ 'dir' ] . $config [ 'dir' ][ 'res' ] .
2011-02-19 09:48:13 +01:00
( $p [ 'thread' ] ?
$p [ 'thread' ] . '.html#' . $p [ 'id' ]
2011-02-19 09:45:54 +01:00
:
2011-02-19 09:48:13 +01:00
$p [ 'id' ] . '.html'
2011-02-19 09:45:54 +01:00
)
));
}
2011-03-14 12:30:42 +01:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'postunoriginal' ]) && $config [ 'robot_enable' ] && checkRobot ( $post [ 'body_nomarkup' ])) {
undoImage ( $post );
if ( $config [ 'robot_mute' ]) {
error ( sprintf ( $config [ 'error' ][ 'muted' ], mute ()));
} else {
error ( $config [ 'error' ][ 'unoriginal' ]);
}
}
2010-11-05 17:46:20 +01:00
// Remove DIR_* before inserting them into the database.
2010-11-30 09:25:50 +01:00
if ( $post [ 'has_file' ]) {
2011-02-12 07:25:15 +01:00
$post [ 'file' ] = substr_replace ( $post [ 'file' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'img' ]));
$post [ 'thumb' ] = substr_replace ( $post [ 'thumb' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ]));
2010-11-30 09:25:50 +01:00
}
2010-11-05 17:46:20 +01:00
// Todo: Validate some more, remove messy code, allow more specific configuration
$id = post ( $post , $OP );
2011-02-03 10:28:14 +01:00
buildThread (( $OP ? $id : $post [ 'thread' ]));
2011-02-12 07:25:15 +01:00
if ( ! $OP && strtolower ( $post [ 'email' ]) != 'sage' && ( $config [ 'reply_limit' ] == 0 || numPosts ( $post [ 'thread' ]) < $config [ 'reply_limit' ])) {
2011-02-03 10:28:14 +01:00
bumpThread ( $post [ 'thread' ]);
2010-11-05 17:46:20 +01:00
}
2011-01-18 14:41:43 +01:00
if ( $OP )
clean ();
2010-11-05 17:46:20 +01:00
buildIndex ();
2011-04-22 16:38:25 +02:00
if ( isset ( $_SERVER [ 'HTTP_REFERER' ])) {
// Tell Javascript that we posted successfully
if ( isset ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]))
$js = json_decode ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]);
else
$js = ( object ) Array ();
// Tell it to delete the cached post for referer
$js -> { $_SERVER [ 'HTTP_REFERER' ]} = true ;
// Encode and set cookie
setcookie ( $config [ 'cookies' ][ 'js' ], json_encode ( $js ), 0 , $config [ 'cookies' ][ 'jail' ] ? $config [ 'cookies' ][ 'path' ] : '/' , null , false , false );
}
2011-04-06 10:31:26 +02:00
2011-02-12 07:25:15 +01:00
$root = $post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-02 11:15:59 +01:00
2011-02-12 07:25:15 +01:00
if ( $config [ 'always_noko' ] || $noko ) {
2011-05-20 14:44:11 +02:00
$redirect = $root . $board [ 'dir' ] . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $OP ? $id : $post [ 'thread' ]) . ( ! $OP ? '#' . $id : '' );
2010-11-05 17:46:20 +01:00
} else {
2011-04-19 17:50:35 +02:00
$redirect = $root . $board [ 'dir' ] . $config [ 'file_index' ];
2010-11-05 17:46:20 +01:00
}
2011-05-27 17:43:04 +02:00
rebuildThemes ( 'post' );
2011-04-19 17:50:35 +02:00
header ( 'Location: ' . $redirect , true , $config [ 'redirect_http' ]);
2010-11-05 17:46:20 +01:00
exit ;
} else {
2011-02-12 07:25:15 +01:00
if ( ! file_exists ( $config [ 'has_installed' ])) {
2011-04-22 16:38:25 +02:00
2010-11-30 10:40:37 +01:00
// Build all boards
2010-12-17 15:18:03 +01:00
$boards = listBoards ();
foreach ( $boards as & $_board ) {
2010-11-30 10:40:37 +01:00
setupBoard ( $_board );
buildIndex ();
}
2011-02-12 07:25:15 +01:00
touch ( $config [ 'has_installed' ], 0777 );
2010-11-30 10:40:37 +01:00
die ( Element ( 'page.html' , Array (
'index' => ROOT ,
'title' => 'Success' ,
'body' => " <center> " .
" <h2>Tinyboard is now installed!</h2> " .
" </center> "
)));
} else {
// They opened post.php in their browser manually.
// Possible TODO: Redirect back to homepage.
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nopost' ]);
2010-11-05 17:46:20 +01:00
}
}
?>