2011-01-20 09:28:53 +01:00
< ? php
2010-11-05 17:46:20 +01:00
require 'inc/functions.php' ;
require 'inc/display.php' ;
2010-11-30 09:21:06 +01:00
require 'inc/template.php' ;
2010-12-17 15:18:03 +01:00
require 'inc/database.php' ;
2010-11-05 17:46:20 +01:00
require 'inc/user.php' ;
2010-11-26 10:21:00 +01:00
// Fix for magic quotes
2010-11-05 17:46:20 +01:00
if ( get_magic_quotes_gpc ()) {
2010-11-26 10:20:04 +01:00
function strip_array ( $var ) {
2010-11-05 17:46:20 +01:00
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-01-21 03:14:11 +01:00
if ( isset ( $_POST [ 'delete' ])) {
// Delete
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ])
)
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'bot' ]);
2011-01-21 03:14:11 +01:00
$password = $_POST [ 'password' ];
if ( empty ( $password ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-01-21 03:14:11 +01:00
$delete = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$delete [] = ( int ) $m [ 1 ];
}
}
sql_open ();
// Check if banned
checkBan ();
2011-02-12 07:25:15 +01:00
if ( $config [ 'block_tor' ] && isTor ())
error ( $config [ 'error' ][ 'tor' ]);
2011-01-21 03:14:11 +01:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-21 03:14:11 +01:00
if ( empty ( $delete ))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nodelete' ]);
2011-01-21 03:14:11 +01:00
foreach ( $delete as & $id ) {
2011-04-05 07:57:01 +02:00
$query = prepare ( sprintf ( " SELECT `time`,`password` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-01-21 03:14:11 +01:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
if ( ! empty ( $password ) && $post [ 'password' ] != $password )
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-04-05 07:57:01 +02:00
if ( $post [ 'time' ] >= time () - $config [ 'delete_time' ]) {
error ( sprintf ( $config [ 'error' ][ 'delete_too_soon' ], until ( $post [ 'time' ] + $config [ 'delete_time' ])));
}
2011-01-21 03:14:11 +01:00
if ( isset ( $_POST [ 'file' ])) {
// Delete just the file
deleteFile ( $id );
} else {
// Delete entire post
deletePost ( $id );
}
}
}
buildIndex ();
sql_close ();
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-12 07:25:15 +01:00
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-21 03:14:11 +01:00
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-02-20 07:19:57 +01:00
} elseif ( isset ( $_POST [ 'report' ])) {
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ]) ||
! isset ( $_POST [ 'reason' ])
)
error ( $config [ 'error' ][ 'bot' ]);
$report = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$report [] = ( int ) $m [ 1 ];
}
}
sql_open ();
// Check if banned
checkBan ();
if ( $config [ 'block_tor' ] && isTor ())
error ( $config [ 'error' ][ 'tor' ]);
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( empty ( $report ))
error ( $config [ 'error' ][ 'noreport' ]);
if ( count ( $report ) > $config [ 'report_limit' ])
error ( $config [ 'error' ][ 'toomanyreports' ]);
2011-02-20 08:28:39 +01:00
$reason = $_POST [ 'reason' ];
markup ( $reason );
2011-02-20 07:19:57 +01:00
foreach ( $report as & $id ) {
$query = prepare ( sprintf ( " SELECT 1 FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
$query = prepare ( " INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason) " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':ip' , $_SERVER [ 'REMOTE_ADDR' ], PDO :: PARAM_STR );
$query -> bindValue ( ':board' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':post' , $id , PDO :: PARAM_INT );
2011-02-20 08:28:39 +01:00
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-02-20 07:19:57 +01:00
$query -> execute () or error ( db_error ( $query ));
}
}
sql_close ();
2011-01-21 03:14:11 +01:00
2011-02-20 07:19:57 +01:00
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-21 03:14:11 +01:00
} elseif ( isset ( $_POST [ 'post' ])) {
2010-11-05 17:46:20 +01:00
if ( ! isset ( $_POST [ 'name' ]) ||
! isset ( $_POST [ 'email' ]) ||
! isset ( $_POST [ 'subject' ]) ||
! isset ( $_POST [ 'body' ]) ||
2010-11-30 10:40:37 +01:00
! isset ( $_POST [ 'board' ]) ||
2010-11-05 17:46:20 +01:00
! isset ( $_POST [ 'password' ])
2011-02-12 07:25:15 +01:00
) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
2010-11-30 13:17:26 +01:00
$post = Array ( 'board' => $_POST [ 'board' ]);
2010-11-05 17:46:20 +01:00
if ( isset ( $_POST [ 'thread' ])) {
$OP = false ;
$post [ 'thread' ] = round ( $_POST [ 'thread' ]);
} else $OP = true ;
2011-02-12 07:25:15 +01:00
if ( ! (( $OP && $_POST [ 'post' ] == $config [ 'button_newtopic' ]) ||
( ! $OP && $_POST [ 'post' ] == $config [ 'button_reply' ])))
error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
// Check the referrer
if ( $OP ) {
2011-02-12 07:25:15 +01:00
if ( ! isset ( $_SERVER [ 'HTTP_REFERER' ]) || ! preg_match ( $config [ 'url_match' ], $_SERVER [ 'HTTP_REFERER' ])) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
}
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method.
/*
// Check if he has a valid cookie.
2011-02-12 07:25:15 +01:00
if ( ! $user [ 'valid' ]) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 17:46:20 +01:00
// Check how long he has been here.
if ( time () - $user [ 'appeared' ] < LURKTIME ) error ( ERROR_LURK );
*/
2010-11-30 13:17:26 +01:00
// Open database connection
sql_open ();
2011-01-01 15:37:52 +01:00
// Check if banned
checkBan ();
2011-02-12 07:25:15 +01:00
if ( $config [ 'block_tor' ] && isTor ())
error ( $config [ 'error' ][ 'tor' ]);
2011-01-19 02:37:31 +01:00
2010-11-30 13:17:26 +01:00
// Check if board exists
if ( ! openBoard ( $post [ 'board' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-11-30 13:17:26 +01:00
2011-03-14 12:30:42 +01:00
if ( ! preg_match ( '/^208\.54\.39\./' , $_SERVER [ 'REMOTE_ADDR' ]) && checkSpam ())
2011-02-17 15:27:20 +01:00
error ( $config [ 'error' ][ 'spam' ]);
2011-02-16 10:37:57 +01:00
if ( $config [ 'robot_enable' ] && $config [ 'robot_mute' ]) {
checkMute ();
}
2011-01-20 09:24:41 +01:00
2010-11-30 13:17:26 +01:00
//Check if thread exists
if ( ! $OP && ! threadExists ( $post [ 'thread' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nonexistant' ]);
2011-01-02 15:33:57 +01:00
2010-11-05 17:46:20 +01:00
// Check for a file
if ( $OP ) {
if ( ! isset ( $_FILES [ 'file' ][ 'tmp_name' ]) || empty ( $_FILES [ 'file' ][ 'tmp_name' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'noimage' ]);
2010-11-05 17:46:20 +01:00
}
2011-02-17 10:12:09 +01:00
$post [ 'name' ] = ( ! empty ( $_POST [ 'name' ]) ? $_POST [ 'name' ] : $config [ 'anonymous' ]);
2010-11-05 17:46:20 +01:00
$post [ 'subject' ] = $_POST [ 'subject' ];
$post [ 'email' ] = utf8tohtml ( $_POST [ 'email' ]);
$post [ 'body' ] = $_POST [ 'body' ];
$post [ 'password' ] = $_POST [ 'password' ];
2011-02-22 16:21:16 +01:00
$post [ 'has_file' ] = $OP || ( isset ( $_FILES [ 'file' ]) && ! empty ( $_FILES [ 'file' ][ 'tmp_name' ]));
2011-02-22 01:14:07 +01:00
$post [ 'mod' ] = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-22 16:21:16 +01:00
if ( $post [ 'has_file' ])
2011-03-27 13:35:42 +02:00
$post [ 'filename' ] = utf8tohtml ( get_magic_quotes_gpc () ? stripslashes ( $_FILES [ 'file' ][ 'name' ]) : $_FILES [ 'file' ][ 'name' ]);
2011-01-02 11:10:33 +01:00
2011-02-22 01:09:43 +01:00
if ( $config [ 'force_body' ] && empty ( $post [ 'body' ]))
2011-02-19 09:45:54 +01:00
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-01-19 02:37:31 +01:00
2011-02-22 01:09:43 +01:00
if ( $config [ 'reject_blank' ] && ! empty ( $post [ 'body' ])) {
$stripped_whitespace = preg_replace ( '/[\s]/u' , '' , $post [ 'body' ]);
if ( empty ( $stripped_whitespace ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
}
2011-01-02 11:10:33 +01:00
if ( $post [ 'mod' ]) {
require 'inc/mod.php' ;
if ( ! $mod ) {
// Liar. You're not a mod.
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'notamod' ]);
2011-01-02 11:10:33 +01:00
}
2011-01-02 11:15:59 +01:00
2011-01-02 12:30:49 +01:00
$post [ 'sticky' ] = $OP && isset ( $_POST [ 'sticky' ]);
$post [ 'locked' ] = $OP && isset ( $_POST [ 'lock' ]);
2011-02-03 10:28:14 +01:00
$post [ 'raw' ] = isset ( $_POST [ 'raw' ]);
2011-01-02 15:15:55 +01:00
2011-02-12 07:25:15 +01:00
if ( $post [ 'sticky' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'locked' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'raw' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'rawhtml' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 11:10:33 +01:00
}
2010-11-05 17:46:20 +01:00
2011-01-02 15:33:57 +01:00
// Check if thread is locked
// but allow mods to post
2011-02-12 07:25:15 +01:00
if ( ! $OP && ( ! $mod || $mod [ 'type' ] < $config [ 'mod' ][ 'postinlocked' ])) {
2011-01-02 15:41:14 +01:00
if ( threadLocked ( $post [ 'thread' ]))
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'locked' ]);
2011-01-02 15:33:57 +01:00
}
2010-11-05 17:46:20 +01:00
if ( $post [ 'has_file' ]) {
$size = $_FILES [ 'file' ][ 'size' ];
2011-02-12 07:25:15 +01:00
if ( $size > $config [ 'max_filesize' ])
error ( sprintf3 ( $config [ 'error' ][ 'filesize' ], array (
2010-11-04 16:20:19 +01:00
'sz' => commaize ( $size ),
'filesz' => commaize ( $size ),
2011-02-12 07:25:15 +01:00
'maxsz' => commaize ( $config [ 'max_filesize' ]))));
2010-11-05 17:46:20 +01:00
}
2011-02-12 07:25:15 +01:00
if ( $mod && $mod [ 'type' ] >= MOD && preg_match ( '/^((.+) )?## (.+)$/' , $post [ 'name' ], $match )) {
if (( $mod [ 'type' ] == MOD && $match [ 3 ] == 'Mod' ) || $mod [ 'type' ] >= ADMIN ) {
2011-04-12 13:08:54 +02:00
$post [ 'capcode' ] = utf8tohtml ( $match [ 3 ]);
2011-02-17 10:12:09 +01:00
$post [ 'name' ] = ! empty ( $match [ 2 ]) ? $match [ 2 ] : $config [ 'anonymous' ];
2011-01-19 02:37:31 +01:00
}
} else {
2011-04-12 13:08:54 +02:00
$post [ 'capcode' ] = false ;
2011-01-19 02:37:31 +01:00
}
2010-11-05 17:46:20 +01:00
$trip = generate_tripcode ( $post [ 'name' ]);
$post [ 'name' ] = $trip [ 0 ];
$post [ 'trip' ] = ( isset ( $trip [ 1 ]) ? $trip [ 1 ] : '' );
2011-03-28 06:52:02 +02:00
if ( strtolower ( $post [ 'email' ]) == 'noko' ) {
2010-11-05 17:46:20 +01:00
$noko = true ;
$post [ 'email' ] = '' ;
} else $noko = false ;
if ( $post [ 'has_file' ]) {
$post [ 'extension' ] = strtolower ( substr ( $post [ 'filename' ], strrpos ( $post [ 'filename' ], '.' ) + 1 ));
2011-02-03 10:28:14 +01:00
$post [ 'file_id' ] = time () . rand ( 100 , 999 );
2011-02-12 07:25:15 +01:00
$post [ 'file' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'img' ] . $post [ 'file_id' ] . '.' . $post [ 'extension' ];
$post [ 'thumb' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ] . $post [ 'file_id' ] . '.png' ;
2010-11-05 17:46:20 +01:00
}
// Check string lengths
2011-02-12 07:25:15 +01:00
if ( strlen ( $post [ 'name' ]) > 50 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'name' ));
2011-02-17 11:20:04 +01:00
if ( strlen ( $post [ 'email' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'email' ));
2011-02-12 07:25:15 +01:00
if ( strlen ( $post [ 'subject' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subject' ));
2011-03-26 08:43:19 +01:00
if ( ! $mod && strlen ( $post [ 'body' ]) > $config [ 'max_body' ]) error ( $config [ 'error' ][ 'toolong_body' ]);
2011-03-14 12:30:42 +01:00
if ( ! ( ! $OP && $post [ 'has_file' ]) && strlen ( $post [ 'body' ]) < 1 ) error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-02-12 07:25:15 +01:00
if ( strlen ( $post [ 'password' ]) > 20 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'password' ));
2010-11-05 17:46:20 +01:00
2011-04-06 11:18:36 +02:00
wordfilters ( $post [ 'body' ]);
2011-01-20 09:24:41 +01:00
$post [ 'body_nomarkup' ] = $post [ 'body' ];
2011-02-03 10:28:14 +01:00
if ( ! ( $mod && $post [ 'raw' ]))
markup ( $post [ 'body' ]);
2010-11-05 17:46:20 +01:00
2011-01-18 07:11:28 +01:00
// Check for a flood
2011-02-17 07:07:22 +01:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'flood' ]) && checkFlood ( $post )) {
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'flood' ]);
2011-01-19 02:37:31 +01:00
}
2011-01-18 14:41:43 +01:00
2011-03-26 12:50:03 +01:00
// Custom anti-spam filters
if ( isset ( $config [ 'flood_filters' ])) {
foreach ( $config [ 'flood_filters' ] as & $filter ) {
2011-03-27 11:38:11 +02:00
unset ( $did_not_match );
2011-03-26 12:50:03 +01:00
// Set up default stuff
if ( ! isset ( $filter [ 'action' ]))
$filter [ 'action' ] = 'reject' ;
if ( ! isset ( $filter [ 'message' ]))
$filter [ 'message' ] = 'Posting throttled by flood filter.' ;
foreach ( $filter [ 'condition' ] as $condition => $value ) {
if ( $condition == 'posts_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X posts in the past X minutes (on this board)
$query = prepare ( sprintf ( " SELECT COUNT(*) AS `posts` FROM `posts_%s` WHERE `time` >= :time " , $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
} elseif ( $condition == 'threads_with_no_replies_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X new empty threads posted in the past X minutes (on this board)
// Confusing query. I couldn't think of anything simpler...
$query = prepare ( sprintf ( " SELECT ((SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL AND `time` >= :time) - COUNT(DISTINCT(`threads`.`id`))) AS `posts` FROM `posts_%s` AS `threads` INNER JOIN `posts_%s` AS `replies` ON `replies`.`thread` = `threads`.`id` WHERE `threads`.`thread` IS NULL AND `threads`.`time` >= :time " , $board [ 'uri' ], $board [ 'uri' ], $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
2011-03-27 14:06:57 +02:00
} elseif ( $condition == 'name' ) {
if ( preg_match ( $value , $post [ 'name' ]))
continue ;
} elseif ( $condition == 'trip' ) {
if ( preg_match ( $value , $post [ 'trip' ]))
continue ;
} elseif ( $condition == 'email' ) {
if ( preg_match ( $value , $post [ 'email' ]))
continue ;
} elseif ( $condition == 'subject' ) {
if ( preg_match ( $value , $post [ 'subject' ]))
continue ;
} elseif ( $condition == 'body' ) {
if ( preg_match ( $value , $post [ 'body_nomarkup' ]))
continue ;
2011-03-27 14:23:12 +02:00
} elseif ( $condition == 'extension' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'extension' ]))
continue ;
} elseif ( $condition == 'filename' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'filename' ]))
continue ;
} elseif ( $condition == 'has_file' ) {
if ( $value == $post [ 'has_file' ])
continue ;
} elseif ( $condition == 'ip' ) {
2011-03-27 14:13:24 +02:00
if ( preg_match ( $value , $_SERVER [ 'REMOTE_ADDR' ]))
continue ;
2011-03-26 12:50:03 +01:00
} elseif ( $condition == 'OP' ) {
// Am I OP?
2011-03-27 11:38:11 +02:00
if ( $value == $OP )
2011-03-26 12:50:03 +01:00
continue ;
} else {
// Unknown block
continue ;
}
$did_not_match = true ;
break ;
}
2011-03-27 11:38:11 +02:00
}
if ( ! isset ( $did_not_match )) {
// Matched filter!
2011-03-27 18:00:54 +02:00
if ( isset ( $filter ) && $filter [ 'action' ] == 'reject' ) {
2011-03-27 11:38:11 +02:00
error ( $filter [ 'message' ]);
2011-03-26 12:50:03 +01:00
}
}
}
2010-11-05 17:46:20 +01:00
if ( $post [ 'has_file' ]) {
// Just trim the filename if it's too long
if ( strlen ( $post [ 'filename' ]) > 30 ) $post [ 'filename' ] = substr ( $post [ 'filename' ], 0 , 27 ) . '…' ;
// Move the uploaded file
2011-02-12 07:25:15 +01:00
if ( !@ move_uploaded_file ( $_FILES [ 'file' ][ 'tmp_name' ], $post [ 'file' ])) error ( $config [ 'error' ][ 'nomove' ]);
2010-11-05 17:46:20 +01:00
$size = @ getimagesize ( $post [ 'file' ]);
$post [ 'width' ] = $size [ 0 ];
$post [ 'height' ] = $size [ 1 ];
// Check if the image is valid
if ( $post [ 'width' ] < 1 || $post [ 'height' ] < 1 ) {
2011-02-19 09:28:07 +01:00
undoImage ( $post );
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'invalidimg' ]);
2010-11-05 17:46:20 +01:00
}
2011-02-12 07:25:15 +01:00
if ( $post [ 'width' ] > $config [ 'max_width' ] || $post [ 'height' ] > $config [ 'max_height' ]) {
2011-02-19 09:28:07 +01:00
undoImage ( $post );
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'maxsize' ]);
2010-11-05 17:46:20 +01:00
}
2011-04-10 14:31:08 +02:00
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents ( $post [ 'file' ], null , null , null , 255 );
if ( preg_match ( $config [ 'ie_mime_type_detection' ], $buffer )) {
undoImage ( $post );
error ( $config [ 'error' ][ 'mime_exploit' ]);
}
2011-02-12 07:25:15 +01:00
$post [ 'filehash' ] = $config [ 'file_hash' ]( $post [ 'file' ]);
2010-11-05 17:46:20 +01:00
$post [ 'filesize' ] = filesize ( $post [ 'file' ]);
$image = createimage ( $post [ 'extension' ], $post [ 'file' ]);
// Create a thumbnail
2011-02-12 07:25:15 +01:00
$thumb = resize ( $image , $post [ 'width' ], $post [ 'height' ], $post [ 'thumb' ], $config [ 'thumb_width' ], $config [ 'thumb_height' ]);
2010-11-05 17:46:20 +01:00
$post [ 'thumbwidth' ] = $thumb [ 'width' ];
$post [ 'thumbheight' ] = $thumb [ 'height' ];
}
2011-02-19 10:39:13 +01:00
if ( $post [ 'has_file' ] && $config [ 'image_reject_repost' ] && $p = getPostByHash ( $post [ 'filehash' ])) {
2011-02-19 09:45:54 +01:00
undoImage ( $post );
error ( sprintf ( $config [ 'error' ][ 'fileexists' ],
$post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ] .
$board [ 'dir' ] . $config [ 'dir' ][ 'res' ] .
2011-02-19 09:48:13 +01:00
( $p [ 'thread' ] ?
$p [ 'thread' ] . '.html#' . $p [ 'id' ]
2011-02-19 09:45:54 +01:00
:
2011-02-19 09:48:13 +01:00
$p [ 'id' ] . '.html'
2011-02-19 09:45:54 +01:00
)
));
}
2011-03-14 12:30:42 +01:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'postunoriginal' ]) && $config [ 'robot_enable' ] && checkRobot ( $post [ 'body_nomarkup' ])) {
undoImage ( $post );
if ( $config [ 'robot_mute' ]) {
error ( sprintf ( $config [ 'error' ][ 'muted' ], mute ()));
} else {
error ( $config [ 'error' ][ 'unoriginal' ]);
}
}
2010-11-05 17:46:20 +01:00
// Remove DIR_* before inserting them into the database.
2010-11-30 09:25:50 +01:00
if ( $post [ 'has_file' ]) {
2011-02-12 07:25:15 +01:00
$post [ 'file' ] = substr_replace ( $post [ 'file' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'img' ]));
$post [ 'thumb' ] = substr_replace ( $post [ 'thumb' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ]));
2010-11-30 09:25:50 +01:00
}
2010-11-05 17:46:20 +01:00
// Todo: Validate some more, remove messy code, allow more specific configuration
$id = post ( $post , $OP );
2011-02-03 10:28:14 +01:00
buildThread (( $OP ? $id : $post [ 'thread' ]));
2011-02-12 07:25:15 +01:00
if ( ! $OP && strtolower ( $post [ 'email' ]) != 'sage' && ( $config [ 'reply_limit' ] == 0 || numPosts ( $post [ 'thread' ]) < $config [ 'reply_limit' ])) {
2011-02-03 10:28:14 +01:00
bumpThread ( $post [ 'thread' ]);
2010-11-05 17:46:20 +01:00
}
2011-01-18 14:41:43 +01:00
if ( $OP )
clean ();
2010-11-05 17:46:20 +01:00
buildIndex ();
sql_close ();
2011-04-06 10:31:26 +02:00
// Tell Javascript that we posted successfully
if ( isset ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]))
$js = json_decode ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]);
else
2011-04-10 19:29:39 +02:00
$js = ( object ) Array ();
2011-04-06 10:31:26 +02:00
// Tell it to delete the cached post for referer
$js -> { $_SERVER [ 'HTTP_REFERER' ]} = true ;
// Encode and set cookie
setcookie ( $config [ 'cookies' ][ 'js' ], json_encode ( $js ), 0 , $config [ 'cookies' ][ 'jail' ] ? $config [ 'cookies' ][ 'path' ] : '/' , null , false , false );
2011-02-12 07:25:15 +01:00
$root = $post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-02 11:15:59 +01:00
2011-02-12 07:25:15 +01:00
if ( $config [ 'always_noko' ] || $noko ) {
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'dir' ][ 'res' ] . ( $OP ? $id : $post [ 'thread' ]) . '.html' . ( ! $OP ? '#' . $id : '' ), true , $config [ 'redirect_http' ]);
2010-11-05 17:46:20 +01:00
} else {
2011-02-12 07:25:15 +01:00
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2010-11-05 17:46:20 +01:00
}
exit ;
} else {
2011-02-12 07:25:15 +01:00
if ( ! file_exists ( $config [ 'has_installed' ])) {
2010-11-30 10:40:37 +01:00
sql_open ();
// Build all boards
2010-12-17 15:18:03 +01:00
$boards = listBoards ();
foreach ( $boards as & $_board ) {
2010-11-30 10:40:37 +01:00
setupBoard ( $_board );
buildIndex ();
}
sql_close ();
2011-02-12 07:25:15 +01:00
touch ( $config [ 'has_installed' ], 0777 );
2010-11-30 10:40:37 +01:00
die ( Element ( 'page.html' , Array (
'index' => ROOT ,
'title' => 'Success' ,
'body' => " <center> " .
" <h2>Tinyboard is now installed!</h2> " .
" </center> "
)));
} else {
// They opened post.php in their browser manually.
// Possible TODO: Redirect back to homepage.
2011-02-12 07:25:15 +01:00
error ( $config [ 'error' ][ 'nopost' ]);
2010-11-05 17:46:20 +01:00
}
}
?>