1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-18 18:36:00 +01:00
vichan/inc/filters.php

277 lines
7.1 KiB
PHP
Raw Normal View History

<?php
2012-04-11 18:49:22 +02:00
/*
2013-01-20 11:23:46 +01:00
* Copyright (c) 2010-2013 Tinyboard Development Group
2012-04-11 18:49:22 +02:00
*/
defined('TINYBOARD') or exit;
2012-04-11 18:49:22 +02:00
class Filter {
public $flood_check;
private $condition;
private $post;
2024-02-16 16:00:08 +01:00
public function __construct(array $arr) {
2024-02-16 16:00:08 +01:00
foreach ($arr as $key => $value) {
$this->$key = $value;
}
}
2024-02-16 16:00:08 +01:00
2014-07-28 04:12:19 +02:00
public function match($condition, $match) {
$condition = strtolower($condition);
2014-07-28 04:12:19 +02:00
$post = &$this->post;
2024-02-16 16:00:08 +01:00
switch($condition) {
case 'custom':
2024-02-16 16:00:08 +01:00
if (!is_callable($match)) {
error('Custom condition for filter is not callable!');
2024-02-16 16:00:08 +01:00
}
return $match($post);
case 'flood-match':
2024-02-16 16:00:08 +01:00
if (!is_array($match)) {
error('Filter condition "flood-match" must be an array.');
2024-02-16 16:00:08 +01:00
}
// Filter out "flood" table entries which do not match this filter.
2024-02-16 16:00:08 +01:00
$flood_check_matched = array();
2024-02-16 16:00:08 +01:00
foreach ($this->flood_check as $flood_post) {
foreach ($match as $flood_match_arg) {
switch ($flood_match_arg) {
case 'ip':
2024-02-16 16:00:08 +01:00
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) {
continue 3;
2024-02-16 16:00:08 +01:00
}
break;
case 'body':
2024-02-16 16:00:08 +01:00
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) {
continue 3;
2024-02-16 16:00:08 +01:00
}
break;
case 'file':
2024-02-16 16:00:08 +01:00
if (!isset($post['filehash'])) {
return false;
2024-02-16 16:00:08 +01:00
}
if ($flood_post['filehash'] != $post['filehash']) {
continue 3;
2024-02-16 16:00:08 +01:00
}
break;
case 'board':
2024-02-16 16:00:08 +01:00
if ($flood_post['board'] != $post['board']) {
continue 3;
2024-02-16 16:00:08 +01:00
}
break;
case 'isreply':
2024-02-16 16:00:08 +01:00
if ($flood_post['isreply'] == $post['op']) {
continue 3;
2024-02-16 16:00:08 +01:00
}
break;
default:
error('Invalid filter flood condition: ' . $flood_match_arg);
}
}
$flood_check_matched[] = $flood_post;
}
2024-02-16 16:00:08 +01:00
$this->flood_check = $flood_check_matched;
return !empty($this->flood_check);
case 'flood-time':
foreach ($this->flood_check as $flood_post) {
if (time() - $flood_post['time'] <= $match) {
return true;
}
}
return false;
2013-09-08 07:07:55 +02:00
case 'flood-count':
$count = 0;
foreach ($this->flood_check as $flood_post) {
if (time() - $flood_post['time'] <= $this->condition['flood-time']) {
++$count;
}
}
return $count >= $match;
case 'name':
return preg_match($match, $post['name']);
case 'trip':
return $match === $post['trip'];
case 'email':
return preg_match($match, $post['email']);
case 'subject':
return preg_match($match, $post['subject']);
case 'body':
return preg_match($match, $post['body_nomarkup']);
2013-09-23 06:00:04 +02:00
case 'filehash':
return $match === $post['filehash'];
case 'filename':
2024-02-16 16:00:08 +01:00
if (!$post['files']) {
return false;
2024-02-16 16:00:08 +01:00
}
foreach ($post['files'] as $file) {
if (preg_match($match, $file['filename'])) {
return true;
}
}
return false;
case 'extension':
2024-02-16 16:00:08 +01:00
if (!$post['files']) {
return false;
2024-02-16 16:00:08 +01:00
}
foreach ($post['files'] as $file) {
if (preg_match($match, $file['extension'])) {
return true;
}
}
return false;
case 'ip':
return preg_match($match, $_SERVER['REMOTE_ADDR']);
case 'op':
return $post['op'] == $match;
case 'has_file':
return $post['has_file'] == $match;
case 'board':
return $post['board'] == $match;
case 'password':
return $post['password'] == $match;
2024-07-31 19:44:39 +02:00
case 'unshorten':
$extracted_urls = get_urls($post['body_nomarkup']);
foreach ($extracted_urls as $url) {
if (preg_match($match, trace_url($url))) {
return true;
}
}
return false;
default:
error('Unknown filter condition: ' . $condition);
}
}
2024-02-16 16:00:08 +01:00
public function action() {
global $board;
$this->add_note = isset($this->add_note) ? $this->add_note : false;
if ($this->add_note) {
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
2024-02-16 16:00:08 +01:00
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1);
$query->bindValue(':time', time());
$query->bindValue(':body', "Autoban message: ".$this->post['body']);
$query->execute() or error(db_error($query));
}
if (isset($this->action)) {
switch($this->action) {
case 'reject':
error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
case 'ban':
if (!isset($this->reason)) {
error('The ban action requires a reason.');
}
$this->expires = isset($this->expires) ? $this->expires : false;
$this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) {
if (isset($this->message)) {
error($message);
}
checkBan($board['uri']);
exit;
}
break;
default:
error('Unknown filter action: ' . $this->action);
}
}
}
2024-02-16 16:00:08 +01:00
public function check(array $post) {
2014-07-28 04:12:19 +02:00
$this->post = $post;
2012-04-12 16:18:19 +02:00
foreach ($this->condition as $condition => $value) {
if ($condition[0] == '!') {
$NOT = true;
$condition = substr($condition, 1);
2024-02-16 16:00:08 +01:00
} else {
$NOT = false;
}
if ($this->match($condition, $value) == $NOT) {
return false;
2024-02-16 16:00:08 +01:00
}
}
return true;
}
}
function purge_flood_table() {
global $config;
2024-02-16 16:00:08 +01:00
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
// aware of flood filters in other board configurations. You can solve this problem by settings the
// config variable $config['flood_cache'] (seconds).
2024-02-16 16:00:08 +01:00
if ($config['flood_cache'] != -1) {
$max_time = &$config['flood_cache'];
} else {
$max_time = 0;
foreach ($config['filters'] as $filter) {
2024-02-16 16:00:08 +01:00
if (isset($filter['condition']['flood-time'])) {
$max_time = max($max_time, $filter['condition']['flood-time']);
2024-02-16 16:00:08 +01:00
}
}
}
2024-02-16 16:00:08 +01:00
$time = time() - $max_time;
2024-02-16 16:00:08 +01:00
2013-09-09 19:54:23 +02:00
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
}
function do_filters(array $post) {
global $config;
2024-02-16 16:00:08 +01:00
if (!isset($config['filters']) || empty($config['filters'])) {
return;
2024-02-16 16:00:08 +01:00
}
foreach ($config['filters'] as $filter) {
if (isset($filter['condition']['flood-match'])) {
$has_flood = true;
break;
}
}
2024-02-16 16:00:08 +01:00
if (isset($has_flood)) {
if ($post['has_file']) {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
2013-09-07 04:50:32 +02:00
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
$query->bindValue(':filehash', $post['filehash']);
} else {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
2013-09-07 04:50:32 +02:00
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
}
$query->execute() or error(db_error($query));
$flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
} else {
$flood_check = false;
}
2024-02-16 16:00:08 +01:00
foreach ($config['filters'] as $filter_array) {
$filter = new Filter($filter_array);
$filter->flood_check = $flood_check;
2024-02-16 16:00:08 +01:00
if ($filter->check($post)) {
$filter->action();
2024-02-16 16:00:08 +01:00
}
}
2024-02-16 16:00:08 +01:00
purge_flood_table();
}