diff --git a/create.php b/create.php
index f01a97cb..4319ea70 100644
--- a/create.php
+++ b/create.php
@@ -3,13 +3,33 @@
include "inc/functions.php";
include "inc/lib/ayah/ayah.php";
include "inc/mod/auth.php";
+$cbRecaptcha = false;
+//don't load recaptcha LIB unless its enabled!
+if ($config['cbRecaptcha']){
+$cbRecaptcha = true;
+include "inc/lib/recaptcha/recaptchalib.php";
+}
+
+
checkBan('*');
$bannedWords = array('/^cake$/', '8ch', '/^cp$/', 'child', '/^inc$/', '/^static$/', '/^templates$/', '/^js$/', '/^stylesheets$/', '/^tools$/');
-$ayah = new AYAH();
+$ayah = (($config['ayah_enabled']) ? new AYAH() : false);
if (!isset($_POST['uri'], $_POST['title'], $_POST['subtitle'], $_POST['username'], $_POST['password'])) {
-$publisher_html = $ayah->getPublisherHTML();
+if (!$ayah){
+ $game_html = '';
+} else {
+ $game_html = '| Game | ' . $ayah->getPublisherHTML() . ' |
|---|
';
+}
+
+if (!$cbRecaptcha){
+ $recapcha_html = '';
+} else {
+ $recapcha_html = '| reCaptcha | ' . recaptcha_get_html($config['recaptcha_public']) . ' |
|---|
';
+}
+
+
$password = base64_encode(openssl_random_pseudo_bytes(9));
$body = <<Subtitle | (must be < 200 chars) |
| Username | (must contain only alphanumeric, periods and underscores) |
|---|
| Password | (write this down) |
|---|
-| Game | {$publisher_html} |
|---|
+{$game_html}
+{$recapcha_html}
@@ -38,8 +59,27 @@ $title = $_POST['title'];
$subtitle = $_POST['subtitle'];
$username = $_POST['username'];
$password = $_POST['password'];
-$score = $ayah->scoreResult();
+ $resp = ($cbRecaptcha) ? recaptcha_check_answer ($config['recaptcha_private'],
+ $_SERVER["REMOTE_ADDR"],
+ $_POST["recaptcha_challenge_field"],
+ $_POST["recaptcha_response_field"]):false;
+
+if ($resp != false){
+$passedCaptcha = $resp->is_valid;
+} else {
+$passedCaptcha = true;
+}
+
+if (!$ayah){
+$score = true;
+} else {
+$score = $ayah->scoreResult();
+}
+if (!$score)
+ error('You failed the game');
+if (!$passedCaptcha)
+ error('You failed to enter the reCaptcha correctly');
if (!preg_match('/^[a-z0-9]{1,10}$/', $uri))
error('Invalid URI');
if (!(strlen($title) < 40))
@@ -48,8 +88,7 @@ if (!(strlen($subtitle) < 200))
error('Invalid subtitle');
if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username))
error('Invalid username');
-if (!$score)
- error('You failed the game');
+
foreach (listBoards() as $i => $board) {
if ($board['uri'] == $uri)
error('Board already exists!');
@@ -64,12 +103,13 @@ foreach ($bannedWords as $i => $w) {
error("Cannot create board matching banned pattern $w");
}
}
-$query = prepare('SELECT * FROM ``mods``');
+$query = prepare('SELECT ``username`` FROM ``mods`` WHERE ``username`` = :username');
+$query->bindValue(':username', $username);
$query->execute() or error(db_error($query));
$users = $query->fetchAll(PDO::FETCH_ASSOC);
-foreach ($users as $i => $user) {
- if ($user['username'] == $username)
- error('Username taken!');
+
+if (sizeof($users) > 0){
+error('The username you\'ve tried to enter already exists!');
}
$salt = generate_salt();
@@ -112,9 +152,10 @@ $body = <<Make sure you don't forget your password, {$_POST['password']}!
-You can manage your site at http://8chan.co/mod.php?/.
+You can manage your board at http://8chan.co/mod.php?/.
EOT;
echo Element("page.html", array("config" => $config, "body" => $body, "title" => "Success", "subtitle" => "This was a triumph"));
}
+?>
\ No newline at end of file
diff --git a/inc/config.php b/inc/config.php
index e88f4935..da51613f 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -277,8 +277,25 @@
'no_country'
);
+
+
+ /*uses are you a human to stop automated requests to make boards disabled by default
+ if you wish to use 'are you a human' to block automated board creation requests
+
+ to use AYAH you must enter your 'AYAH_PUBLISHER_KEY' and your 'AYAH_SCORING_KEY' in
+ the configuration file for AYAH. The config file for AYAH
+ is located in the following directory:'/inc/lib/ayah/ayah_config.php'
+
+ */
+ $config['ayah_enabled'] = false;
+
+
+
+
// Enable reCaptcha to make spam even harder. Rarely necessary.
$config['recaptcha'] = false;
+ // Enable reCaptcha on create.php to prevent automated requests.
+ $config['cbRecaptcha'] = false;
// Public and private key pair from https://www.google.com/recaptcha/admin/create
$config['recaptcha_public'] = '6LcXTcUSAAAAAKBxyFWIt2SO8jwx4W7wcSMRoN3f';
diff --git a/inc/instance-config.php b/inc/instance-config.php
index 6567a85f..132f40e9 100644
--- a/inc/instance-config.php
+++ b/inc/instance-config.php
@@ -80,6 +80,7 @@
$config['mod']['recent_reports'] = 65535;
// Board shit
+ $config['ayah_enabled'] = true;
$config['url_banner'] = '/banners.php';
//$config['default_stylesheet'] = array('Notsuba', 'notsuba.css');
$config['additional_javascript'][] = 'js/jquery.min.js';
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index f7ccf1a6..ae841c7c 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1799,12 +1799,25 @@ function mod_user($uid) {
$log = array();
}
+ if ($mod['type'] >= ADMIN){
+ $boards = listBoards();
+ } else {
+ $boards2 = explode(',', $user['boards']);
+
+ foreach($boards2 as $string){
+
+ $boards[] = array("uri"=>$string, "title"=>"MY BOARD");
+
+ }
+
+
+ }
$user['boards'] = explode(',', $user['boards']);
mod_page(_('Edit user'), 'mod/user.html', array(
'user' => $user,
'logs' => $log,
- 'boards' => listBoards(),
+ 'boards' => $boards,
'token' => make_secure_link_token('users/' . $user['id'])
));
}
diff --git a/inc/secrets.php b/inc/secrets.php
deleted file mode 100644
index b5d51a7c..00000000
--- a/inc/secrets.php
+++ /dev/null
@@ -1,4 +0,0 @@
-