Rewrite report system due to flooding

8chan-captcha/entrypoint.php

@@ -3,19 +3,8 @@ header('Access-Control-Allow-Origin: *');
 
 $mode = @$_GET['mode'];
 
-require_once("cool-php-captcha-0.3.1/captcha.php");
-
-function rand_string($length, $charset) {
-  $ret = "";
-  while ($length--) {
-    $ret .= mb_substr($charset, rand(0, mb_strlen($charset, 'utf-8')-1), 1, 'utf-8');
-  }
-  return $ret;
-}
-
-function cleanup ($pdo, $expires_in) {
-  $pdo->prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
-}
+require_once("config.php");
+require_once("functions.php");
 
 switch ($mode) {
 // Request: GET entrypoint.php?mode=get&extra=1234567890
@@ -28,23 +17,9 @@ case "get":
   $extra = $_GET['extra'];
   $nojs = isset($_GET['nojs']);
 
-  require_once("config.php");
-
-  $text = rand_string($length, $extra);
-
-  //$captcha = new SimpleCaptcha($text, $width, $height, $extra);
-  $captcha = new SimpleCaptcha();
-
-  $cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
-
-  ob_start();
-  $captcha->CreateImage($text);
-  $image = ob_get_contents();
-  ob_end_clean();
-  $html = '<image src="data:image/png;base64,'.base64_encode($image).'">';
-
-  $query = $pdo->prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
-  $query->execute(                               [$cookie,  $extra,  $text,  time()]);
+  $captcha = generate_captcha($extra);
+  $cookie = $captcha['cookie'];
+  $html = $captcha['html'];
 
   if ($nojs) {
 	  header("Content-type: text/html");
@@ -66,8 +41,6 @@ case "check":
     die();
   }
 
-  require_once("config.php");
-
   cleanup($pdo, $expires_in);
 
   $query = $pdo->prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");

8chan-captcha/functions.php

@@ -0,0 +1,38 @@
+<?php
+if (strpos(getcwd(), '8chan-captcha') === false) chdir('8chan-captcha');
+require_once("config.php");
+require_once("cool-php-captcha-0.3.1/captcha.php");
+
+function generate_captcha($extra = '1234567890') {
+  global $length, $pdo;
+
+  $text = rand_string($length, $extra);
+
+  $captcha = new SimpleCaptcha();
+
+  $cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
+
+  ob_start();
+  $captcha->CreateImage($text);
+  $image = ob_get_contents();
+  ob_end_clean();
+  $html = '<image src="data:image/png;base64,'.base64_encode($image).'">';
+
+  $query = $pdo->prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
+  $query->execute(                               [$cookie,  $extra,  $text,  time()]);
+
+  return array("cookie" => $cookie, "html" => $html);
+}
+
+function rand_string($length, $charset) {
+  $ret = "";
+  while ($length--) {
+    $ret .= mb_substr($charset, rand(0, mb_strlen($charset, 'utf-8')-1), 1, 'utf-8');
+  }
+  return $ret;
+}
+
+function cleanup ($pdo, $expires_in) {
+  $pdo->prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
+}
+

inc/config.php

@@ -302,9 +302,14 @@
 	// Enable custom captcha provider
 	$config['captcha']['enabled'] = false;
 
-	// Custom captcha provider path
-	$config['captcha']['provider_get']   = 'http://8chan.vichan.net/captcha/entrypoint.php';
-	$config['captcha']['provider_check'] = 'http://8chan.vichan.net/captcha/entrypoint.php';
+	/* 
+	 * Custom captcha provider path (You will need to change these depending on your configuration! It cannot be
+	 * automatically determined because provider_check requires curl which needs to know the domain of your site.)
+	 * 
+	 * Specify yourimageboard.com/$config['root']/8chan-captcha/entrypoint.php for the default provider or write your own
+	 */
+	$config['captcha']['provider_get']   = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
+	$config['captcha']['provider_check'] = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
 
 	// Custom captcha extra field (eg. charset)
 	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
@@ -1718,3 +1723,6 @@
 
 	// Twig cache?
 	$config['twig_cache'] = false;
+
+	// Use CAPTCHA for reports?
+	$config['report_captcha'] = false;

inc/instance-config.php

@@ -214,6 +214,7 @@ $config['katex'] = false;
 $config['enable_antibot'] = false;
 $config['spam']['unicode'] = false;
 $config['twig_cache'] = false;
+$config['report_captcha'] = true;
 // 8chan specific mod pages
 require '8chan-mod-pages.php';
 	

js/fix-report-delete-submit.js

@@ -43,19 +43,12 @@ Menu.onclick(function(e, $buf) {
 	var postId = $ele.find('.post_no').not('[id]').text();
 
 	$buf.find('#report_menu,#global_report_menu').click(function(e) {
-		$('#delete_'+postId).prop('checked', 'checked');
-		if ($(this).attr('id') === 'global_report_menu') {
-			header = "<div><h1>Attention!</h1><p>This form is only for reporting <strong>child pornography</strong>, <strong>bot spam</strong> and <strong>credit card numbers, social security numbers or banking information</strong>. DMCA requests and all other deletion requests <em>MUST</em> be sent via email to admin@8chan.co.</p><p>8chan is unmoderated and allows posts without collecting <em>ANY</em> information from the poster less the details of their post. Furthermore, all boards on 8chan are user created and not actively monitored by anyone but the board creator.</p><p>8chan has a small volunteer staff to handle this queue, please do not waste their time by filling it with nonsense! <em>If you made a report with this tool and the post was not deleted, <strong>do not make the report again!</strong> Email admin@8chan.co instead.</em> Abuse of the global report system could lead to address blocks against your IP from 8chan.</p><p>Again, 8chan's global volunteers <em>do not</em> handle board specific issues. You most likely want to click \"Report\" instead to reach the creator and volunteers he assigned to this board.</p>";
-			$('#global_report').prop('checked', 'checked');
+		if ($(this).attr('id') === "global_report_menu") {
+			var global = '&global';
 		} else {
-			header = "";
-			$('#global_report').prop('checked', '');
+			var global = '';
 		}
-		alert(header+"Enter reason below...<br/><input type='text' id='alert_reason'>", true, function(){
-			$('#reason').val($('#alert_reason').val());
-			$('input[name=report][type=submit]').click();
-		});
-
+		window.open(configRoot+'report.php?board='+board_name+'&post=delete_'+postId+global, "", (global?"width=600, height=575":"width=500, height=275"));
 	});
 });
 

post.php

@@ -132,6 +132,23 @@ elseif (isset($_POST['report'])) {
 	
 	if (count($report) > $config['report_limit'])
 		error($config['error']['toomanyreports']);
+
+	if ($config['report_captcha'] && !isset($_POST['captcha_text'], $_POST['captcha_cookie'])) {
+		error($config['error']['bot']);
+	}
+
+	if ($config['report_captcha']) {
+		$resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query([
+			'mode' => 'check',
+			'text' => $_POST['captcha_text'],
+			'extra' => $config['captcha']['extra'],
+			'cookie' => $_POST['captcha_cookie']
+		]));
+
+		if ($resp !== '1') {
+                        error($config['error']['captcha']);
+		}
+	}
 	
 	$reason = escape_markup_modifiers($_POST['reason']);
 	markup($reason);
@@ -182,7 +199,8 @@ elseif (isset($_POST['report'])) {
 	$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
 	
 	if (!isset($_POST['json_response'])) {
-		header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
+		$index = $root . $board['dir'] . $config['file_index'];
+		echo Element('page.html', array('config' => $config, 'body' => '<div style="text-align:center"><a href="javascript:window.close()">[ ' . _('Close window') ." ]</a> <a href='$index'>[ " . _('Return') . ' ]</a></div>', 'title' => _('Report submitted!')));
 	} else {
 		header('Content-Type: text/json');
 		echo json_encode(array('success' => true));

templates/report.html

@@ -0,0 +1,17 @@
+<form action="{{ config.post_url }}" method="post" id="report_form">
+	<input type="hidden" name="board" value="{{ board.uri }}">
+	<input type="hidden" name="{{ post|e }}" value="1">
+	{% if global %}
+		<input type="hidden" name="global" value="1">
+		<div><h1>Attention!</h1><p>This form is only for reporting <strong>child pornography</strong>, <strong>bot spam</strong> and <strong>credit card numbers, social security numbers or banking information</strong>. DMCA requests and all other deletion requests <em>MUST</em> be sent via email to admin@8chan.co.</p><p>8chan is unmoderated and allows posts without collecting <em>ANY</em> information from the poster less the details of their post. Furthermore, all boards on 8chan are user created and not actively monitored by anyone but the board creator.</p><p>8chan has a small volunteer staff to handle this queue, please do not waste their time by filling it with nonsense! <em>If you made a report with this tool and the post was not deleted, <strong>do not make the report again!</strong> Email admin@8chan.co instead.</em> Abuse of the global report system could lead to address blocks against your IP from 8chan.</p><p>Again, 8chan's global volunteers <em>do not</em> handle board specific issues. You most likely want to click "Report" instead to reach the creator and volunteers he assigned to this board.</p>
+	{% endif %}
+	<p>{% trans %}Enter reason below...{% endtrans %}</p>
+	<input type="text" id="reason" name="reason">
+	{% if config.report_captcha %}
+		<p>{% trans %}To submit your report, please fill out the CAPTCHA below.{% endtrans %}</p>
+		{{ captcha['html'] }}<br/>
+		<input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text">
+		<input class="captcha_cookie" name="captcha_cookie" type="hidden" autocomplete="off" value="{{ captcha['cookie']|e }}"><br/>
+	{% endif %}
+	<input name="report" value="{% trans %}Submit{% endtrans %}" type="submit">
+</form>