1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-23 23:20:57 +01:00

a bunch of things

This commit is contained in:
Savetheinternet 2011-01-19 12:37:31 +11:00
parent 62bd2ee348
commit c59f36f400
7 changed files with 97 additions and 13 deletions

View File

@ -41,7 +41,8 @@
define('COOKIE_EXPIRE', 15778463, true); //6 months
// Make this something long and random for security
define('SALT', 'wefaw98YHEWUFuo', true);
define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
// How many seconds before you can post, after the first visit
define('LURKTIME', 30, true);
@ -51,6 +52,8 @@
define('FLOOD_TIME_IP_SAME', 120, true);
// Same as above but different IP address
define('FLOOD_TIME_SAME', 30, true);
// Do you need a body for your non-OP posts?
define('FORCE_BODY', true, true);
// Max body length
define('MAX_BODY', 1800, true);
@ -77,6 +80,9 @@
define('ERROR_NOPOST', 'You didn\'t make a post.', true);
define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
define('ERROR_UNORIGINAL', 'Unoriginal content!', true);
define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true);
define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true);
@ -103,7 +109,11 @@
// Function name for hashing
// sha1_file, md5_file, etc.
define('FILE_HASH', 'sha1_file', true);
define('BLOCK_TOR', true, true);
// Typically spambots try to post a lot of links. Refuse a post with X standalone links?
define('MAX_LINKS', 7, true);
// Maximum image upload size in bytes
define('MAX_FILESIZE', 10*1024*1024, true); // 10MB
// Maximum image dimensions
@ -167,8 +177,13 @@
// Robot stuff
// Strip repeating characters when making hashes
define('ROBOT_ENABLE', true, true);
define('ROBOT_BOARD', 'r9k', true);
define('ROBOT_STRIP_REPEATING', true, true);
// Enable mutes
define('ROBOT_MUTE', true, true);
define('ROBOT_MUTE_MIN', 60, true);
define('ROBOT_MUTE_MAX', 120, true);
define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true);
/*
Mod stuff

View File

@ -439,14 +439,43 @@
}
}
}
function isDNSBL() {
$dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES);
// Reverse the IP
$rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.');
$response = array();
foreach ($dns_black_lists as $dns_black_list) {
$response = (gethostbynamel($rev_ip . '.' . $dns_black_list));
if(!empty($response))
return true;
}
return false;
}
function isTor() {
return gethostbyname(
ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org'
) == '127.0.0.2';
}
function ReverseIPOctets($inputip) {
$ipoc = explode('.', $inputip);
return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0];
}
function markup(&$body) {
global $board;
$body = utf8tohtml($body, true);
if(MARKUP_URLS)
$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body);
if(MARKUP_URLS) {
$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body, -1, $num_links);
if($num_links > MAX_LINKS)
error(ERROR_TOOMANYLINKS);
}
if(AUTO_UNICODE) {
$body = str_replace('...', '…', $body);
@ -602,7 +631,7 @@
$salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' );
if ( isset ( $t[2] ) ) {
// secure
$trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) );
$trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) );
} else {
// insecure
$trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) );

View File

@ -464,7 +464,7 @@
openBoard($_board['uri']);
$temp = '';
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri']));
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT);
$query->execute() or error(db_error($query));

View File

@ -62,6 +62,9 @@
// Check if banned
checkBan();
if(BLOCK_TOR && isTor())
error(ERROR_TOR);
// Check if board exists
if(!openBoard($post['board']))
error(ERROR_NOBOARD);
@ -85,6 +88,9 @@
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
if(empty($post['body']) && FORCE_BODY)
error(ERROR_TOOSHORTBODY);
if($post['mod']) {
require 'inc/mod.php';
if(!$mod) {
@ -115,6 +121,15 @@
'maxsz'=>commaize(MAX_FILESIZE))));
}
if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) {
$post['mod_tag'] = $match[3];
$post['name'] = !empty($match[2])?$match[2]:'Anonymous';
}
} else {
$post['mod_tag'] = false;
}
$trip = generate_tripcode($post['name']);
$post['name'] = $trip[0];
$post['trip'] = (isset($trip[1])?$trip[1]:'');
@ -134,21 +149,40 @@
}
// Check string lengths
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
if($post['mod_tag'])
$post['trip'] .= ' <a class="nametag">## ' . $post['mod_tag'] . '</a>';
if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) {
if(ROBOT_MUTE) {
$mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN);
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1, PDO::PARAM_INT);
$query->bindValue(':set', time(), PDO::PARAM_INT);
$query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT);
$query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION);
$query->execute() or error(db_error($query));
error(sprintf(ERROR_MUTED, $mutetime));
} else {
error(ERROR_UNORIGINAL);
}
}
markup($post['body']);
// Check for a flood
if(checkFlood($post))
if(checkFlood($post)) {
error(ERROR_FLOOD);
if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body']))
error(ERROR_UNORIGINAL);
}
if($post['has_file']) {
// Just trim the filename if it's too long
@ -206,6 +240,7 @@
imagebmp($image, $post['file']);
break;
default:
unlink($post['file']);
error('Unknwon file extension.');
}
}

View File

@ -146,6 +146,10 @@ p.intro span.name {
color: #117743;
font-weight: bold;
}
p.intro a.nametag {
color: #F00000;
margin-left: 0;
}
p.intro a {
margin-left: 8px;
}

View File

@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` (
`subject` varchar(40) NOT NULL,
`email` varchar(30) NOT NULL,
`name` varchar(25) NOT NULL,
`trip` varchar(15) DEFAULT NULL,
`trip` varchar(45) DEFAULT NULL,
`body` text NOT NULL,
`time` int(11) NOT NULL,
`bump` int(11) DEFAULT NULL,

View File

@ -71,6 +71,7 @@
</form>
<hr/>
{body}
<a href="{return}">[Return.]</a>
<p class="unimportant" style="text-align:center;">Copyright &copy; 2010 <a href="http://omegadev.org/">OmegaSDG</a></p>
</body>
</html>