diff --git a/inc/config.php b/inc/config.php
index 746efb63..65346edd 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -41,7 +41,8 @@
define('COOKIE_EXPIRE', 15778463, true); //6 months
// Make this something long and random for security
define('SALT', 'wefaw98YHEWUFuo', true);
-
+ define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
+
// How many seconds before you can post, after the first visit
define('LURKTIME', 30, true);
@@ -51,6 +52,8 @@
define('FLOOD_TIME_IP_SAME', 120, true);
// Same as above but different IP address
define('FLOOD_TIME_SAME', 30, true);
+ // Do you need a body for your non-OP posts?
+ define('FORCE_BODY', true, true);
// Max body length
define('MAX_BODY', 1800, true);
@@ -77,6 +80,9 @@
define('ERROR_NOPOST', 'You didn\'t make a post.', true);
define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
define('ERROR_UNORIGINAL', 'Unoriginal content!', true);
+ define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true);
+ define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
+ define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true);
@@ -103,7 +109,11 @@
// Function name for hashing
// sha1_file, md5_file, etc.
define('FILE_HASH', 'sha1_file', true);
-
+
+ define('BLOCK_TOR', true, true);
+ // Typically spambots try to post a lot of links. Refuse a post with X standalone links?
+ define('MAX_LINKS', 7, true);
+
// Maximum image upload size in bytes
define('MAX_FILESIZE', 10*1024*1024, true); // 10MB
// Maximum image dimensions
@@ -167,8 +177,13 @@
// Robot stuff
// Strip repeating characters when making hashes
define('ROBOT_ENABLE', true, true);
+ define('ROBOT_BOARD', 'r9k', true);
define('ROBOT_STRIP_REPEATING', true, true);
-
+ // Enable mutes
+ define('ROBOT_MUTE', true, true);
+ define('ROBOT_MUTE_MIN', 60, true);
+ define('ROBOT_MUTE_MAX', 120, true);
+ define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true);
/*
Mod stuff
diff --git a/inc/functions.php b/inc/functions.php
index 4f4a69bd..6193ab38 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -439,14 +439,43 @@
}
}
}
+
+ function isDNSBL() {
+ $dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES);
+
+ // Reverse the IP
+ $rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.');
+ $response = array();
+ foreach ($dns_black_lists as $dns_black_list) {
+ $response = (gethostbynamel($rev_ip . '.' . $dns_black_list));
+ if(!empty($response))
+ return true;
+ }
+
+ return false;
+ }
+
+ function isTor() {
+ return gethostbyname(
+ ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org'
+ ) == '127.0.0.2';
+ }
+
+ function ReverseIPOctets($inputip) {
+ $ipoc = explode('.', $inputip);
+ return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0];
+ }
function markup(&$body) {
global $board;
$body = utf8tohtml($body, true);
- if(MARKUP_URLS)
- $body = preg_replace(URL_REGEX, "$0", $body);
+ if(MARKUP_URLS) {
+ $body = preg_replace(URL_REGEX, "$0", $body, -1, $num_links);
+ if($num_links > MAX_LINKS)
+ error(ERROR_TOOMANYLINKS);
+ }
if(AUTO_UNICODE) {
$body = str_replace('...', '…', $body);
@@ -602,7 +631,7 @@
$salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' );
if ( isset ( $t[2] ) ) {
// secure
- $trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) );
+ $trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) );
} else {
// insecure
$trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) );
diff --git a/mod.php b/mod.php
index b4355fe4..80647471 100644
--- a/mod.php
+++ b/mod.php
@@ -464,7 +464,7 @@
openBoard($_board['uri']);
$temp = '';
- $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri']));
+ $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
$query->bindValue(':ip', $ip);
$query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
diff --git a/post.php b/post.php
index 40830f0f..b8724522 100644
--- a/post.php
+++ b/post.php
@@ -62,6 +62,9 @@
// Check if banned
checkBan();
+ if(BLOCK_TOR && isTor())
+ error(ERROR_TOR);
+
// Check if board exists
if(!openBoard($post['board']))
error(ERROR_NOBOARD);
@@ -85,6 +88,9 @@
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
+ if(empty($post['body']) && FORCE_BODY)
+ error(ERROR_TOOSHORTBODY);
+
if($post['mod']) {
require 'inc/mod.php';
if(!$mod) {
@@ -115,6 +121,15 @@
'maxsz'=>commaize(MAX_FILESIZE))));
}
+ if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
+ if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) {
+ $post['mod_tag'] = $match[3];
+ $post['name'] = !empty($match[2])?$match[2]:'Anonymous';
+ }
+ } else {
+ $post['mod_tag'] = false;
+ }
+
$trip = generate_tripcode($post['name']);
$post['name'] = $trip[0];
$post['trip'] = (isset($trip[1])?$trip[1]:'');
@@ -134,21 +149,40 @@
}
// Check string lengths
- if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
+ if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
+ if($post['mod_tag'])
+ $post['trip'] .= ' ## ' . $post['mod_tag'] . '';
+
+ if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) {
+ if(ROBOT_MUTE) {
+ $mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN);
+
+ $query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
+ $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':mod', -1, PDO::PARAM_INT);
+ $query->bindValue(':set', time(), PDO::PARAM_INT);
+ $query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT);
+ $query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION);
+ $query->execute() or error(db_error($query));
+
+ error(sprintf(ERROR_MUTED, $mutetime));
+ } else {
+ error(ERROR_UNORIGINAL);
+ }
+ }
+
markup($post['body']);
// Check for a flood
- if(checkFlood($post))
+ if(checkFlood($post)) {
error(ERROR_FLOOD);
-
- if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body']))
- error(ERROR_UNORIGINAL);
+ }
if($post['has_file']) {
// Just trim the filename if it's too long
@@ -206,6 +240,7 @@
imagebmp($image, $post['file']);
break;
default:
+ unlink($post['file']);
error('Unknwon file extension.');
}
}
diff --git a/style.css b/style.css
index 60c36d19..058de230 100644
--- a/style.css
+++ b/style.css
@@ -146,6 +146,10 @@ p.intro span.name {
color: #117743;
font-weight: bold;
}
+p.intro a.nametag {
+ color: #F00000;
+ margin-left: 0;
+}
p.intro a {
margin-left: 8px;
}
diff --git a/templates/posts.sql b/templates/posts.sql
index 4163f125..f8e1b6fb 100644
--- a/templates/posts.sql
+++ b/templates/posts.sql
@@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` (
`subject` varchar(40) NOT NULL,
`email` varchar(30) NOT NULL,
`name` varchar(25) NOT NULL,
- `trip` varchar(15) DEFAULT NULL,
+ `trip` varchar(45) DEFAULT NULL,
`body` text NOT NULL,
`time` int(11) NOT NULL,
`bump` int(11) DEFAULT NULL,
diff --git a/templates/thread.html b/templates/thread.html
index 2fd03418..e1260ff5 100644
--- a/templates/thread.html
+++ b/templates/thread.html
@@ -71,6 +71,7 @@
{body}
+ [Return.]
Copyright © 2010 OmegaSDG