2010-12-01 05:53:11 -05:00
|
|
|
<?php
|
|
|
|
require 'inc/functions.php';
|
|
|
|
require 'inc/display.php';
|
|
|
|
if (file_exists('inc/instance-config.php')) {
|
|
|
|
require 'inc/instance-config.php';
|
|
|
|
}
|
|
|
|
require 'inc/config.php';
|
|
|
|
require 'inc/template.php';
|
2010-12-17 09:18:03 -05:00
|
|
|
require 'inc/database.php';
|
2010-12-01 05:53:11 -05:00
|
|
|
require 'inc/user.php';
|
2010-12-02 02:26:09 -05:00
|
|
|
require 'inc/mod.php';
|
2010-12-01 05:53:11 -05:00
|
|
|
|
2010-12-03 22:58:24 -05:00
|
|
|
// Fix some encoding issues
|
|
|
|
header('Content-Type: text/html; charset=utf-8', true);
|
|
|
|
|
2010-12-01 05:53:11 -05:00
|
|
|
// If not logged in
|
2010-12-02 02:02:48 -05:00
|
|
|
if(!$mod) {
|
2010-12-01 05:53:11 -05:00
|
|
|
if(isset($_POST['login'])) {
|
|
|
|
// Check if inputs are set and not empty
|
|
|
|
if( !isset($_POST['username']) ||
|
|
|
|
!isset($_POST['password']) ||
|
|
|
|
empty($_POST['username']) ||
|
|
|
|
empty($_POST['password'])
|
|
|
|
) loginForm(ERROR_INVALID, $_POST['username']);
|
|
|
|
|
|
|
|
// Open connection
|
|
|
|
sql_open();
|
|
|
|
|
|
|
|
if(!login($_POST['username'], $_POST['password']))
|
|
|
|
loginForm(ERROR_INVALID, $_POST['username']);
|
|
|
|
|
|
|
|
// Login successful
|
|
|
|
// Set cookies
|
|
|
|
setCookies();
|
|
|
|
|
2010-12-02 02:02:48 -05:00
|
|
|
// Redirect
|
2010-12-02 02:07:24 -05:00
|
|
|
header('Location: ?' . MOD_DEFAULT, true, REDIRECT_HTTP);
|
2010-12-02 02:02:48 -05:00
|
|
|
|
2010-12-01 05:53:11 -05:00
|
|
|
// Close connection
|
|
|
|
sql_close();
|
|
|
|
} else {
|
|
|
|
loginForm();
|
|
|
|
}
|
|
|
|
} else {
|
2010-12-02 04:55:56 -05:00
|
|
|
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
|
2010-12-16 00:36:40 -05:00
|
|
|
|
|
|
|
// A sort of "cache"
|
|
|
|
// Stops calling preg_quote and str_replace when not needed; only does it once
|
2010-12-01 09:17:27 -05:00
|
|
|
$regex = Array(
|
2010-12-16 00:36:40 -05:00
|
|
|
'board' => str_replace('%s', '(\w{1,8})', preg_quote(BOARD_PATH, '/')),
|
|
|
|
'page' => str_replace('%d', '(\d+)', preg_quote(FILE_PAGE, '/')),
|
|
|
|
'img' => preg_quote(DIR_IMG, '/'),
|
|
|
|
'thumb' => preg_quote(DIR_THUMB, '/'),
|
|
|
|
'res' => preg_quote(DIR_RES, '/'),
|
|
|
|
'index' => preg_quote(FILE_INDEX, '/')
|
2010-12-01 09:17:27 -05:00
|
|
|
);
|
|
|
|
|
|
|
|
if(preg_match('/^\/?$/', $query)) {
|
2010-12-02 02:02:48 -05:00
|
|
|
// Dashboard
|
2010-12-16 10:20:16 -05:00
|
|
|
$fieldset = Array(
|
|
|
|
'Boards' => '',
|
|
|
|
'Administration' => ''
|
|
|
|
);
|
2010-12-02 02:26:09 -05:00
|
|
|
|
2010-12-16 10:20:16 -05:00
|
|
|
// Boards
|
|
|
|
$fieldset['Boards'] .= ulBoards();
|
|
|
|
|
|
|
|
if($mod['type'] >= MOD_SHOW_CONFIG) {
|
|
|
|
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
|
|
|
|
}
|
2010-12-02 02:26:09 -05:00
|
|
|
|
2010-12-02 04:55:56 -05:00
|
|
|
// TODO: Statistics, etc, in the dashboard.
|
|
|
|
|
2010-12-16 10:20:16 -05:00
|
|
|
$body = '';
|
|
|
|
foreach($fieldset as $title => $data) {
|
|
|
|
if($data)
|
|
|
|
$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>";
|
|
|
|
}
|
|
|
|
|
2010-12-02 04:55:56 -05:00
|
|
|
echo Element('page.html', Array(
|
2010-12-02 02:26:09 -05:00
|
|
|
'index'=>ROOT,
|
|
|
|
'title'=>'Dashboard',
|
2010-12-10 04:57:34 -05:00
|
|
|
'body'=>$body
|
|
|
|
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
|
|
|
|
)
|
|
|
|
);
|
|
|
|
} elseif(preg_match('/^\/config$/', $query)) {
|
2010-12-16 10:20:16 -05:00
|
|
|
if($mod['type'] < MOD_SHOW_CONFIG) error(ERROR_NOACCESS);
|
2010-12-10 04:57:34 -05:00
|
|
|
|
|
|
|
// Show instance-config.php
|
|
|
|
|
2010-12-16 12:41:11 -05:00
|
|
|
//$data = highlight_file('inc/instance-config.php', true);
|
|
|
|
//if(MOD_NEVER_REAL_PASSWORD) {
|
|
|
|
// // Rough and dirty removal of password
|
|
|
|
// $data = str_replace(MY_PASSWORD, '*******', $data);
|
|
|
|
//}
|
|
|
|
|
|
|
|
$constants = get_defined_constants(true);
|
|
|
|
$constants = $constants['user'];
|
|
|
|
|
|
|
|
$data = '';
|
|
|
|
foreach($constants as $name => $value) {
|
2010-12-17 10:12:32 -05:00
|
|
|
if(MOD_NEVER_REAL_PASSWORD && $name == 'DB_PASSWORD')
|
2010-12-17 00:25:32 -05:00
|
|
|
$value = '<em>hidden</em>';
|
2010-12-16 12:41:11 -05:00
|
|
|
else {
|
|
|
|
// For some reason PHP is only giving me the first defined value (the default), so use constant()
|
|
|
|
$value = constant($name);
|
|
|
|
if(gettype($value) == 'boolean') {
|
|
|
|
$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
|
|
|
|
} elseif(gettype($value) == 'string') {
|
2010-12-17 11:15:12 -05:00
|
|
|
if(empty($value))
|
|
|
|
$value = '<em>empty</em>';
|
|
|
|
else
|
|
|
|
$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . '</span>';
|
2010-12-16 12:41:11 -05:00
|
|
|
} elseif(gettype($value) == 'integer') {
|
2010-12-17 00:25:32 -05:00
|
|
|
// Show permissions in a cleaner way
|
|
|
|
if(preg_match('/^MOD_/', $name) && $name != 'MOD_JANITOR' && $name != 'MOD_MOD' && $name != 'MOD_ADMIN') {
|
|
|
|
if($value == MOD_JANITOR)
|
|
|
|
$value = 'Janitor';
|
|
|
|
elseif($value == MOD_MOD)
|
|
|
|
$value = 'Mod';
|
|
|
|
elseif($value == MOD_ADMIN)
|
|
|
|
$value = 'Admin';
|
|
|
|
}
|
2010-12-16 12:41:11 -05:00
|
|
|
$value = '<span style="color:black;">' . $value . '</span>';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$data .=
|
|
|
|
'<tr><th style="text-align:left;">' .
|
|
|
|
$name .
|
|
|
|
'</th><td>' .
|
2010-12-17 00:25:32 -05:00
|
|
|
$value .
|
2010-12-16 12:41:11 -05:00
|
|
|
'</td></tr>';
|
2010-12-10 04:57:34 -05:00
|
|
|
}
|
|
|
|
|
2010-12-16 12:41:11 -05:00
|
|
|
$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>';
|
2010-12-10 04:57:34 -05:00
|
|
|
|
|
|
|
echo Element('page.html', Array(
|
|
|
|
'index'=>ROOT,
|
|
|
|
'title'=>'Configuration',
|
2010-12-10 04:42:16 -05:00
|
|
|
'body'=>$body,
|
|
|
|
'mod'=>true
|
2010-12-02 02:26:09 -05:00
|
|
|
)
|
2010-12-02 04:55:56 -05:00
|
|
|
);
|
|
|
|
} elseif(preg_match('/^\/new$/', $query)) {
|
2010-12-16 10:20:16 -05:00
|
|
|
if($mod['type'] < MOD_NEWBOARD) error(ERROR_NOACCESS);
|
2010-12-10 04:38:49 -05:00
|
|
|
|
2010-12-02 04:55:56 -05:00
|
|
|
// New board
|
|
|
|
$body = '';
|
|
|
|
|
|
|
|
if(isset($_POST['new_board'])) {
|
|
|
|
// Create new board
|
|
|
|
if( !isset($_POST['uri']) ||
|
|
|
|
!isset($_POST['title']) ||
|
|
|
|
!isset($_POST['subtitle'])
|
|
|
|
) error(ERROR_MISSEDAFIELD);
|
|
|
|
|
|
|
|
$b = Array(
|
|
|
|
'uri' => $_POST['uri'],
|
|
|
|
'title' => $_POST['title'],
|
|
|
|
'subtitle' => $_POST['subtitle']
|
|
|
|
);
|
|
|
|
|
|
|
|
// Check required fields
|
|
|
|
if(empty($b['uri']))
|
|
|
|
error(sprintf(ERROR_REQUIRED, 'URI'));
|
|
|
|
if(empty($b['title']))
|
|
|
|
error(sprintf(ERROR_REQUIRED, 'title'));
|
|
|
|
|
|
|
|
// Check string lengths
|
|
|
|
if(strlen($b['uri']) > 8)
|
|
|
|
error(sprintf(ERROR_TOOLONG, 'URI'));
|
|
|
|
if(strlen($b['title']) > 20)
|
|
|
|
error(sprintf(ERROR_TOOLONG, 'title'));
|
|
|
|
if(strlen($b['subtitle']) > 40)
|
|
|
|
error(sprintf(ERROR_TOOLONG, 'subtitle'));
|
|
|
|
|
|
|
|
if(!preg_match('/^\w+$/', $b['uri']))
|
|
|
|
error(sprintf(ERROR_INVALIDFIELD, 'URI'));
|
|
|
|
|
2010-12-17 09:18:03 -05:00
|
|
|
$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
|
|
|
|
$query->bindValue(':uri', $b['uri']);
|
|
|
|
$query->bindValue(':title', $b['title']);
|
|
|
|
if(!empty($b['subtitle'])) {
|
|
|
|
$query->bindValue(':subtitle', $b['subtitle']);
|
|
|
|
} else {
|
|
|
|
$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
|
|
|
|
}
|
|
|
|
$query->execute() or error(db_error($query));
|
2010-12-02 04:55:56 -05:00
|
|
|
|
|
|
|
// Open the board
|
|
|
|
openBoard($b['uri']) or error("Couldn't open board after creation.");
|
|
|
|
|
|
|
|
// Create the posts table
|
2010-12-17 09:18:03 -05:00
|
|
|
query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
|
2010-12-02 04:55:56 -05:00
|
|
|
|
|
|
|
// Build the board
|
|
|
|
buildIndex();
|
|
|
|
}
|
|
|
|
|
|
|
|
$body .= form_newBoard();
|
|
|
|
|
|
|
|
// TODO: Statistics, etc, in the dashboard.
|
|
|
|
|
|
|
|
echo Element('page.html', Array(
|
|
|
|
'index'=>ROOT,
|
|
|
|
'title'=>'New board',
|
2010-12-10 04:42:16 -05:00
|
|
|
'body'=>$body,
|
|
|
|
'mod'=>true
|
2010-12-02 04:55:56 -05:00
|
|
|
)
|
|
|
|
);
|
2010-12-16 05:28:03 -05:00
|
|
|
} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
|
2010-12-02 02:02:48 -05:00
|
|
|
// Board index
|
2010-12-01 09:17:27 -05:00
|
|
|
|
2010-12-02 02:02:48 -05:00
|
|
|
$boardName = $matches[1];
|
2010-12-16 05:28:03 -05:00
|
|
|
|
2010-12-02 02:02:48 -05:00
|
|
|
// Open board
|
2010-12-10 04:45:09 -05:00
|
|
|
if(!openBoard($boardName))
|
|
|
|
error(ERROR_NOBOARD);
|
2010-12-01 09:17:27 -05:00
|
|
|
|
2011-01-01 06:12:31 -05:00
|
|
|
if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], $mod)) {
|
2010-12-16 07:09:44 -05:00
|
|
|
error(ERROR_404);
|
|
|
|
}
|
2010-12-16 05:28:03 -05:00
|
|
|
$page['pages'] = getPages(true);
|
2010-12-10 05:15:44 -05:00
|
|
|
$page['mod'] = true;
|
|
|
|
|
|
|
|
echo Element('index.html', $page);
|
2010-12-16 00:36:40 -05:00
|
|
|
} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
|
|
|
|
// View thread
|
|
|
|
|
|
|
|
$boardName = $matches[1];
|
|
|
|
$thread = $matches[2];
|
|
|
|
// Open board
|
|
|
|
if(!openBoard($boardName))
|
|
|
|
error(ERROR_NOBOARD);
|
|
|
|
|
2011-01-01 06:12:31 -05:00
|
|
|
$page = buildThread($thread, true, $mod);
|
2010-12-16 00:36:40 -05:00
|
|
|
|
|
|
|
echo $page;
|
2011-01-01 06:12:31 -05:00
|
|
|
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
|
|
|
|
if($mod['type'] < MOD_DELETEFILE) error(ERROR_NOACCESS);
|
|
|
|
// Delete file from post
|
|
|
|
|
|
|
|
$boardName = $matches[1];
|
|
|
|
$post = $matches[2];
|
|
|
|
// Open board
|
|
|
|
if(!openBoard($boardName))
|
|
|
|
error(ERROR_NOBOARD);
|
|
|
|
|
|
|
|
// Delete post
|
|
|
|
deleteFile($post);
|
|
|
|
// Rebuild board
|
|
|
|
buildIndex();
|
|
|
|
|
|
|
|
|
|
|
|
// Redirect
|
|
|
|
if(isset($_SERVER['HTTP_REFERER']))
|
|
|
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
|
|
|
|
else
|
|
|
|
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
|
|
|
|
|
2010-12-16 00:36:40 -05:00
|
|
|
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
|
2010-12-16 10:20:16 -05:00
|
|
|
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
|
2010-12-16 00:36:40 -05:00
|
|
|
// Delete post
|
|
|
|
|
|
|
|
$boardName = $matches[1];
|
|
|
|
$post = $matches[2];
|
|
|
|
// Open board
|
|
|
|
if(!openBoard($boardName))
|
|
|
|
error(ERROR_NOBOARD);
|
|
|
|
|
|
|
|
// Delete post
|
|
|
|
deletePost($post);
|
|
|
|
// Rebuild board
|
|
|
|
buildIndex();
|
2010-12-16 03:13:04 -05:00
|
|
|
|
|
|
|
// Redirect
|
|
|
|
if(isset($_SERVER['HTTP_REFERER']))
|
|
|
|
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
|
|
|
|
else
|
|
|
|
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
|
|
|
|
|
2010-12-01 09:17:27 -05:00
|
|
|
} else {
|
2010-12-16 07:09:44 -05:00
|
|
|
error(ERROR_404);
|
2010-12-01 09:17:27 -05:00
|
|
|
}
|
2010-12-01 05:53:11 -05:00
|
|
|
}
|
2010-12-02 02:26:09 -05:00
|
|
|
|
|
|
|
// Close the connection in-case it's still open
|
|
|
|
sql_close();
|
2010-12-01 05:53:11 -05:00
|
|
|
?>
|
|
|
|
|