2011-06-15 13:11:52 -04:00
< ? php
2010-11-05 12:46:20 -04:00
require 'inc/functions.php' ;
require 'inc/display.php' ;
2010-11-30 03:21:06 -05:00
require 'inc/template.php' ;
2010-12-17 09:18:03 -05:00
require 'inc/database.php' ;
2010-11-05 12:46:20 -04:00
require 'inc/user.php' ;
2010-11-26 04:21:00 -05:00
// Fix for magic quotes
2010-11-05 12:46:20 -04:00
if ( get_magic_quotes_gpc ()) {
2010-11-26 04:20:04 -05:00
function strip_array ( $var ) {
2010-11-05 12:46:20 -04:00
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-01-20 21:14:11 -05:00
if ( isset ( $_POST [ 'delete' ])) {
// Delete
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ])
)
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'bot' ]);
2011-01-20 21:14:11 -05:00
2011-05-25 05:08:09 -04:00
$password = & $_POST [ 'password' ];
2011-01-20 21:14:11 -05:00
if ( empty ( $password ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-01-20 21:14:11 -05:00
$delete = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$delete [] = ( int ) $m [ 1 ];
}
}
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-01-20 21:14:11 -05:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-20 21:14:11 -05:00
2011-07-26 23:40:27 -04:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-01-20 21:14:11 -05:00
if ( empty ( $delete ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'nodelete' ]);
2011-01-20 21:14:11 -05:00
foreach ( $delete as & $id ) {
2011-04-05 01:57:01 -04:00
$query = prepare ( sprintf ( " SELECT `time`,`password` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-01-20 21:14:11 -05:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
if ( ! empty ( $password ) && $post [ 'password' ] != $password )
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-04-05 01:57:01 -04:00
if ( $post [ 'time' ] >= time () - $config [ 'delete_time' ]) {
error ( sprintf ( $config [ 'error' ][ 'delete_too_soon' ], until ( $post [ 'time' ] + $config [ 'delete_time' ])));
}
2011-01-20 21:14:11 -05:00
if ( isset ( $_POST [ 'file' ])) {
// Delete just the file
deleteFile ( $id );
} else {
// Delete entire post
deletePost ( $id );
}
}
}
buildIndex ();
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-12 01:25:15 -05:00
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-20 21:14:11 -05:00
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-02-20 01:19:57 -05:00
} elseif ( isset ( $_POST [ 'report' ])) {
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ]) ||
! isset ( $_POST [ 'reason' ])
)
error ( $config [ 'error' ][ 'bot' ]);
$report = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$report [] = ( int ) $m [ 1 ];
}
}
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-02-20 01:19:57 -05:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
error ( $config [ 'error' ][ 'noboard' ]);
2011-07-26 23:40:27 -04:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-02-20 01:19:57 -05:00
if ( empty ( $report ))
error ( $config [ 'error' ][ 'noreport' ]);
if ( count ( $report ) > $config [ 'report_limit' ])
error ( $config [ 'error' ][ 'toomanyreports' ]);
2011-05-25 05:08:09 -04:00
$reason = & $_POST [ 'reason' ];
2011-02-20 02:28:39 -05:00
markup ( $reason );
2011-02-20 01:19:57 -05:00
foreach ( $report as & $id ) {
$query = prepare ( sprintf ( " SELECT 1 FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
$query = prepare ( " INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason) " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':ip' , $_SERVER [ 'REMOTE_ADDR' ], PDO :: PARAM_STR );
$query -> bindValue ( ':board' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':post' , $id , PDO :: PARAM_INT );
2011-02-20 02:28:39 -05:00
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-02-20 01:19:57 -05:00
$query -> execute () or error ( db_error ( $query ));
}
}
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-20 21:14:11 -05:00
} elseif ( isset ( $_POST [ 'post' ])) {
2010-11-05 12:46:20 -04:00
if ( ! isset ( $_POST [ 'name' ]) ||
! isset ( $_POST [ 'email' ]) ||
! isset ( $_POST [ 'subject' ]) ||
! isset ( $_POST [ 'body' ]) ||
2010-11-30 04:40:37 -05:00
! isset ( $_POST [ 'board' ]) ||
2010-11-05 12:46:20 -04:00
! isset ( $_POST [ 'password' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
2010-11-30 07:17:26 -05:00
$post = Array ( 'board' => $_POST [ 'board' ]);
2010-11-05 12:46:20 -04:00
if ( isset ( $_POST [ 'thread' ])) {
$OP = false ;
$post [ 'thread' ] = round ( $_POST [ 'thread' ]);
} else $OP = true ;
2011-02-12 01:25:15 -05:00
if ( ! (( $OP && $_POST [ 'post' ] == $config [ 'button_newtopic' ]) ||
( ! $OP && $_POST [ 'post' ] == $config [ 'button_reply' ])))
error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
// Check the referrer
2011-10-03 03:38:19 -04:00
if ( ! isset ( $_SERVER [ 'HTTP_REFERER' ]) || ! preg_match ( $config [ 'referer_match' ], $_SERVER [ 'HTTP_REFERER' ]))
error ( $config [ 'error' ][ 'referer' ]);
2010-11-05 12:46:20 -04:00
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method.
/*
// Check if he has a valid cookie.
2011-02-12 01:25:15 -05:00
if ( ! $user [ 'valid' ]) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
// Check how long he has been here.
if ( time () - $user [ 'appeared' ] < LURKTIME ) error ( ERROR_LURK );
*/
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-01-18 20:37:31 -05:00
2010-11-30 07:17:26 -05:00
// Check if board exists
if ( ! openBoard ( $post [ 'board' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-11-30 07:17:26 -05:00
2011-07-26 23:40:27 -04:00
// Check if banned
checkBan ( $board [ 'uri' ]);
2011-06-15 14:59:16 -04:00
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ( $config [ 'recaptcha' ]) {
if ( ! isset ( $_POST [ 'recaptcha_challenge_field' ]) || ! isset ( $_POST [ 'recaptcha_response_field' ]))
error ( $config [ 'error' ][ 'bot' ]);
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer ( $config [ 'recaptcha_private' ],
$_SERVER [ 'REMOTE_ADDR' ],
$_POST [ 'recaptcha_challenge_field' ],
$_POST [ 'recaptcha_response_field' ]);
if ( ! $resp -> is_valid ) {
error ( $config [ 'error' ][ 'captcha' ]);
}
}
2011-09-15 06:34:45 -04:00
if ( checkSpam ())
error ( $config [ 'error' ][ 'spam' ]);
2011-02-17 09:27:20 -05:00
2011-02-16 04:37:57 -05:00
if ( $config [ 'robot_enable' ] && $config [ 'robot_mute' ]) {
checkMute ();
}
2011-01-20 03:24:41 -05:00
2010-11-30 07:17:26 -05:00
//Check if thread exists
2011-10-10 11:58:22 -04:00
if ( ! $OP ) {
$query = prepare ( sprintf ( " SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1 " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $post [ 'thread' ], PDO :: PARAM_INT );
$query -> execute () or error ( db_error ());
if ( ! $thread = $query -> fetch ()) {
// Non-existant
error ( $config [ 'error' ][ 'nonexistant' ]);
}
}
2011-05-18 03:05:48 -04:00
// Check for an embed field
2011-05-25 05:08:09 -04:00
if ( $config [ 'enable_embedding' ] && isset ( $_POST [ 'embed' ]) && ! empty ( $_POST [ 'embed' ])) {
2011-05-18 03:05:48 -04:00
// yep; validate it
2011-05-25 05:08:09 -04:00
$value = & $_POST [ 'embed' ];
2011-05-18 03:05:48 -04:00
foreach ( $config [ 'embedding' ] as & $embed ) {
if ( $html = preg_replace ( $embed [ 0 ], $embed [ 1 ], $value )) {
if ( $html == $value ) {
// Nope.
continue ;
}
// Width and height
$html = str_replace ( '%%tb_width%%' , $config [ 'embed_width' ], $html );
$html = str_replace ( '%%tb_height%%' , $config [ 'embed_height' ], $html );
// Validated. It works.
$post [ 'embed' ] = $html ;
// This looks messy right now, I know. I'll work on a better alternative later.
$post [ 'no_longer_require_an_image_for_op' ] = true ;
2011-05-25 05:11:22 -04:00
break ;
2011-05-18 03:05:48 -04:00
}
}
if ( ! isset ( $post [ 'embed' ])) {
error ( $config [ 'error' ][ 'invalid_embed' ]);
}
}
2010-11-05 12:46:20 -04:00
// Check for a file
2011-05-18 03:05:48 -04:00
if ( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) {
2010-11-05 12:46:20 -04:00
if ( ! isset ( $_FILES [ 'file' ][ 'tmp_name' ]) || empty ( $_FILES [ 'file' ][ 'tmp_name' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noimage' ]);
2010-11-05 12:46:20 -04:00
}
2011-02-17 04:12:09 -05:00
$post [ 'name' ] = ( ! empty ( $_POST [ 'name' ]) ? $_POST [ 'name' ] : $config [ 'anonymous' ]);
2011-05-25 05:08:09 -04:00
$post [ 'subject' ] = & $_POST [ 'subject' ];
2010-11-05 12:46:20 -04:00
$post [ 'email' ] = utf8tohtml ( $_POST [ 'email' ]);
2011-05-25 05:08:09 -04:00
$post [ 'body' ] = & $_POST [ 'body' ];
$post [ 'password' ] = & $_POST [ 'password' ];
2011-05-25 05:11:22 -04:00
$post [ 'has_file' ] = ! isset ( $post [ 'embed' ]) && (( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) || ( isset ( $_FILES [ 'file' ]) && ! empty ( $_FILES [ 'file' ][ 'tmp_name' ])));
2011-02-22 10:21:16 -05:00
2011-02-21 19:14:07 -05:00
$post [ 'mod' ] = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-22 10:21:16 -05:00
if ( $post [ 'has_file' ])
2011-03-27 07:35:42 -04:00
$post [ 'filename' ] = utf8tohtml ( get_magic_quotes_gpc () ? stripslashes ( $_FILES [ 'file' ][ 'name' ]) : $_FILES [ 'file' ][ 'name' ]);
2011-01-02 05:10:33 -05:00
2011-09-29 07:17:59 -04:00
if ( ! ( $post [ 'has_file' ] || isset ( $post [ 'embed' ])) || (( $OP && $config [ 'force_body_op' ]) || ( ! $OP && $config [ 'force_body' ]))) {
2011-02-21 19:09:43 -05:00
$stripped_whitespace = preg_replace ( '/[\s]/u' , '' , $post [ 'body' ]);
2011-09-25 02:34:34 -04:00
if ( empty ( $stripped_whitespace )) {
2011-02-21 19:09:43 -05:00
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-09-25 02:34:34 -04:00
}
2011-02-21 19:09:43 -05:00
}
2011-01-02 05:10:33 -05:00
if ( $post [ 'mod' ]) {
require 'inc/mod.php' ;
if ( ! $mod ) {
// Liar. You're not a mod.
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'notamod' ]);
2011-01-02 05:10:33 -05:00
}
2011-01-02 05:15:59 -05:00
2011-01-02 06:30:49 -05:00
$post [ 'sticky' ] = $OP && isset ( $_POST [ 'sticky' ]);
$post [ 'locked' ] = $OP && isset ( $_POST [ 'lock' ]);
2011-02-03 04:28:14 -05:00
$post [ 'raw' ] = isset ( $_POST [ 'raw' ]);
2011-01-02 09:15:55 -05:00
2011-02-12 01:25:15 -05:00
if ( $post [ 'sticky' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'locked' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'raw' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'rawhtml' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 05:10:33 -05:00
}
2010-11-05 12:46:20 -04:00
2011-01-02 09:33:57 -05:00
// Check if thread is locked
// but allow mods to post
2011-02-12 01:25:15 -05:00
if ( ! $OP && ( ! $mod || $mod [ 'type' ] < $config [ 'mod' ][ 'postinlocked' ])) {
2011-10-10 11:58:22 -04:00
if ( $thread [ 'locked' ])
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'locked' ]);
2011-01-02 09:33:57 -05:00
}
2010-11-05 12:46:20 -04:00
if ( $post [ 'has_file' ]) {
$size = $_FILES [ 'file' ][ 'size' ];
2011-02-12 01:25:15 -05:00
if ( $size > $config [ 'max_filesize' ])
error ( sprintf3 ( $config [ 'error' ][ 'filesize' ], array (
2010-11-04 11:20:19 -04:00
'sz' => commaize ( $size ),
'filesz' => commaize ( $size ),
2011-02-12 01:25:15 -05:00
'maxsz' => commaize ( $config [ 'max_filesize' ]))));
2010-11-05 12:46:20 -04:00
}
2011-02-12 01:25:15 -05:00
if ( $mod && $mod [ 'type' ] >= MOD && preg_match ( '/^((.+) )?## (.+)$/' , $post [ 'name' ], $match )) {
if (( $mod [ 'type' ] == MOD && $match [ 3 ] == 'Mod' ) || $mod [ 'type' ] >= ADMIN ) {
2011-04-12 07:08:54 -04:00
$post [ 'capcode' ] = utf8tohtml ( $match [ 3 ]);
2011-02-17 04:12:09 -05:00
$post [ 'name' ] = ! empty ( $match [ 2 ]) ? $match [ 2 ] : $config [ 'anonymous' ];
2011-01-18 20:37:31 -05:00
}
} else {
2011-04-12 07:08:54 -04:00
$post [ 'capcode' ] = false ;
2011-01-18 20:37:31 -05:00
}
2010-11-05 12:46:20 -04:00
$trip = generate_tripcode ( $post [ 'name' ]);
2011-05-25 05:08:09 -04:00
$post [ 'name' ] = & $trip [ 0 ];
2010-11-05 12:46:20 -04:00
$post [ 'trip' ] = ( isset ( $trip [ 1 ]) ? $trip [ 1 ] : '' );
2011-03-28 00:52:02 -04:00
if ( strtolower ( $post [ 'email' ]) == 'noko' ) {
2010-11-05 12:46:20 -04:00
$noko = true ;
$post [ 'email' ] = '' ;
} else $noko = false ;
if ( $post [ 'has_file' ]) {
$post [ 'extension' ] = strtolower ( substr ( $post [ 'filename' ], strrpos ( $post [ 'filename' ], '.' ) + 1 ));
2011-02-03 04:28:14 -05:00
$post [ 'file_id' ] = time () . rand ( 100 , 999 );
2011-02-12 01:25:15 -05:00
$post [ 'file' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'img' ] . $post [ 'file_id' ] . '.' . $post [ 'extension' ];
2011-04-12 14:08:59 -04:00
$post [ 'thumb' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ] . $post [ 'file_id' ] . '.' . ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ]);
2010-11-05 12:46:20 -04:00
}
// Check string lengths
2011-02-12 01:25:15 -05:00
if ( strlen ( $post [ 'name' ]) > 50 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'name' ));
2011-02-17 05:20:04 -05:00
if ( strlen ( $post [ 'email' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'email' ));
2011-08-26 22:11:34 -04:00
if ( strlen ( $post [ 'subject' ]) > 100 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subject' ));
2011-03-26 03:43:19 -04:00
if ( ! $mod && strlen ( $post [ 'body' ]) > $config [ 'max_body' ]) error ( $config [ 'error' ][ 'toolong_body' ]);
2011-02-12 01:25:15 -05:00
if ( strlen ( $post [ 'password' ]) > 20 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'password' ));
2010-11-05 12:46:20 -04:00
2011-04-06 05:18:36 -04:00
wordfilters ( $post [ 'body' ]);
2011-01-20 03:24:41 -05:00
$post [ 'body_nomarkup' ] = $post [ 'body' ];
2011-02-03 04:28:14 -05:00
2011-06-11 02:08:29 -04:00
if ( ! ( $mod && isset ( $post [ 'raw' ]) && $post [ 'raw' ]))
2011-02-03 04:28:14 -05:00
markup ( $post [ 'body' ]);
2010-11-05 12:46:20 -04:00
2011-01-18 01:11:28 -05:00
// Check for a flood
2011-09-15 06:34:45 -04:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'flood' ]) && checkFlood ( $post )) {
error ( $config [ 'error' ][ 'flood' ]);
}
2011-01-18 08:41:43 -05:00
2011-03-26 07:50:03 -04:00
// Custom anti-spam filters
if ( isset ( $config [ 'flood_filters' ])) {
foreach ( $config [ 'flood_filters' ] as & $filter ) {
2011-03-27 05:38:11 -04:00
unset ( $did_not_match );
2011-03-26 07:50:03 -04:00
// Set up default stuff
if ( ! isset ( $filter [ 'action' ]))
$filter [ 'action' ] = 'reject' ;
if ( ! isset ( $filter [ 'message' ]))
$filter [ 'message' ] = 'Posting throttled by flood filter.' ;
2011-09-17 13:17:54 -04:00
foreach ( $filter [ 'condition' ] as $condition => $value ) {
2011-03-26 07:50:03 -04:00
if ( $condition == 'posts_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X posts in the past X minutes (on this board)
$query = prepare ( sprintf ( " SELECT COUNT(*) AS `posts` FROM `posts_%s` WHERE `time` >= :time " , $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
} elseif ( $condition == 'threads_with_no_replies_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X new empty threads posted in the past X minutes (on this board)
// Confusing query. I couldn't think of anything simpler...
$query = prepare ( sprintf ( " SELECT ((SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL AND `time` >= :time) - COUNT(DISTINCT(`threads`.`id`))) AS `posts` FROM `posts_%s` AS `threads` INNER JOIN `posts_%s` AS `replies` ON `replies`.`thread` = `threads`.`id` WHERE `threads`.`thread` IS NULL AND `threads`.`time` >= :time " , $board [ 'uri' ], $board [ 'uri' ], $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
2011-03-27 08:06:57 -04:00
} elseif ( $condition == 'name' ) {
if ( preg_match ( $value , $post [ 'name' ]))
continue ;
} elseif ( $condition == 'trip' ) {
if ( preg_match ( $value , $post [ 'trip' ]))
continue ;
} elseif ( $condition == 'email' ) {
if ( preg_match ( $value , $post [ 'email' ]))
continue ;
} elseif ( $condition == 'subject' ) {
if ( preg_match ( $value , $post [ 'subject' ]))
continue ;
} elseif ( $condition == 'body' ) {
if ( preg_match ( $value , $post [ 'body_nomarkup' ]))
continue ;
2011-03-27 08:23:12 -04:00
} elseif ( $condition == 'extension' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'extension' ]))
continue ;
} elseif ( $condition == 'filename' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'filename' ]))
continue ;
} elseif ( $condition == 'has_file' ) {
if ( $value == $post [ 'has_file' ])
continue ;
} elseif ( $condition == 'ip' ) {
2011-03-27 08:13:24 -04:00
if ( preg_match ( $value , $_SERVER [ 'REMOTE_ADDR' ]))
continue ;
2011-03-26 07:50:03 -04:00
} elseif ( $condition == 'OP' ) {
// Am I OP?
2011-03-27 05:38:11 -04:00
if ( $value == $OP )
2011-03-26 07:50:03 -04:00
continue ;
} else {
// Unknown block
continue ;
}
$did_not_match = true ;
break ;
}
2011-09-17 13:17:54 -04:00
if ( ! isset ( $did_not_match )) {
// Matched filter!
if ( isset ( $filter ) && $filter [ 'action' ] == 'reject' ) {
error ( $filter [ 'message' ]);
}
2011-03-26 07:50:03 -04:00
}
}
}
2010-11-05 12:46:20 -04:00
if ( $post [ 'has_file' ]) {
2011-04-13 06:57:41 -04:00
if ( ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext' ]) && ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]))
error ( $config [ 'error' ][ 'unknownext' ]);
2011-10-01 07:43:23 -04:00
$is_an_image = ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]);
2011-04-13 06:57:41 -04:00
2011-10-01 08:12:31 -04:00
// Truncate filename if it is too long
$post [ 'filename' ] = substr ( $post [ 'filename' ], 0 , $config [ 'max_filename_len' ]);
2010-11-05 12:46:20 -04:00
// Move the uploaded file
2011-02-12 01:25:15 -05:00
if ( !@ move_uploaded_file ( $_FILES [ 'file' ][ 'tmp_name' ], $post [ 'file' ])) error ( $config [ 'error' ][ 'nomove' ]);
2010-11-05 12:46:20 -04:00
2011-10-01 07:43:23 -04:00
if ( $is_an_image ) {
2011-04-13 06:57:41 -04:00
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents ( $post [ 'file' ], null , null , null , 255 );
if ( preg_match ( $config [ 'ie_mime_type_detection' ], $buffer )) {
undoImage ( $post );
error ( $config [ 'error' ][ 'mime_exploit' ]);
}
2011-04-12 08:58:01 -04:00
2011-07-12 06:29:35 -04:00
require_once 'inc/image.php' ;
2011-08-24 04:22:07 -04:00
if ( $config [ 'imagick' ]) {
// This is tricky, because Imagick won't let us find
// an image's dimensions without loading it all into
// memory first, unlike GD which provides the
// getimagesize() to do exactly that. This section
// is why GD is required, even when using Imagick
// instead. There doesn't seem to be an alternative.
// Necessary for security, as Imagick even ignores
// PHP's memory limit.
// first try GD's getimagesize()
if ( $size = @ getimagesize ( $post [ 'file' ])) {
if ( $size [ 0 ] > $config [ 'max_width' ] || $size [ 1 ] > $config [ 'max_height' ]) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'maxsize' ]);
}
} else {
// GD failed
// TODO?
}
} else {
// find dimensions of an image using GD
if ( ! $size = @ getimagesize ( $post [ 'file' ])) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'invalidimg' ]);
}
if ( $size [ 0 ] > $config [ 'max_width' ] || $size [ 1 ] > $config [ 'max_height' ]) {
file_unlink ( $post [ 'file' ]);
error ( $config [ 'error' ][ 'maxsize' ]);
}
}
2011-07-12 06:29:35 -04:00
// create image object
$image = new Image ( $post [ 'file' ], $post [ 'extension' ]);
if ( $image -> size -> width > $config [ 'max_width' ] || $image -> size -> height > $config [ 'max_height' ]) {
$image -> delete ();
error ( $config [ 'error' ][ 'maxsize' ]);
}
2011-07-18 08:06:24 -04:00
$post [ 'width' ] = $image -> size -> width ;
$post [ 'height' ] = $image -> size -> height ;
2011-07-12 06:29:35 -04:00
2011-10-03 11:46:39 -04:00
if ( $config [ 'spoiler_images' ] && isset ( $_POST [ 'spoiler' ])) {
$post [ 'thumb' ] = 'spoiler' ;
$size = @ getimagesize ( $config [ 'spoiler_image' ]);
$post [ 'thumbwidth' ] = $size [ 0 ];
$post [ 'thumbheight' ] = $size [ 1 ];
} elseif ( $config [ 'minimum_copy_resize' ] &&
2011-07-12 06:29:35 -04:00
$image -> size -> width <= $config [ 'thumb_width' ] &&
$image -> size -> height <= $config [ 'thumb_height' ] &&
$post [ 'extension' ] == ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ])) {
2011-10-03 11:46:39 -04:00
2011-04-13 06:57:41 -04:00
// Copy, because there's nothing to resize
copy ( $post [ 'file' ], $post [ 'thumb' ]);
2011-10-03 11:46:39 -04:00
2011-07-12 06:29:35 -04:00
$post [ 'thumbwidth' ] = $image -> size -> width ;
$post [ 'thumbheight' ] = $image -> size -> height ;
2011-04-13 06:57:41 -04:00
} else {
2011-07-12 06:29:35 -04:00
$thumb = $image -> resize ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ], $config [ 'thumb_width' ], $config [ 'thumb_height' ]);
$thumb -> to ( $post [ 'thumb' ]);
2011-10-03 11:46:39 -04:00
2011-07-12 06:29:35 -04:00
$post [ 'thumbwidth' ] = $thumb -> width ;
$post [ 'thumbheight' ] = $thumb -> height ;
2011-10-03 11:46:39 -04:00
2011-07-12 06:29:35 -04:00
$thumb -> _destroy ();
2011-04-13 06:57:41 -04:00
}
2011-07-12 06:29:35 -04:00
$image -> destroy ();
2011-04-13 06:57:41 -04:00
} else {
2011-10-01 07:43:23 -04:00
// not an image
2011-04-13 06:57:41 -04:00
2011-10-01 07:43:23 -04:00
//copy($config['file_thumb'], $post['thumb']);
$post [ 'thumb' ] = 'file' ;
$size = @ getimagesize ( $config [ 'file_thumb' ]);
2011-04-13 06:57:41 -04:00
$post [ 'thumbwidth' ] = $size [ 0 ];
$post [ 'thumbheight' ] = $size [ 1 ];
2011-04-12 08:58:01 -04:00
}
2011-04-13 06:57:41 -04:00
$post [ 'filehash' ] = $config [ 'file_hash' ]( $post [ 'file' ]);
$post [ 'filesize' ] = filesize ( $post [ 'file' ]);
2010-11-05 12:46:20 -04:00
}
2011-02-19 04:39:13 -05:00
if ( $post [ 'has_file' ] && $config [ 'image_reject_repost' ] && $p = getPostByHash ( $post [ 'filehash' ])) {
2011-02-19 03:45:54 -05:00
undoImage ( $post );
error ( sprintf ( $config [ 'error' ][ 'fileexists' ],
$post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ] .
$board [ 'dir' ] . $config [ 'dir' ][ 'res' ] .
2011-02-19 03:48:13 -05:00
( $p [ 'thread' ] ?
$p [ 'thread' ] . '.html#' . $p [ 'id' ]
2011-02-19 03:45:54 -05:00
:
2011-02-19 03:48:13 -05:00
$p [ 'id' ] . '.html'
2011-02-19 03:45:54 -05:00
)
));
}
2011-03-14 07:30:42 -04:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'postunoriginal' ]) && $config [ 'robot_enable' ] && checkRobot ( $post [ 'body_nomarkup' ])) {
undoImage ( $post );
if ( $config [ 'robot_mute' ]) {
error ( sprintf ( $config [ 'error' ][ 'muted' ], mute ()));
} else {
error ( $config [ 'error' ][ 'unoriginal' ]);
}
}
2010-11-05 12:46:20 -04:00
// Remove DIR_* before inserting them into the database.
2010-11-30 03:25:50 -05:00
if ( $post [ 'has_file' ]) {
2011-02-12 01:25:15 -05:00
$post [ 'file' ] = substr_replace ( $post [ 'file' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'img' ]));
2011-10-03 11:46:39 -04:00
if ( $is_an_image && $post [ 'thumb' ] != 'spoiler' )
2011-10-01 07:43:23 -04:00
$post [ 'thumb' ] = substr_replace ( $post [ 'thumb' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ]));
2010-11-30 03:25:50 -05:00
}
2010-11-05 12:46:20 -04:00
// Todo: Validate some more, remove messy code, allow more specific configuration
$id = post ( $post , $OP );
2011-02-03 04:28:14 -05:00
buildThread (( $OP ? $id : $post [ 'thread' ]));
2011-10-10 11:58:22 -04:00
if ( ! $OP && strtolower ( $post [ 'email' ]) != 'sage' && ! $thread [ 'sage' ] && ( $config [ 'reply_limit' ] == 0 || numPosts ( $post [ 'thread' ]) < $config [ 'reply_limit' ])) {
2011-02-03 04:28:14 -05:00
bumpThread ( $post [ 'thread' ]);
2010-11-05 12:46:20 -04:00
}
2011-01-18 08:41:43 -05:00
if ( $OP )
clean ();
2010-11-05 12:46:20 -04:00
buildIndex ();
2011-04-22 10:38:25 -04:00
if ( isset ( $_SERVER [ 'HTTP_REFERER' ])) {
// Tell Javascript that we posted successfully
if ( isset ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]))
$js = json_decode ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]);
else
$js = ( object ) Array ();
// Tell it to delete the cached post for referer
$js -> { $_SERVER [ 'HTTP_REFERER' ]} = true ;
// Encode and set cookie
setcookie ( $config [ 'cookies' ][ 'js' ], json_encode ( $js ), 0 , $config [ 'cookies' ][ 'jail' ] ? $config [ 'cookies' ][ 'path' ] : '/' , null , false , false );
}
2011-04-06 04:31:26 -04:00
2011-02-12 01:25:15 -05:00
$root = $post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-02 05:15:59 -05:00
2011-02-12 01:25:15 -05:00
if ( $config [ 'always_noko' ] || $noko ) {
2011-05-20 08:44:11 -04:00
$redirect = $root . $board [ 'dir' ] . $config [ 'dir' ][ 'res' ] . sprintf ( $config [ 'file_page' ], $OP ? $id : $post [ 'thread' ]) . ( ! $OP ? '#' . $id : '' );
2010-11-05 12:46:20 -04:00
} else {
2011-04-19 11:50:35 -04:00
$redirect = $root . $board [ 'dir' ] . $config [ 'file_index' ];
2010-11-05 12:46:20 -04:00
}
2011-05-27 11:43:04 -04:00
rebuildThemes ( 'post' );
2011-04-19 11:50:35 -04:00
header ( 'Location: ' . $redirect , true , $config [ 'redirect_http' ]);
2010-11-05 12:46:20 -04:00
exit ;
} else {
2011-02-12 01:25:15 -05:00
if ( ! file_exists ( $config [ 'has_installed' ])) {
2011-10-08 04:08:46 -04:00
header ( 'Location: install.php' , true , $config [ 'redirect_http' ]);
2010-11-30 04:40:37 -05:00
} else {
// They opened post.php in their browser manually.
// Possible TODO: Redirect back to homepage.
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'nopost' ]);
2010-11-05 12:46:20 -04:00
}
}
?>
