2011-01-20 03:28:53 -05:00
< ? php
2010-11-05 12:46:20 -04:00
require 'inc/functions.php' ;
require 'inc/display.php' ;
2010-11-30 03:21:06 -05:00
require 'inc/template.php' ;
2010-12-17 09:18:03 -05:00
require 'inc/database.php' ;
2010-11-05 12:46:20 -04:00
require 'inc/user.php' ;
2010-11-26 04:21:00 -05:00
// Fix for magic quotes
2010-11-05 12:46:20 -04:00
if ( get_magic_quotes_gpc ()) {
2010-11-26 04:20:04 -05:00
function strip_array ( $var ) {
2010-11-05 12:46:20 -04:00
return is_array ( $var ) ? array_map ( " strip_array " , $var ) : stripslashes ( $var );
}
$_SESSION = strip_array ( $_SESSION );
$_GET = strip_array ( $_GET );
$_POST = strip_array ( $_POST );
}
2011-01-20 21:14:11 -05:00
if ( isset ( $_POST [ 'delete' ])) {
// Delete
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ])
)
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'bot' ]);
2011-01-20 21:14:11 -05:00
$password = $_POST [ 'password' ];
if ( empty ( $password ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-01-20 21:14:11 -05:00
$delete = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$delete [] = ( int ) $m [ 1 ];
}
}
2011-04-22 10:38:25 -04:00
2011-01-20 21:14:11 -05:00
// Check if banned
checkBan ();
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-01-20 21:14:11 -05:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2011-01-20 21:14:11 -05:00
if ( empty ( $delete ))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'nodelete' ]);
2011-01-20 21:14:11 -05:00
foreach ( $delete as & $id ) {
2011-04-05 01:57:01 -04:00
$query = prepare ( sprintf ( " SELECT `time`,`password` FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
2011-01-20 21:14:11 -05:00
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
if ( ! empty ( $password ) && $post [ 'password' ] != $password )
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'invalidpassword' ]);
2011-04-05 01:57:01 -04:00
if ( $post [ 'time' ] >= time () - $config [ 'delete_time' ]) {
error ( sprintf ( $config [ 'error' ][ 'delete_too_soon' ], until ( $post [ 'time' ] + $config [ 'delete_time' ])));
}
2011-01-20 21:14:11 -05:00
if ( isset ( $_POST [ 'file' ])) {
// Delete just the file
deleteFile ( $id );
} else {
// Delete entire post
deletePost ( $id );
}
}
}
buildIndex ();
sql_close ();
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-12 01:25:15 -05:00
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-20 21:14:11 -05:00
2011-02-12 01:25:15 -05:00
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-02-20 01:19:57 -05:00
} elseif ( isset ( $_POST [ 'report' ])) {
if ( ! isset ( $_POST [ 'board' ]) ||
! isset ( $_POST [ 'password' ]) ||
! isset ( $_POST [ 'reason' ])
)
error ( $config [ 'error' ][ 'bot' ]);
$report = Array ();
foreach ( $_POST as $post => $value ) {
if ( preg_match ( '/^delete_(\d+)$/' , $post , $m )) {
$report [] = ( int ) $m [ 1 ];
}
}
2011-04-22 10:38:25 -04:00
2011-02-20 01:19:57 -05:00
// Check if banned
checkBan ();
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-02-20 01:19:57 -05:00
// Check if board exists
if ( ! openBoard ( $_POST [ 'board' ]))
error ( $config [ 'error' ][ 'noboard' ]);
if ( empty ( $report ))
error ( $config [ 'error' ][ 'noreport' ]);
if ( count ( $report ) > $config [ 'report_limit' ])
error ( $config [ 'error' ][ 'toomanyreports' ]);
2011-02-20 02:28:39 -05:00
$reason = $_POST [ 'reason' ];
markup ( $reason );
2011-02-20 01:19:57 -05:00
foreach ( $report as & $id ) {
$query = prepare ( sprintf ( " SELECT 1 FROM `posts_%s` WHERE `id` = :id " , $board [ 'uri' ]));
$query -> bindValue ( ':id' , $id , PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if ( $post = $query -> fetch ()) {
$query = prepare ( " INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason) " );
$query -> bindValue ( ':time' , time (), PDO :: PARAM_INT );
$query -> bindValue ( ':ip' , $_SERVER [ 'REMOTE_ADDR' ], PDO :: PARAM_STR );
$query -> bindValue ( ':board' , $board [ 'id' ], PDO :: PARAM_INT );
$query -> bindValue ( ':post' , $id , PDO :: PARAM_INT );
2011-02-20 02:28:39 -05:00
$query -> bindValue ( ':reason' , $reason , PDO :: PARAM_STR );
2011-02-20 01:19:57 -05:00
$query -> execute () or error ( db_error ( $query ));
}
}
sql_close ();
2011-01-20 21:14:11 -05:00
2011-02-20 01:19:57 -05:00
$is_mod = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
$root = $is_mod ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
header ( 'Location: ' . $root . $board [ 'dir' ] . $config [ 'file_index' ], true , $config [ 'redirect_http' ]);
2011-01-20 21:14:11 -05:00
} elseif ( isset ( $_POST [ 'post' ])) {
2010-11-05 12:46:20 -04:00
if ( ! isset ( $_POST [ 'name' ]) ||
! isset ( $_POST [ 'email' ]) ||
! isset ( $_POST [ 'subject' ]) ||
! isset ( $_POST [ 'body' ]) ||
2010-11-30 04:40:37 -05:00
! isset ( $_POST [ 'board' ]) ||
2010-11-05 12:46:20 -04:00
! isset ( $_POST [ 'password' ])
2011-02-12 01:25:15 -05:00
) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
2010-11-30 07:17:26 -05:00
$post = Array ( 'board' => $_POST [ 'board' ]);
2010-11-05 12:46:20 -04:00
if ( isset ( $_POST [ 'thread' ])) {
$OP = false ;
$post [ 'thread' ] = round ( $_POST [ 'thread' ]);
} else $OP = true ;
2011-02-12 01:25:15 -05:00
if ( ! (( $OP && $_POST [ 'post' ] == $config [ 'button_newtopic' ]) ||
( ! $OP && $_POST [ 'post' ] == $config [ 'button_reply' ])))
error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
// Check the referrer
if ( $OP ) {
2011-02-12 01:25:15 -05:00
if ( ! isset ( $_SERVER [ 'HTTP_REFERER' ]) || ! preg_match ( $config [ 'url_match' ], $_SERVER [ 'HTTP_REFERER' ])) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
}
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method.
/*
// Check if he has a valid cookie.
2011-02-12 01:25:15 -05:00
if ( ! $user [ 'valid' ]) error ( $config [ 'error' ][ 'bot' ]);
2010-11-05 12:46:20 -04:00
// Check how long he has been here.
if ( time () - $user [ 'appeared' ] < LURKTIME ) error ( ERROR_LURK );
*/
2011-01-01 09:37:52 -05:00
// Check if banned
checkBan ();
2011-05-19 03:37:23 -04:00
checkDNSBL ();
2011-01-18 20:37:31 -05:00
2010-11-30 07:17:26 -05:00
// Check if board exists
if ( ! openBoard ( $post [ 'board' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noboard' ]);
2010-11-30 07:17:26 -05:00
2011-03-14 07:30:42 -04:00
if ( ! preg_match ( '/^208\.54\.39\./' , $_SERVER [ 'REMOTE_ADDR' ]) && checkSpam ())
2011-02-17 09:27:20 -05:00
error ( $config [ 'error' ][ 'spam' ]);
2011-02-16 04:37:57 -05:00
if ( $config [ 'robot_enable' ] && $config [ 'robot_mute' ]) {
checkMute ();
}
2011-01-20 03:24:41 -05:00
2010-11-30 07:17:26 -05:00
//Check if thread exists
if ( ! $OP && ! threadExists ( $post [ 'thread' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'nonexistant' ]);
2011-05-18 03:05:48 -04:00
// Check for an embed field
if ( $config [ 'enable_enbedding' ] && isset ( $_POST [ 'embed' ]) && ! empty ( $_POST [ 'embed' ])) {
// yep; validate it
$value = $_POST [ 'embed' ];
foreach ( $config [ 'embedding' ] as & $embed ) {
if ( $html = preg_replace ( $embed [ 0 ], $embed [ 1 ], $value )) {
if ( $html == $value ) {
// Nope.
continue ;
}
// Width and height
$html = str_replace ( '%%tb_width%%' , $config [ 'embed_width' ], $html );
$html = str_replace ( '%%tb_height%%' , $config [ 'embed_height' ], $html );
// Validated. It works.
$post [ 'embed' ] = $html ;
// This looks messy right now, I know. I'll work on a better alternative later.
$post [ 'no_longer_require_an_image_for_op' ] = true ;
}
}
if ( ! isset ( $post [ 'embed' ])) {
error ( $config [ 'error' ][ 'invalid_embed' ]);
}
}
2010-11-05 12:46:20 -04:00
// Check for a file
2011-05-18 03:05:48 -04:00
if ( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) {
2010-11-05 12:46:20 -04:00
if ( ! isset ( $_FILES [ 'file' ][ 'tmp_name' ]) || empty ( $_FILES [ 'file' ][ 'tmp_name' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'noimage' ]);
2010-11-05 12:46:20 -04:00
}
2011-02-17 04:12:09 -05:00
$post [ 'name' ] = ( ! empty ( $_POST [ 'name' ]) ? $_POST [ 'name' ] : $config [ 'anonymous' ]);
2010-11-05 12:46:20 -04:00
$post [ 'subject' ] = $_POST [ 'subject' ];
$post [ 'email' ] = utf8tohtml ( $_POST [ 'email' ]);
$post [ 'body' ] = $_POST [ 'body' ];
$post [ 'password' ] = $_POST [ 'password' ];
2011-05-18 03:05:48 -04:00
$post [ 'has_file' ] = ( $OP && ! isset ( $post [ 'no_longer_require_an_image_for_op' ])) || ( isset ( $_FILES [ 'file' ]) && ! empty ( $_FILES [ 'file' ][ 'tmp_name' ]));
2011-02-22 10:21:16 -05:00
2011-02-21 19:14:07 -05:00
$post [ 'mod' ] = isset ( $_POST [ 'mod' ]) && $_POST [ 'mod' ];
2011-02-22 10:21:16 -05:00
if ( $post [ 'has_file' ])
2011-03-27 07:35:42 -04:00
$post [ 'filename' ] = utf8tohtml ( get_magic_quotes_gpc () ? stripslashes ( $_FILES [ 'file' ][ 'name' ]) : $_FILES [ 'file' ][ 'name' ]);
2011-01-02 05:10:33 -05:00
2011-02-21 19:09:43 -05:00
if ( $config [ 'force_body' ] && empty ( $post [ 'body' ]))
2011-02-19 03:45:54 -05:00
error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-01-18 20:37:31 -05:00
2011-02-21 19:09:43 -05:00
if ( $config [ 'reject_blank' ] && ! empty ( $post [ 'body' ])) {
$stripped_whitespace = preg_replace ( '/[\s]/u' , '' , $post [ 'body' ]);
if ( empty ( $stripped_whitespace ))
error ( $config [ 'error' ][ 'tooshort_body' ]);
}
2011-01-02 05:10:33 -05:00
if ( $post [ 'mod' ]) {
require 'inc/mod.php' ;
if ( ! $mod ) {
// Liar. You're not a mod.
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'notamod' ]);
2011-01-02 05:10:33 -05:00
}
2011-01-02 05:15:59 -05:00
2011-01-02 06:30:49 -05:00
$post [ 'sticky' ] = $OP && isset ( $_POST [ 'sticky' ]);
$post [ 'locked' ] = $OP && isset ( $_POST [ 'lock' ]);
2011-02-03 04:28:14 -05:00
$post [ 'raw' ] = isset ( $_POST [ 'raw' ]);
2011-01-02 09:15:55 -05:00
2011-02-12 01:25:15 -05:00
if ( $post [ 'sticky' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'sticky' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'locked' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'lock' ]) error ( $config [ 'error' ][ 'noaccess' ]);
if ( $post [ 'raw' ] && $mod [ 'type' ] < $config [ 'mod' ][ 'rawhtml' ]) error ( $config [ 'error' ][ 'noaccess' ]);
2011-01-02 05:10:33 -05:00
}
2010-11-05 12:46:20 -04:00
2011-01-02 09:33:57 -05:00
// Check if thread is locked
// but allow mods to post
2011-02-12 01:25:15 -05:00
if ( ! $OP && ( ! $mod || $mod [ 'type' ] < $config [ 'mod' ][ 'postinlocked' ])) {
2011-01-02 09:41:14 -05:00
if ( threadLocked ( $post [ 'thread' ]))
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'locked' ]);
2011-01-02 09:33:57 -05:00
}
2010-11-05 12:46:20 -04:00
if ( $post [ 'has_file' ]) {
$size = $_FILES [ 'file' ][ 'size' ];
2011-02-12 01:25:15 -05:00
if ( $size > $config [ 'max_filesize' ])
error ( sprintf3 ( $config [ 'error' ][ 'filesize' ], array (
2010-11-04 11:20:19 -04:00
'sz' => commaize ( $size ),
'filesz' => commaize ( $size ),
2011-02-12 01:25:15 -05:00
'maxsz' => commaize ( $config [ 'max_filesize' ]))));
2010-11-05 12:46:20 -04:00
}
2011-02-12 01:25:15 -05:00
if ( $mod && $mod [ 'type' ] >= MOD && preg_match ( '/^((.+) )?## (.+)$/' , $post [ 'name' ], $match )) {
if (( $mod [ 'type' ] == MOD && $match [ 3 ] == 'Mod' ) || $mod [ 'type' ] >= ADMIN ) {
2011-04-12 07:08:54 -04:00
$post [ 'capcode' ] = utf8tohtml ( $match [ 3 ]);
2011-02-17 04:12:09 -05:00
$post [ 'name' ] = ! empty ( $match [ 2 ]) ? $match [ 2 ] : $config [ 'anonymous' ];
2011-01-18 20:37:31 -05:00
}
} else {
2011-04-12 07:08:54 -04:00
$post [ 'capcode' ] = false ;
2011-01-18 20:37:31 -05:00
}
2010-11-05 12:46:20 -04:00
$trip = generate_tripcode ( $post [ 'name' ]);
$post [ 'name' ] = $trip [ 0 ];
$post [ 'trip' ] = ( isset ( $trip [ 1 ]) ? $trip [ 1 ] : '' );
2011-03-28 00:52:02 -04:00
if ( strtolower ( $post [ 'email' ]) == 'noko' ) {
2010-11-05 12:46:20 -04:00
$noko = true ;
$post [ 'email' ] = '' ;
} else $noko = false ;
if ( $post [ 'has_file' ]) {
$post [ 'extension' ] = strtolower ( substr ( $post [ 'filename' ], strrpos ( $post [ 'filename' ], '.' ) + 1 ));
2011-02-03 04:28:14 -05:00
$post [ 'file_id' ] = time () . rand ( 100 , 999 );
2011-02-12 01:25:15 -05:00
$post [ 'file' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'img' ] . $post [ 'file_id' ] . '.' . $post [ 'extension' ];
2011-04-12 14:08:59 -04:00
$post [ 'thumb' ] = $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ] . $post [ 'file_id' ] . '.' . ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ]);
2010-11-05 12:46:20 -04:00
}
// Check string lengths
2011-02-12 01:25:15 -05:00
if ( strlen ( $post [ 'name' ]) > 50 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'name' ));
2011-02-17 05:20:04 -05:00
if ( strlen ( $post [ 'email' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'email' ));
2011-02-12 01:25:15 -05:00
if ( strlen ( $post [ 'subject' ]) > 40 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'subject' ));
2011-03-26 03:43:19 -04:00
if ( ! $mod && strlen ( $post [ 'body' ]) > $config [ 'max_body' ]) error ( $config [ 'error' ][ 'toolong_body' ]);
2011-03-14 07:30:42 -04:00
if ( ! ( ! $OP && $post [ 'has_file' ]) && strlen ( $post [ 'body' ]) < 1 ) error ( $config [ 'error' ][ 'tooshort_body' ]);
2011-02-12 01:25:15 -05:00
if ( strlen ( $post [ 'password' ]) > 20 ) error ( sprintf ( $config [ 'error' ][ 'toolong' ], 'password' ));
2010-11-05 12:46:20 -04:00
2011-04-06 05:18:36 -04:00
wordfilters ( $post [ 'body' ]);
2011-01-20 03:24:41 -05:00
$post [ 'body_nomarkup' ] = $post [ 'body' ];
2011-02-03 04:28:14 -05:00
if ( ! ( $mod && $post [ 'raw' ]))
markup ( $post [ 'body' ]);
2010-11-05 12:46:20 -04:00
2011-01-18 01:11:28 -05:00
// Check for a flood
2011-02-17 01:07:22 -05:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'flood' ]) && checkFlood ( $post )) {
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'flood' ]);
2011-01-18 20:37:31 -05:00
}
2011-01-18 08:41:43 -05:00
2011-03-26 07:50:03 -04:00
// Custom anti-spam filters
if ( isset ( $config [ 'flood_filters' ])) {
foreach ( $config [ 'flood_filters' ] as & $filter ) {
2011-03-27 05:38:11 -04:00
unset ( $did_not_match );
2011-03-26 07:50:03 -04:00
// Set up default stuff
if ( ! isset ( $filter [ 'action' ]))
$filter [ 'action' ] = 'reject' ;
if ( ! isset ( $filter [ 'message' ]))
$filter [ 'message' ] = 'Posting throttled by flood filter.' ;
foreach ( $filter [ 'condition' ] as $condition => $value ) {
if ( $condition == 'posts_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X posts in the past X minutes (on this board)
$query = prepare ( sprintf ( " SELECT COUNT(*) AS `posts` FROM `posts_%s` WHERE `time` >= :time " , $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
} elseif ( $condition == 'threads_with_no_replies_in_past_x_minutes' && isset ( $value [ 0 ]) && isset ( $value [ 1 ])) {
// Check if there's been X new empty threads posted in the past X minutes (on this board)
// Confusing query. I couldn't think of anything simpler...
$query = prepare ( sprintf ( " SELECT ((SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL AND `time` >= :time) - COUNT(DISTINCT(`threads`.`id`))) AS `posts` FROM `posts_%s` AS `threads` INNER JOIN `posts_%s` AS `replies` ON `replies`.`thread` = `threads`.`id` WHERE `threads`.`thread` IS NULL AND `threads`.`time` >= :time " , $board [ 'uri' ], $board [ 'uri' ], $board [ 'uri' ]));
$query -> bindValue ( ':time' , time () - ( $value [ 1 ] * 60 ), PDO :: PARAM_INT );
$query -> execute () or error ( db_error ( $query ));
if (( $count = $query -> fetch ()) && $count [ 'posts' ] >= $value [ 0 ]) {
// Matched filter
continue ;
}
2011-03-27 08:06:57 -04:00
} elseif ( $condition == 'name' ) {
if ( preg_match ( $value , $post [ 'name' ]))
continue ;
} elseif ( $condition == 'trip' ) {
if ( preg_match ( $value , $post [ 'trip' ]))
continue ;
} elseif ( $condition == 'email' ) {
if ( preg_match ( $value , $post [ 'email' ]))
continue ;
} elseif ( $condition == 'subject' ) {
if ( preg_match ( $value , $post [ 'subject' ]))
continue ;
} elseif ( $condition == 'body' ) {
if ( preg_match ( $value , $post [ 'body_nomarkup' ]))
continue ;
2011-03-27 08:23:12 -04:00
} elseif ( $condition == 'extension' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'extension' ]))
continue ;
} elseif ( $condition == 'filename' ) {
if ( $post [ 'has_file' ] && preg_match ( $value , $post [ 'filename' ]))
continue ;
} elseif ( $condition == 'has_file' ) {
if ( $value == $post [ 'has_file' ])
continue ;
} elseif ( $condition == 'ip' ) {
2011-03-27 08:13:24 -04:00
if ( preg_match ( $value , $_SERVER [ 'REMOTE_ADDR' ]))
continue ;
2011-03-26 07:50:03 -04:00
} elseif ( $condition == 'OP' ) {
// Am I OP?
2011-03-27 05:38:11 -04:00
if ( $value == $OP )
2011-03-26 07:50:03 -04:00
continue ;
} else {
// Unknown block
continue ;
}
$did_not_match = true ;
break ;
}
2011-03-27 05:38:11 -04:00
}
if ( ! isset ( $did_not_match )) {
// Matched filter!
2011-03-27 12:00:54 -04:00
if ( isset ( $filter ) && $filter [ 'action' ] == 'reject' ) {
2011-03-27 05:38:11 -04:00
error ( $filter [ 'message' ]);
2011-03-26 07:50:03 -04:00
}
}
}
2010-11-05 12:46:20 -04:00
if ( $post [ 'has_file' ]) {
2011-04-13 06:57:41 -04:00
if ( ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext' ]) && ! in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]))
error ( $config [ 'error' ][ 'unknownext' ]);
if ( in_array ( $post [ 'extension' ], $config [ 'allowed_ext_files' ]))
$__file = true ;
2010-11-05 12:46:20 -04:00
// Just trim the filename if it's too long
if ( strlen ( $post [ 'filename' ]) > 30 ) $post [ 'filename' ] = substr ( $post [ 'filename' ], 0 , 27 ) . '…' ;
// Move the uploaded file
2011-02-12 01:25:15 -05:00
if ( !@ move_uploaded_file ( $_FILES [ 'file' ][ 'tmp_name' ], $post [ 'file' ])) error ( $config [ 'error' ][ 'nomove' ]);
2010-11-05 12:46:20 -04:00
2011-04-13 06:57:41 -04:00
if ( ! isset ( $__file )) {
$size = @ getimagesize ( $post [ 'file' ]);
$post [ 'width' ] = $size [ 0 ];
$post [ 'height' ] = $size [ 1 ];
2011-04-12 08:58:01 -04:00
2011-04-13 06:57:41 -04:00
// Check if the image is valid
if ( $post [ 'width' ] < 1 || $post [ 'height' ] < 1 ) {
undoImage ( $post );
error ( $config [ 'error' ][ 'invalidimg' ]);
}
2011-04-12 08:58:01 -04:00
2011-04-13 06:57:41 -04:00
if ( $post [ 'width' ] > $config [ 'max_width' ] || $post [ 'height' ] > $config [ 'max_height' ]) {
undoImage ( $post );
error ( $config [ 'error' ][ 'maxsize' ]);
}
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents ( $post [ 'file' ], null , null , null , 255 );
if ( preg_match ( $config [ 'ie_mime_type_detection' ], $buffer )) {
undoImage ( $post );
error ( $config [ 'error' ][ 'mime_exploit' ]);
}
2011-04-12 08:58:01 -04:00
2011-04-13 06:57:41 -04:00
if ( $config [ 'minimum_copy_resize' ] && $post [ 'width' ] <= $config [ 'thumb_width' ] && $post [ 'height' ] <= $config [ 'thumb_height' ] && $post [ 'extension' ] == ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ])) {
// Copy, because there's nothing to resize
copy ( $post [ 'file' ], $post [ 'thumb' ]);
$post [ 'thumbwidth' ] = $post [ 'width' ];
$post [ 'thumbheight' ] = $post [ 'height' ];
} else {
$image = createimage ( $post [ 'extension' ], $post [ 'file' ]);
// Create a thumbnail
$thumb = resize ( $image , $post [ 'width' ], $post [ 'height' ], $post [ 'thumb' ], $config [ 'thumb_width' ], $config [ 'thumb_height' ], ( $config [ 'thumb_ext' ] ? $config [ 'thumb_ext' ] : $post [ 'extension' ]));
$post [ 'thumbwidth' ] = $thumb [ 'width' ];
$post [ 'thumbheight' ] = $thumb [ 'height' ];
}
} else {
copy ( $config [ 'file_thumb' ], $post [ 'thumb' ]);
$size = @ getimagesize ( $post [ 'thumb' ]);
$post [ 'thumbwidth' ] = $size [ 0 ];
$post [ 'thumbheight' ] = $size [ 1 ];
2011-04-12 08:58:01 -04:00
}
2011-04-13 06:57:41 -04:00
$post [ 'filehash' ] = $config [ 'file_hash' ]( $post [ 'file' ]);
$post [ 'filesize' ] = filesize ( $post [ 'file' ]);
2010-11-05 12:46:20 -04:00
}
2011-02-19 04:39:13 -05:00
if ( $post [ 'has_file' ] && $config [ 'image_reject_repost' ] && $p = getPostByHash ( $post [ 'filehash' ])) {
2011-02-19 03:45:54 -05:00
undoImage ( $post );
error ( sprintf ( $config [ 'error' ][ 'fileexists' ],
$post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ] .
$board [ 'dir' ] . $config [ 'dir' ][ 'res' ] .
2011-02-19 03:48:13 -05:00
( $p [ 'thread' ] ?
$p [ 'thread' ] . '.html#' . $p [ 'id' ]
2011-02-19 03:45:54 -05:00
:
2011-02-19 03:48:13 -05:00
$p [ 'id' ] . '.html'
2011-02-19 03:45:54 -05:00
)
));
}
2011-03-14 07:30:42 -04:00
if ( ! ( $mod && $mod [ 'type' ] >= $config [ 'mod' ][ 'postunoriginal' ]) && $config [ 'robot_enable' ] && checkRobot ( $post [ 'body_nomarkup' ])) {
undoImage ( $post );
if ( $config [ 'robot_mute' ]) {
error ( sprintf ( $config [ 'error' ][ 'muted' ], mute ()));
} else {
error ( $config [ 'error' ][ 'unoriginal' ]);
}
}
2010-11-05 12:46:20 -04:00
// Remove DIR_* before inserting them into the database.
2010-11-30 03:25:50 -05:00
if ( $post [ 'has_file' ]) {
2011-02-12 01:25:15 -05:00
$post [ 'file' ] = substr_replace ( $post [ 'file' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'img' ]));
$post [ 'thumb' ] = substr_replace ( $post [ 'thumb' ], '' , 0 , strlen ( $board [ 'dir' ] . $config [ 'dir' ][ 'thumb' ]));
2010-11-30 03:25:50 -05:00
}
2010-11-05 12:46:20 -04:00
// Todo: Validate some more, remove messy code, allow more specific configuration
$id = post ( $post , $OP );
2011-02-03 04:28:14 -05:00
buildThread (( $OP ? $id : $post [ 'thread' ]));
2011-02-12 01:25:15 -05:00
if ( ! $OP && strtolower ( $post [ 'email' ]) != 'sage' && ( $config [ 'reply_limit' ] == 0 || numPosts ( $post [ 'thread' ]) < $config [ 'reply_limit' ])) {
2011-02-03 04:28:14 -05:00
bumpThread ( $post [ 'thread' ]);
2010-11-05 12:46:20 -04:00
}
2011-01-18 08:41:43 -05:00
if ( $OP )
clean ();
2010-11-05 12:46:20 -04:00
buildIndex ();
2011-04-22 10:38:25 -04:00
if ( isset ( $_SERVER [ 'HTTP_REFERER' ])) {
// Tell Javascript that we posted successfully
if ( isset ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]))
$js = json_decode ( $_COOKIE [ $config [ 'cookies' ][ 'js' ]]);
else
$js = ( object ) Array ();
// Tell it to delete the cached post for referer
$js -> { $_SERVER [ 'HTTP_REFERER' ]} = true ;
// Encode and set cookie
setcookie ( $config [ 'cookies' ][ 'js' ], json_encode ( $js ), 0 , $config [ 'cookies' ][ 'jail' ] ? $config [ 'cookies' ][ 'path' ] : '/' , null , false , false );
}
2011-04-06 04:31:26 -04:00
2011-02-12 01:25:15 -05:00
$root = $post [ 'mod' ] ? $config [ 'root' ] . $config [ 'file_mod' ] . '?/' : $config [ 'root' ];
2011-01-02 05:15:59 -05:00
2011-02-12 01:25:15 -05:00
if ( $config [ 'always_noko' ] || $noko ) {
2011-04-19 11:50:35 -04:00
$redirect = $root . $board [ 'dir' ] . $config [ 'dir' ][ 'res' ] . ( $OP ? $id : $post [ 'thread' ]) . '.html' . ( ! $OP ? '#' . $id : '' );
2010-11-05 12:46:20 -04:00
} else {
2011-04-19 11:50:35 -04:00
$redirect = $root . $board [ 'dir' ] . $config [ 'file_index' ];
2010-11-05 12:46:20 -04:00
}
2011-04-19 11:50:35 -04:00
rebuildTheme ( 'post' );
header ( 'Location: ' . $redirect , true , $config [ 'redirect_http' ]);
sql_close ();
2010-11-05 12:46:20 -04:00
exit ;
} else {
2011-02-12 01:25:15 -05:00
if ( ! file_exists ( $config [ 'has_installed' ])) {
2011-04-22 10:38:25 -04:00
2010-11-30 04:40:37 -05:00
// Build all boards
2010-12-17 09:18:03 -05:00
$boards = listBoards ();
foreach ( $boards as & $_board ) {
2010-11-30 04:40:37 -05:00
setupBoard ( $_board );
buildIndex ();
}
sql_close ();
2011-02-12 01:25:15 -05:00
touch ( $config [ 'has_installed' ], 0777 );
2010-11-30 04:40:37 -05:00
die ( Element ( 'page.html' , Array (
'index' => ROOT ,
'title' => 'Success' ,
'body' => " <center> " .
" <h2>Tinyboard is now installed!</h2> " .
" </center> "
)));
} else {
// They opened post.php in their browser manually.
// Possible TODO: Redirect back to homepage.
2011-02-12 01:25:15 -05:00
error ( $config [ 'error' ][ 'nopost' ]);
2010-11-05 12:46:20 -04:00
}
}
?>