a bunch of things
This commit is contained in:
parent
62bd2ee348
commit
c59f36f400
@ -41,7 +41,8 @@
|
||||
define('COOKIE_EXPIRE', 15778463, true); //6 months
|
||||
// Make this something long and random for security
|
||||
define('SALT', 'wefaw98YHEWUFuo', true);
|
||||
|
||||
define('SECURE_TRIP_SALT', '@#$&^@#)$(*&@!_$(&329-8347', true);
|
||||
|
||||
// How many seconds before you can post, after the first visit
|
||||
define('LURKTIME', 30, true);
|
||||
|
||||
@ -51,6 +52,8 @@
|
||||
define('FLOOD_TIME_IP_SAME', 120, true);
|
||||
// Same as above but different IP address
|
||||
define('FLOOD_TIME_SAME', 30, true);
|
||||
// Do you need a body for your non-OP posts?
|
||||
define('FORCE_BODY', true, true);
|
||||
|
||||
// Max body length
|
||||
define('MAX_BODY', 1800, true);
|
||||
@ -77,6 +80,9 @@
|
||||
define('ERROR_NOPOST', 'You didn\'t make a post.', true);
|
||||
define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
|
||||
define('ERROR_UNORIGINAL', 'Unoriginal content!', true);
|
||||
define('ERROR_MUTED', 'Unoriginal content! You have been muted for %d seconds.', true);
|
||||
define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
|
||||
define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
|
||||
define('ERR_INVALIDIMG','Invalid image.', true);
|
||||
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
|
||||
define('ERR_MAXSIZE', 'The file was too big.', true);
|
||||
@ -103,7 +109,11 @@
|
||||
// Function name for hashing
|
||||
// sha1_file, md5_file, etc.
|
||||
define('FILE_HASH', 'sha1_file', true);
|
||||
|
||||
|
||||
define('BLOCK_TOR', true, true);
|
||||
// Typically spambots try to post a lot of links. Refuse a post with X standalone links?
|
||||
define('MAX_LINKS', 7, true);
|
||||
|
||||
// Maximum image upload size in bytes
|
||||
define('MAX_FILESIZE', 10*1024*1024, true); // 10MB
|
||||
// Maximum image dimensions
|
||||
@ -167,8 +177,13 @@
|
||||
// Robot stuff
|
||||
// Strip repeating characters when making hashes
|
||||
define('ROBOT_ENABLE', true, true);
|
||||
define('ROBOT_BOARD', 'r9k', true);
|
||||
define('ROBOT_STRIP_REPEATING', true, true);
|
||||
|
||||
// Enable mutes
|
||||
define('ROBOT_MUTE', true, true);
|
||||
define('ROBOT_MUTE_MIN', 60, true);
|
||||
define('ROBOT_MUTE_MAX', 120, true);
|
||||
define('ROBOT_MUTE_DESCRIPTION', 'You have been muted for unoriginal content.', true);
|
||||
|
||||
/*
|
||||
Mod stuff
|
||||
|
@ -439,14 +439,43 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function isDNSBL() {
|
||||
$dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES);
|
||||
|
||||
// Reverse the IP
|
||||
$rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.');
|
||||
$response = array();
|
||||
foreach ($dns_black_lists as $dns_black_list) {
|
||||
$response = (gethostbynamel($rev_ip . '.' . $dns_black_list));
|
||||
if(!empty($response))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function isTor() {
|
||||
return gethostbyname(
|
||||
ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org'
|
||||
) == '127.0.0.2';
|
||||
}
|
||||
|
||||
function ReverseIPOctets($inputip) {
|
||||
$ipoc = explode('.', $inputip);
|
||||
return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0];
|
||||
}
|
||||
|
||||
function markup(&$body) {
|
||||
global $board;
|
||||
|
||||
$body = utf8tohtml($body, true);
|
||||
|
||||
if(MARKUP_URLS)
|
||||
$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body);
|
||||
if(MARKUP_URLS) {
|
||||
$body = preg_replace(URL_REGEX, "<a href=\"$0\">$0</a>", $body, -1, $num_links);
|
||||
if($num_links > MAX_LINKS)
|
||||
error(ERROR_TOOMANYLINKS);
|
||||
}
|
||||
|
||||
if(AUTO_UNICODE) {
|
||||
$body = str_replace('...', '…', $body);
|
||||
@ -602,7 +631,7 @@
|
||||
$salt = strtr ( $salt, ':;<=>?@[\]^_`', 'ABCDEFGabcdef' );
|
||||
if ( isset ( $t[2] ) ) {
|
||||
// secure
|
||||
$trip = '!!' . substr ( crypt ( $trip, '@#$%^&*()' ), ( -1 * $length ) );
|
||||
$trip = '!!' . substr ( crypt ( $trip, SECURE_TRIP_SALT ), ( -1 * $length ) );
|
||||
} else {
|
||||
// insecure
|
||||
$trip = '!' . substr ( crypt ( $trip, $salt ), ( -1 * $length ) );
|
||||
|
2
mod.php
2
mod.php
@ -464,7 +464,7 @@
|
||||
openBoard($_board['uri']);
|
||||
|
||||
$temp = '';
|
||||
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` LIMIT :limit", $_board['uri']));
|
||||
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
|
||||
$query->bindValue(':ip', $ip);
|
||||
$query->bindValue(':limit', MOD_IP_RECENTPOSTS, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
45
post.php
45
post.php
@ -62,6 +62,9 @@
|
||||
// Check if banned
|
||||
checkBan();
|
||||
|
||||
if(BLOCK_TOR && isTor())
|
||||
error(ERROR_TOR);
|
||||
|
||||
// Check if board exists
|
||||
if(!openBoard($post['board']))
|
||||
error(ERROR_NOBOARD);
|
||||
@ -85,6 +88,9 @@
|
||||
$post['has_file'] = $OP || !empty($_FILES['file']['tmp_name']);
|
||||
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
|
||||
|
||||
if(empty($post['body']) && FORCE_BODY)
|
||||
error(ERROR_TOOSHORTBODY);
|
||||
|
||||
if($post['mod']) {
|
||||
require 'inc/mod.php';
|
||||
if(!$mod) {
|
||||
@ -115,6 +121,15 @@
|
||||
'maxsz'=>commaize(MAX_FILESIZE))));
|
||||
}
|
||||
|
||||
if($mod && $mod['type'] >= MOD_MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
|
||||
if(($mod['type'] == MOD_MOD && $match[3] == 'Mod') || $mod['type'] >= MOD_ADMIN) {
|
||||
$post['mod_tag'] = $match[3];
|
||||
$post['name'] = !empty($match[2])?$match[2]:'Anonymous';
|
||||
}
|
||||
} else {
|
||||
$post['mod_tag'] = false;
|
||||
}
|
||||
|
||||
$trip = generate_tripcode($post['name']);
|
||||
$post['name'] = $trip[0];
|
||||
$post['trip'] = (isset($trip[1])?$trip[1]:'');
|
||||
@ -134,21 +149,40 @@
|
||||
}
|
||||
|
||||
// Check string lengths
|
||||
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
|
||||
if(strlen($post['name']) > 25) error(sprintf(ERROR_TOOLONG, 'name'));
|
||||
if(strlen($post['email']) > 30) error(sprintf(ERROR_TOOLONG, 'email'));
|
||||
if(strlen($post['subject']) > 40) error(sprintf(ERROR_TOOLONG, 'subject'));
|
||||
if(strlen($post['body']) > MAX_BODY) error(ERROR_TOOLONGBODY);
|
||||
if(!(!$OP && $post['has_file']) && strlen($post['body']) < 1) error(ERROR_TOOSHORTBODY);
|
||||
if(strlen($post['password']) > 20) error(sprintf(ERROR_TOOLONG, 'password'));
|
||||
|
||||
if($post['mod_tag'])
|
||||
$post['trip'] .= ' <a class="nametag">## ' . $post['mod_tag'] . '</a>';
|
||||
|
||||
if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && $board['uri'] == ROBOT_BOARD && checkRobot($post['body'])) {
|
||||
if(ROBOT_MUTE) {
|
||||
$mutetime = ROBOT_MUTE_MIN+rand()%(ROBOT_MUTE_MAX-ROBOT_MUTE_MIN);
|
||||
|
||||
$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
|
||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
||||
$query->bindValue(':mod', -1, PDO::PARAM_INT);
|
||||
$query->bindValue(':set', time(), PDO::PARAM_INT);
|
||||
$query->bindValue(':expires', time()+$mutetime, PDO::PARAM_INT);
|
||||
$query->bindValue(':reason', ROBOT_MUTE_DESCRIPTION);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
error(sprintf(ERROR_MUTED, $mutetime));
|
||||
} else {
|
||||
error(ERROR_UNORIGINAL);
|
||||
}
|
||||
}
|
||||
|
||||
markup($post['body']);
|
||||
|
||||
// Check for a flood
|
||||
if(checkFlood($post))
|
||||
if(checkFlood($post)) {
|
||||
error(ERROR_FLOOD);
|
||||
|
||||
if(!($mod && $mod['type'] >= MOD_POSTUNORIGINAL) && ROBOT_ENABLE && checkRobot($post['body']))
|
||||
error(ERROR_UNORIGINAL);
|
||||
}
|
||||
|
||||
if($post['has_file']) {
|
||||
// Just trim the filename if it's too long
|
||||
@ -206,6 +240,7 @@
|
||||
imagebmp($image, $post['file']);
|
||||
break;
|
||||
default:
|
||||
unlink($post['file']);
|
||||
error('Unknwon file extension.');
|
||||
}
|
||||
}
|
||||
|
@ -146,6 +146,10 @@ p.intro span.name {
|
||||
color: #117743;
|
||||
font-weight: bold;
|
||||
}
|
||||
p.intro a.nametag {
|
||||
color: #F00000;
|
||||
margin-left: 0;
|
||||
}
|
||||
p.intro a {
|
||||
margin-left: 8px;
|
||||
}
|
||||
|
@ -4,7 +4,7 @@ CREATE TABLE IF NOT EXISTS `posts_{board}` (
|
||||
`subject` varchar(40) NOT NULL,
|
||||
`email` varchar(30) NOT NULL,
|
||||
`name` varchar(25) NOT NULL,
|
||||
`trip` varchar(15) DEFAULT NULL,
|
||||
`trip` varchar(45) DEFAULT NULL,
|
||||
`body` text NOT NULL,
|
||||
`time` int(11) NOT NULL,
|
||||
`bump` int(11) DEFAULT NULL,
|
||||
|
@ -71,6 +71,7 @@
|
||||
</form>
|
||||
<hr/>
|
||||
{body}
|
||||
<a href="{return}">[Return.]</a>
|
||||
<p class="unimportant" style="text-align:center;">Copyright © 2010 <a href="http://omegadev.org/">OmegaSDG</a></p>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user