Array(), 'purge' => Array(), 'cached' => Array()); $debug['start'] = microtime(true); } } date_default_timezone_set($config['timezone']); if(!isset($config['blotter'])) $config['blotter'] = false; if(!isset($config['post_url'])) $config['post_url'] = $config['root'] . $config['file_post']; if(!isset($config['referer_match'])) if(isset($_SERVER['HTTP_HOST'])) { $config['referer_match'] = '/^' . (preg_match($config['url_regex'], $config['root']) ? '' : 'https?:\/\/' . $_SERVER['HTTP_HOST']) . preg_quote($config['root'], '/') . '(' . str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . '(' . preg_quote($config['file_index'], '/') . '|' . str_replace('%d', '\d+', preg_quote($config['file_page'])) . ')?' . '|' . str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . preg_quote($config['dir']['res'], '/') . str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . '|' . preg_quote($config['file_mod'], '/') . '\?\/.+' . ')([#?](.+)?)?$/i'; } else { // CLI mode $config['referer_match'] = '//'; } if(!isset($config['cookies']['path'])) $config['cookies']['path'] = &$config['root']; if(!isset($config['dir']['static'])) $config['dir']['static'] = $config['root'] . 'static/'; if(!isset($config['image_sticky'])) $config['image_sticky'] = $config['dir']['static'] . 'sticky.gif'; if(!isset($config['image_locked'])) $config['image_locked'] = $config['dir']['static'] . 'locked.gif'; if(!isset($config['image_bumplocked'])) $config['image_bumplocked'] = $config['dir']['static'] . 'sage.gif'; if(!isset($config['image_deleted'])) $config['image_deleted'] = $config['dir']['static'] . 'deleted.png'; if(!isset($config['image_zip'])) $config['image_zip'] = $config['dir']['static'] . 'zip.png'; if(!isset($config['uri_thumb'])) $config['uri_thumb'] = $config['root'] . $board['dir'] . $config['dir']['thumb']; elseif(isset($board['dir'])) $config['uri_thumb'] = sprintf($config['uri_thumb'], $board['dir']); if(!isset($config['uri_img'])) $config['uri_img'] = $config['root'] . $board['dir'] . $config['dir']['img']; elseif(isset($board['dir'])) $config['uri_img'] = sprintf($config['uri_img'], $board['dir']); if(!isset($config['uri_stylesheets'])) $config['uri_stylesheets'] = $config['root'] . 'stylesheets/'; if(!isset($config['url_stylesheet'])) $config['url_stylesheet'] = $config['uri_stylesheets'] . 'style.css'; if(!isset($config['url_javascript'])) $config['url_javascript'] = $config['root'] . $config['file_script']; if(!isset($config['additional_javascript_url'])) $config['additional_javascript_url'] = $config['root']; if($config['root_file']) { chdir($config['root_file']); } if($config['verbose_errors']) { error_reporting(E_ALL); ini_set('display_errors', 1); } // Keep the original address to properly comply with other board configurations if(!isset($__ip)) $__ip = $_SERVER['REMOTE_ADDR']; // ::ffff:0.0.0.0 if(preg_match('/^\:\:(ffff\:)?(\d+\.\d+\.\d+\.\d+)$/', $__ip, $m)) $_SERVER['REMOTE_ADDR'] = $m[2]; if(_setlocale(LC_ALL, $config['locale']) === false) { $error = function_exists('error') ? 'error' : 'basic_error_function_because_the_other_isnt_loaded_yet'; $error('The specified locale (' . $config['locale'] . ') does not exist on your platform!'); } if(extension_loaded('gettext')) { bindtextdomain('tinyboard', './inc/locale'); bind_textdomain_codeset('tinyboard', 'UTF-8'); textdomain('tinyboard'); } else { _bindtextdomain('tinyboard', './inc/locale'); _bind_textdomain_codeset('tinyboard', 'UTF-8'); _textdomain('tinyboard'); } if($config['syslog']) openlog('tinyboard', LOG_ODELAY, LOG_SYSLOG); // open a connection to sysem logger if($config['recaptcha']) require_once 'inc/contrib/recaptcha/recaptchalib.php'; if($config['cache']['enabled']) require_once 'inc/cache.php'; } function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true) { global $config; if($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } // Yes, this is horrible. die('
This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.
'); } function fatal_error_handler() { if($error = error_get_last()) { if($error['type'] == E_ERROR) { if(function_exists('error')) { error('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); } else { basic_error_function_because_the_other_isnt_loaded_yet('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); } } } } function _syslog($priority, $message) { if( isset($_SERVER['REMOTE_ADDR']) && isset($_SERVER['REQUEST_METHOD']) && isset($_SERVER['REQUEST_URI'])) { // CGI syslog($priority, $message . ' - client: ' . $_SERVER['REMOTE_ADDR'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"'); } else { syslog($priority, $message); } } function loadThemeConfig($_theme) { global $config; if(!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) return false; // Load theme information into $theme include $config['dir']['themes'] . '/' . $_theme . '/info.php'; return $theme; } function rebuildTheme($theme, $action) { global $config, $_theme; $_theme = $theme; $theme = loadThemeConfig($_theme); if(file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) { require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php'; $theme['build_function']($action, themeSettings($_theme)); } } function rebuildThemes($action) { global $config, $_theme; // List themes $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); while($theme = $query->fetch()) { rebuildTheme($theme['theme'], $action); } } function themeSettings($theme) { $query = prepare("SELECT `name`, `value` FROM `theme_settings` WHERE `theme` = :theme AND `name` IS NOT NULL"); $query->bindValue(':theme', $theme); $query->execute() or error(db_error($query)); $settings = Array(); while($s = $query->fetch()) { $settings[$s['name']] = $s['value']; } return $settings; } function sprintf3($str, $vars, $delim = '%') { $replaces = array(); foreach($vars as $k => $v) { $replaces[$delim . $k . $delim] = $v; } return str_replace(array_keys($replaces), array_values($replaces), $str); } function setupBoard($array) { global $board, $config; $board = Array( 'id' => $array['id'], 'uri' => $array['uri'], 'name' => $array['title'], 'title' => $array['subtitle']); $board['dir'] = sprintf($config['board_path'], $board['uri']); $board['url'] = sprintf($config['board_abbreviation'], $board['uri']); loadConfig(); if(!file_exists($board['dir'])) mkdir($board['dir'], 0777) or error("Couldn't create " . $board['dir'] . ". Check permissions.", true); if(!file_exists($board['dir'] . $config['dir']['img'])) @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); if(!file_exists($board['dir'] . $config['dir']['thumb'])) @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); if(!file_exists($board['dir'] . $config['dir']['res'])) @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); } function openBoard($uri) { global $config; if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { setupBoard($board); return true; } $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); $query->bindValue(':uri', $uri); $query->execute() or error(db_error($query)); if($board = $query->fetch()) { if($config['cache']['enabled']) cache::set('board_' . $uri, $board); setupBoard($board); return true; } else return false; } function boardTitle($uri) { global $config; if($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { return $board['title']; } $query = prepare("SELECT `title` FROM `boards` WHERE `uri` = :uri LIMIT 1"); $query->bindValue(':uri', $uri); $query->execute() or error(db_error($query)); if($title = $query->fetch()) { return $title['title']; } else return false; } function purge($uri) { global $config, $debug; if(preg_match($config['referer_match'], $config['root'])) { $uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri; } else { $uri = $config['root'] . $uri; } if($config['debug']) { $debug['purge'][] = $uri; } foreach($config['purge'] as &$purge) { $host = &$purge[0]; $port = &$purge[1]; $http_host = isset($purge[2]) ? $purge[2] : $_SERVER['HTTP_HOST']; $request = "PURGE {$uri} HTTP/1.0\r\nHost: {$http_host}\r\nUser-Agent: Tinyboard\r\nConnection: Close\r\n\r\n"; if($fp = fsockopen($host, $port, $errno, $errstr, $config['purge_timeout'])) { fwrite($fp, $request); fclose($fp); } else { // Cannot connect? error('Could not PURGE for ' . $host); } } } function file_write($path, $data, $simple = false, $skip_purge = false) { global $config; if(preg_match('/^remote:\/\/(.+)\:(.+)$/', $path, $m)) { if(isset($config['remote'][$m[1]])) { require_once 'inc/remote.php'; $remote = new Remote($config['remote'][$m[1]]); $remote->write($data, $m[2]); return; } else { error('Invalid remote server: ' . $m[1]); } } if(!$fp = fopen($path, $simple ? 'w' : 'c')) error('Unable to open file for writing: ' . $path); // File locking if(!$simple && !flock($fp, LOCK_EX)) { error('Unable to lock file: ' . $path); } // Truncate file if(!$simple && !ftruncate($fp, 0)) error('Unable to truncate file: ' . $path); // Write data if(fwrite($fp, $data) === false) error('Unable to write to file: ' . $path); // Unlock if(!$simple) flock($fp, LOCK_UN); // Close if(!fclose($fp)) error('Unable to close file: ' . $path); if(!$skip_purge && isset($config['purge']) && isset($_SERVER['HTTP_HOST'])) { // Purge cache if(basename($path) == $config['file_index']) { // Index file (/index.html); purge "/" as well $uri = dirname($path); // root if($uri == '.') $uri = ''; else $uri .= '/'; purge($uri); } purge($path); } } function file_unlink($path) { global $config, $debug; if($config['debug']) { if(!isset($debug['unlink'])) $debug['unlink'] = Array(); $debug['unlink'][] = $path; } $ret = @unlink($path); if(isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) { // Purge cache if(basename($path) == $config['file_index']) { // Index file (/index.html); purge "/" as well $uri = dirname($path); // root if($uri == '.') $uri = ''; else $uri .= '/'; purge($uri); } purge($path); } return $ret; } function hasPermission($action = null, $board = null, $_mod = null) { global $config; if(isset($_mod)) $mod = &$_mod; else global $mod; if(!is_array($mod)) return false; if(isset($action) && $mod['type'] < $action) return false; if(!isset($board) || $config['mod']['skip_per_board']) return true; if(!isset($mod['boards'])) return false; if(!in_array('*', $mod['boards']) && !in_array($board, $mod['boards'])) return false; return true; } function listBoards() { global $config; if($config['cache']['enabled'] && ($boards = cache::get('all_boards'))) return $boards; $query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error()); $boards = $query->fetchAll(); if($config['cache']['enabled']) cache::set('all_boards', $boards); return $boards; } function checkFlood($post) { global $board, $config; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':body', $post['body'], PDO::PARAM_INT); $query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT); $query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT); $query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); return (bool)$query->fetch(); } function until($timestamp) { $difference = $timestamp - time(); if($difference < 60) { return $difference . ' second' . ($difference != 1 ? 's' : ''); } elseif($difference < 60*60) { return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24) { return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24*7) { return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24*365) { return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); } else { return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); } } function ago($timestamp) { $difference = time() - $timestamp; if($difference < 60) { return $difference . ' second' . ($difference != 1 ? 's' : ''); } elseif($difference < 60*60) { return ($num = round($difference/(60))) . ' minute' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24) { return ($num = round($difference/(60*60))) . ' hour' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24*7) { return ($num = round($difference/(60*60*24))) . ' day' . ($num != 1 ? 's' : ''); } elseif($difference < 60*60*24*365) { return ($num = round($difference/(60*60*24*7))) . ' week' . ($num != 1 ? 's' : ''); } else { return ($num = round($difference/(60*60*24*365))) . ' year' . ($num != 1 ? 's' : ''); } } function displayBan($ban) { global $config; $ban['ip'] = $_SERVER['REMOTE_ADDR']; // Show banned page and exit die( Element('page.html', Array( 'title' => 'Banned!', 'config' => $config, 'body' => Element('banned.html', Array( 'config' => $config, 'ban' => $ban ) )) )); } function checkBan($board = 0) { global $config; if(!isset($_SERVER['REMOTE_ADDR'])) { // Server misconfiguration return; } $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); if($query->rowCount() < 1 && $config['ban_range']) { $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); } if($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) { // my most insane SQL query yet $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `uri`, `bans`.`id` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` WHERE (`board` IS NULL OR `uri` = :board) AND ( `ip` REGEXP '^(\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+\)\/(\[0-9]+)$' AND :ip >= INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) AND :ip < INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) + POW(2, 32 - SUBSTRING_INDEX(`ip`, '/', -1)) ) ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', ip2long($_SERVER['REMOTE_ADDR'])); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); } if($ban = $query->fetch()) { if($ban['expires'] && $ban['expires'] < time()) { // Ban expired $query = prepare("DELETE FROM `bans` WHERE `id` = :id LIMIT 1"); $query->bindValue(':id', $ban['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); return; } displayBan($ban); } } function threadLocked($id) { global $board; $query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if(!$post = $query->fetch()) { // Non-existant, so it can't be locked... return false; } return (bool) $post['locked']; } function threadSageLocked($id) { global $board; $query = prepare(sprintf("SELECT `sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if(!$post = $query->fetch()) { // Non-existant, so it can't be locked... return false; } return (bool) $post['sage']; } function threadExists($id) { global $board; $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if($query->rowCount()) { return true; } else return false; } function post($post, $OP) { global $pdo, $board; $query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); // Basic stuff if(!empty($post['subject'])) { $query->bindValue(':subject', $post['subject']); } else { $query->bindValue(':subject', NULL, PDO::PARAM_NULL); } if(!empty($post['email'])) { $query->bindValue(':email', $post['email']); } else { $query->bindValue(':email', NULL, PDO::PARAM_NULL); } if(!empty($post['trip'])) { $query->bindValue(':trip', $post['trip']); } else { $query->bindValue(':trip', NULL, PDO::PARAM_NULL); } $query->bindValue(':name', $post['name']); $query->bindValue(':body', $post['body']); $query->bindValue(':body_nomarkup', $post['body_nomarkup']); $query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT); $query->bindValue(':password', $post['password']); $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']); if($post['mod'] && $post['sticky']) { $query->bindValue(':sticky', 1, PDO::PARAM_INT); } else { $query->bindValue(':sticky', 0, PDO::PARAM_INT); } if($post['mod'] && $post['locked']) { $query->bindValue(':locked', 1, PDO::PARAM_INT); } else { $query->bindValue(':locked', 0, PDO::PARAM_INT); } if($post['mod'] && isset($post['capcode']) && $post['capcode']) { $query->bindValue(':capcode', $post['capcode'], PDO::PARAM_INT); } else { $query->bindValue(':capcode', NULL, PDO::PARAM_NULL); } if(!empty($post['embed'])) { $query->bindValue(':embed', $post['embed']); } else { $query->bindValue(':embed', NULL, PDO::PARAM_NULL); } if($OP) { // No parent thread, image $query->bindValue(':thread', null, PDO::PARAM_NULL); } else { $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT); } if($post['has_file']) { $query->bindValue(':thumb', $post['thumb']); $query->bindValue(':thumbwidth', $post['thumbwidth'], PDO::PARAM_INT); $query->bindValue(':thumbheight', $post['thumbheight'], PDO::PARAM_INT); $query->bindValue(':file', $post['file']); $query->bindValue(':width', $post['width'], PDO::PARAM_INT); $query->bindValue(':height', $post['height'], PDO::PARAM_INT); $query->bindValue(':filesize', $post['filesize'], PDO::PARAM_INT); $query->bindValue(':filename', $post['filename']); $query->bindValue(':filehash', $post['filehash']); } else { $query->bindValue(':thumb', null, PDO::PARAM_NULL); $query->bindValue(':thumbwidth', null, PDO::PARAM_NULL); $query->bindValue(':thumbheight', null, PDO::PARAM_NULL); $query->bindValue(':file', null, PDO::PARAM_NULL); $query->bindValue(':width', null, PDO::PARAM_NULL); $query->bindValue(':height', null, PDO::PARAM_NULL); $query->bindValue(':filesize', null, PDO::PARAM_NULL); $query->bindValue(':filename', null, PDO::PARAM_NULL); $query->bindValue(':filehash', null, PDO::PARAM_NULL); } $query->execute() or error(db_error($query)); return $pdo->lastInsertId(); } function bumpThread($id) { global $board; $query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } // Remove file from post function deleteFile($id, $remove_entirely_if_already=true) { global $board, $config; $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { error($config['error']['invalidpost']); } $post = $query->fetch(); if($post['file'] == 'deleted' && !$post['thread']) return; // Can't delete OP's image completely. $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri'])); if($post['file'] == 'deleted' && $remove_entirely_if_already) { // Already deleted; remove file fully $query->bindValue(':file', null, PDO::PARAM_NULL); } else { // Delete thumbnail file_unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); // Delete file file_unlink($board['dir'] . $config['dir']['img'] . $post['file']); // Set file to 'deleted' $query->bindValue(':file', 'deleted', PDO::PARAM_INT); } // Update database $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($post['thread']) buildThread($post['thread']); } // rebuild post (markup) function rebuildPost($id) { global $board; $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) return false; if(!$post['body_nomarkup']) return false; markup($body = &$post['body_nomarkup']); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body WHERE `id` = :id", $board['uri'])); $query->bindValue(':body', $body); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); buildThread($post['thread'] ? $post['thread'] : $id); return true; } // Delete a post (reply or thread) function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { global $board, $config; // Select post and replies (if thread) in one query $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { if($error_if_doesnt_exist) error($config['error']['invalidpost']); else return false; } // Delete posts and maybe replies while($post = $query->fetch()) { if(!$post['thread']) { // Delete thread HTML page file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); } elseif($query->rowCount() == 1) { // Rebuild thread $rebuild = &$post['thread']; } if($post['thumb']) { // Delete thumbnail file_unlink($board['dir'] . $config['dir']['thumb'] . $post['thumb']); } if($post['file']) { // Delete file file_unlink($board['dir'] . $config['dir']['img'] . $post['file']); } } $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board AND `target` = :id"); $query->bindValue(':board', $board['uri']); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($cite = $query->fetch()) { if($board['uri'] != $cite['board']) { if(!isset($tmp_board)) $tmp_board = $board['uri']; openBoard($cite['board']); } rebuildPost($cite['post']); } if(isset($tmp_board)) openBoard($tmp_board); $query = prepare("DELETE FROM `cites` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)"); $query->bindValue(':board', $board['uri']); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(isset($rebuild) && $rebuild_after) { buildThread($rebuild); } return true; } function clean() { global $board, $config; $offset = round($config['max_pages']*$config['threads_per_page']); // I too wish there was an easier way of doing this... $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($post = $query->fetch()) { deletePost($post['id']); } } function index($page, $mod=false) { global $board, $config, $debug; $body = ''; $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowcount() < 1 && $page > 1) return false; while($th = $query->fetch()) { if(!$mod && $config['cache']['enabled']) { if($built = cache::get("thread_index_{$board['uri']}_{$th['id']}")) { $body .= $built; continue; } } $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['capcode'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $th['locked'], $th['sage'], $th['embed'], $mod ? '?/' : $config['root'], $mod); $posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); $posts->bindValue(':id', $th['id']); $posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); $num_images = 0; while($po = $posts->fetch()) { if($po['file']) $num_images++; $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['capcode'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $po['embed'], $mod ? '?/' : $config['root'], $mod)); } if($posts->rowCount() == ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) { $count = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri'])); $count->bindValue(':thread', $th['id'], PDO::PARAM_INT); $count->execute() or error(db_error($count)); $c = $count->fetch(); $thread->omitted = $c['num'] - ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']); $c = $count->fetch(); $thread->omitted_images = $c['num'] - $num_images; } $thread->posts = array_reverse($thread->posts); $body .= $thread->build(true); } return Array( 'board'=>$board, 'body'=>$body, 'post_url' => $config['post_url'], 'config' => $config, 'boardlist' => createBoardlist($mod) ); } function getPageButtons($pages, $mod=false) { global $config, $board; $btn = Array(); $root = ($mod ? '?/' : $config['root']) . $board['dir']; foreach($pages as $num => $page) { if(isset($page['selected'])) { // Previous button if($num == 0) { // There is no previous page. $btn['prev'] = _('Previous'); } else { $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . ($num == 1 ? $config['file_index'] : sprintf($config['file_page'], $num) ); $btn['prev'] = ''; } if($num == count($pages) - 1) { // There is no next page. $btn['next'] = _('Next'); } else { $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . sprintf($config['file_page'], $num + 2); $btn['next'] = ''; } } } return $btn; } function getPages($mod=false) { global $board, $config; // Count threads $query = query(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); $count = current($query->fetch()); $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); if($count < 1) $count = 1; $pages = Array(); for($x=0;$x<$count && $x<$config['max_pages'];$x++) { $pages[] = Array( 'num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1) ); } return $pages; } function makerobot($body) { global $config; $body = strtolower($body); // Leave only letters $body = preg_replace('/[^a-z]/i', '', $body); // Remove repeating characters if($config['robot_strip_repeating']) $body = preg_replace('/(.)\\1+/', '$1', $body); return sha1($body); } function checkRobot($body) { if(empty($body)) return true; $body = makerobot($body); $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); if($query->fetch()) { return true; } else { // Insert new hash $query = prepare("INSERT INTO `robot` VALUES (:hash)"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); return false; } } function numPosts($id) { global $board; $query = prepare(sprintf("SELECT COUNT(*) as `count` FROM `posts_%s` WHERE `thread` = :thread", $board['uri'])); $query->bindValue(':thread', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $result = $query->fetch(); return $result['count']; } function muteTime() { global $config; // Find number of mutes in the past X hours $query = prepare("SELECT COUNT(*) as `count` FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); $query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); $result = $query->fetch(); if($result['count'] == 0) return 0; return pow($config['robot_mute_multiplier'], $result['count']); } function mute() { // Insert mute $query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); return muteTime(); } function checkMute() { global $config, $debug; if($config['cache']['enabled']) { // Cached mute? if(($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) { error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); } } $mutetime = muteTime(); if($mutetime > 0) { // Find last mute time $query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); if(!$mute = $query->fetch()) { // What!? He's muted but he's not muted... return; } if($mute['time'] + $mutetime > time()) { if($config['cache']['enabled']) { cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time()); cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time()); } // Not expired yet error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); } else { // Already expired return; } } } function createHiddenInputs($extra_salt = Array()) { global $config; if(!empty($extra_salt)) { // create a salted hash of the "extra salt" $extra_salt = implode(':', $extra_salt); } else { $extra_salt = ''; } $inputs = Array(); shuffle($config['spam']['hidden_input_names']); $hidden_input_names_x = 0; $input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); for($x=0;$x<$input_count;$x++) { if(rand(0, 2) == 0 || $hidden_input_names_x < 0) { // Use an obscure name $name = strtolower(substr(base64_encode(sha1(rand(), true)), 0, rand(2, 20))); } else { // Use a pre-defined confusing name $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++]; if($hidden_input_names_x >= count($config['spam']['hidden_input_names'])) $hidden_input_names_x = -1; } if(rand(0, 2) == 0) { // Value must be null $inputs[$name] = ''; } elseif(rand(0, 4) == 0) { // Numeric value $inputs[$name] = rand(0, 100); } else { // Obscure value $inputs[$name] = substr(base64_encode(sha1(rand(), true) . sha1(rand(), true)), 0, rand(2, 54)); } } $content = ''; foreach($inputs as $name => $value) { $display_type = rand(0, 8); switch($display_type) { case 0: $content .= ''; break; case 1: $content .= ''; break; case 2: $content .= ''; break; case 3: $content .= ''; break; case 4: $content .= ''; break; case 5: $content .= ''; break; case 6: if(!empty($value)) $content .= ''; else $content .= ''; break; case 7: if(!empty($value)) $content .= ''; else $content .= ''; break; case 8: $content .= ''; break; } } // Create a hash to validate it after // This is the tricky part. // First, sort the keys in alphabetical order (A-Z) ksort($inputs); $hash = ''; // Iterate through each input foreach($inputs as $name => $value) { $hash .= $name . '=' . $value; } // Add a salt to the hash $hash .= $config['cookies']['salt']; // Use SHA1 for the hash $hash = sha1($hash . $extra_salt); // Append it to the HTML $content .= ''; return $content; } function checkSpam($extra_salt = Array()) { global $config; if(!isset($_POST['hash'])) return true; $hash = $_POST['hash']; if(!empty($extra_salt)) { // create a salted hash of the "extra salt" $extra_salt = implode(':', $extra_salt); } else { $extra_salt = ''; } // Reconsturct the $inputs array $inputs = Array(); foreach($_POST as $name => $value) { if(in_array($name, $config['spam']['valid_inputs'])) continue; $inputs[$name] = $value; } // Sort the inputs in alphabetical order (A-Z) ksort($inputs); $_hash = ''; // Iterate through each input foreach($inputs as $name => $value) { $_hash .= $name . '=' . $value; } // Add a salt to the hash $_hash .= $config['cookies']['salt']; // Use SHA1 for the hash $_hash = sha1($_hash . $extra_salt); return $hash != $_hash; } function buildIndex() { global $board, $config; $pages = getPages(); $page = 1; while($page <= $config['max_pages'] && $content = index($page)) { $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); if(file_exists($filename)) $md5 = md5_file($filename); $content['pages'] = $pages; $content['pages'][$page-1]['selected'] = true; $content['btn'] = getPageButtons($content['pages']); file_write($filename, Element('index.html', $content)); if(isset($md5) && $md5 == md5_file($filename)) { break; } $page++; } if($page < $config['max_pages']) { for(;$page<=$config['max_pages'];$page++) { $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); file_unlink($filename); } } } function buildJavascript() { global $config; $stylesheets = Array(); foreach($config['stylesheets'] as $name => $uri) { $stylesheets[] = Array( 'name' => addslashes($name), 'uri' => addslashes((!empty($uri) ? $config['uri_stylesheets'] : '') . $uri)); } $script = Element('main.js', Array( 'config' => $config, 'stylesheets' => $stylesheets )); if($config['additional_javascript_compile']) { foreach($config['additional_javascript'] as $file) { $script .= file_get_contents($file); } } if($config['minify_js']) { require_once 'inc/contrib/minify/JSMin.php'; $script = JSMin::minify($script); } file_write($config['file_script'], $script); } function checkDNSBL() { global $config; if(isIPv6()) return; // No IPv6 support yet. if(!isset($_SERVER['REMOTE_ADDR'])) return; // Fix your web server configuration if(in_array($_SERVER['REMOTE_ADDR'], $config['dnsbl_exceptions'])) return; $ip = ReverseIPOctets($_SERVER['REMOTE_ADDR']); foreach($config['dnsbl'] as $blacklist) { if(!is_array($blacklist) == 1) $blacklist = Array($blacklist); if(($lookup = str_replace('%', $ip, $blacklist[0])) == $blacklist[0]) $lookup = $ip . '.' . $blacklist[0]; if(!$ip = DNS($lookup)) continue; // not in list $blacklist_name = isset($blacklist[2]) ? $blacklist[2] : $blacklist[0]; if(!isset($blacklist[1])) { // If you're listed at all, you're blocked. error(sprintf($config['error']['dnsbl'], $blacklist_name)); } elseif(is_array($blacklist[1])) { foreach($blacklist[1] as $octet) { if($ip == $octet || $ip == '127.0.0.' . $octet) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } } elseif(is_callable($blacklist[1])) { if($blacklist[1]($ip)) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } else { if($ip == $blacklist[1] || $ip == '127.0.0.' . $blacklist_name) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } } } function isIPv6() { return strstr($_SERVER['REMOTE_ADDR'], ':') !== false; } function ReverseIPOctets($ip) { $ipoc = explode('.', $ip); return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; } function wordfilters(&$body) { global $config; foreach($config['wordfilters'] as $filter) { if(isset($filter[2]) && $filter[2]) { $body = preg_replace($filter[0], $filter[1], $body); } else { $body = str_ireplace($filter[0], $filter[1], $body); } } } function quote($body, $quote=true) { global $config; $body = str_replace('