str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')), 'img' => preg_quote($config['dir']['img'], '/'), 'thumb' => preg_quote($config['dir']['thumb'], '/'), 'res' => preg_quote($config['dir']['res'], '/'), 'index' => preg_quote($config['file_index'], '/') ); if(preg_match('/^\/?$/', $query)) { // Dashboard $fieldset = Array( 'Boards' => '', 'Noticeboard' => '', 'Administration' => '', 'Themes' => '', 'Search' => '', 'Update' => '', 'Logout' => '' ); // Boards $fieldset['Boards'] .= ulBoards(); if(hasPermission($config['mod']['noticeboard'])) { if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) { $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $fieldset['Noticeboard'] .= '
' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '
' . '' . 'Are you sure you want to do that?' . 'We were unable to serve a confirmation dialog for ' . '?/' . utf8tohtml($uri) . '' . ', probably due to Javascript being disabled.' . '
' . ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Confirm', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/upgrade$/', $query)) { if($mod['type'] != ADMIN) error($config['error']['noaccess']); if(!extension_loaded('curl')) error('You need the cURL PHP extension to do that.'); if(!class_exists('ZipArchive')) error('You need the ZipArchive class to do that.'); if(!in_array('zip', stream_get_wrappers())) error('You need the zip:// stream wrapper to do that.'); $temp = tempnam($config['tmp'], 'tinyboard'); $fp = fopen($temp, 'w+'); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master'); curl_setopt($curl, CURLOPT_FAILONERROR, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($curl, CURLOPT_TIMEOUT, 45); curl_setopt($curl, CURLOPT_FILE, $fp); curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile()); curl_setopt($curl, CURLOPT_HEADER, true); curl_exec($curl); if(curl_errno($curl)) error('Failed downloading newest revision: ' . curl_error($curl)); curl_close($curl); fflush($fp); fclose($fp); fseek($header, 0); $version = false; while($line = fgets($header)) { if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) { $version = $m[1]; } } fclose($header); $zip = new ZipArchive(); if(!$zip->open($temp)) error('Could not make sense of the ZIP archive.'); $version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0)); $errors = Array(); for($i = 1; $i < $zip->numFiles; $i++) { $filename = str_replace($dir, '', $zip->getNameIndex($i)); if($filename == 'inc/instance-config.php') continue; // don't override config // are we able to write here? if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable($dirname)))) { // nope $errors[] = 'Cannot write to ' . $filename . '!'; } } if($errors) { $body = 'Tinyboard can not self-upgrade until the following is fixed:
Please fix the above errors and refresh to try again.
Upgrading seems to have gone okay. You are now at revision ' . $version . '.
' )); } elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) { if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); $page = isset($match[2]) ? $match[2] : 1; $boards = Array(); $_boards = listBoards(); foreach($_boards as &$_b) { $boards[$_b['id']] = $_b['uri']; } $query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$query->rowCount()) { $body = '(Nothing to display.)
'; } else { $body = '' . _('User') . ' | ' . '' . _('IP address') . ' | ' . '' . _('Ago') . ' | ' . '' . _('Board') . ' | ' . '' . _('Action') . ' | ' . '
---|---|---|---|---|
' . ($log['username'] ? '' . $log['username'] . '' : '' . ($log['id'] < 0 ? 'system' : 'deleted?') . '') . ' | ' . '' . $log['ip'] . ' | ' . '' . ago($log['time']) . ' | ' . '' . ($log['board'] ? (isset($boards[$log['board']]) ? '' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . ' | ' : 'deleted?') : '-') . '' . $log['text'] . ' | ' . '
'; for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) { $body .= '[' . ($x + 1) . '] '; } $body .= '
'; } echo Element('page.html', Array( 'config'=>$config, 'title'=>_('Moderation log'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/none$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); // Clearsettings query("TRUNCATE TABLE `theme_settings`") or error(db_error()); echo Element('page.html', Array( 'config'=>$config, 'title'=>'No theme', 'body'=>'Successfully uninstalled all themes.
' . '', 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); rebuildTheme($match[1], 'all'); echo Element('page.html', Array( 'config'=>$config, 'title'=>'Rebuilt', 'body'=>'Successfully rebuilt the ' . $match[1] . ' theme.
' . '', 'mod'=>true ) ); } elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $match[1]); $query->execute() or error(db_error($query)); echo Element('page.html', Array( 'config'=>$config, 'title'=>'Uninstalled', 'body'=>'Successfully uninstalled the ' . $match[1] . ' theme.
' . '', 'mod'=>true ) ); } elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) { if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); if(!is_dir($config['dir']['themes'])) error('Themes directory doesn\'t exist!'); if(!$dir = opendir($config['dir']['themes'])) error('Cannot open themes directory; check permissions.'); if(isset($match[2])) { $_theme = &$match[2]; if(!$theme = loadThemeConfig($_theme)) { error($config['error']['invalidtheme']); } if(isset($_POST['install'])) { // Check if everything is submitted foreach($theme['config'] as &$c) { if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox') error(sprintf($config['error']['required'], $c['title'])); } // Clear previous settings $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); foreach($theme['config'] as &$c) { $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)"); $query->bindValue(':theme', $_theme); $query->bindValue(':name', $c['name']); $query->bindValue(':value', $_POST[$c['name']]); $query->execute() or error(db_error($query)); } $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); $result = true; $body = ''; if(isset($theme['install_callback'])) { $ret = $theme['install_callback'](themeSettings($_theme)); if($ret && !empty($ret)) { if(is_array($ret) && count($ret) == 2) { $result = $ret[0]; $ret = $ret[1]; } $body .= 'Successfully installed and built theme.
'; } else { // install failed $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); $query->bindValue(':theme', $_theme); $query->execute() or error(db_error($query)); } $body .= ''; // Build themes rebuildThemes('all'); echo Element('page.html', Array( 'config'=>$config, 'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'), 'body'=>$body, 'mod'=>true ) ); } else { $body = ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Installing "' . utf8tohtml($theme['name']) . '"', 'body'=>$body, 'mod'=>true ) ); } } else { $themes_in_use = Array(); $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); while($theme = $query->fetch()) { $themes_in_use[$theme['theme']] = true; } // Scan directory for themes $themes = Array(); while($file = readdir($dir)) { if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) { $themes[] = $file; } } closedir($dir); $body = ''; if(empty($themes)) { $body = '(No themes installed.)
'; } else { $body .= '' . _('Name') . ' | ' . '' . utf8tohtml($theme['name']) . ' | ' . '
---|---|
' . _('Version') . ' | ' . '' . utf8tohtml($theme['version']) . ' | ' . '
' . _('Description') . ' | ' . '' . $theme['description'] . ' | ' . '
' . _('Thumbnail') . ' | ' . '' . ' |
' . _('Actions') . ' | ' . '
| ' .
'
' . _('Uninstall all themes.') . '
'; echo Element('page.html', Array( 'config'=>$config, 'title'=>_('Manage themes'), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) { if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); $query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id"); $query->bindValue(':id', $match[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) cache::delete('noticeboard_preview'); header('Location: ?/noticeboard', true, $config['redirect_http']); } elseif(preg_match('/^\/noticeboard$/', $query)) { if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']); $body = ''; if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { $query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindvalue(':time', time(), PDO::PARAM_INT); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); markup($_POST['body']); $query->bindValue(':body', $_POST['body']); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) cache::delete('noticeboard_preview'); header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']); } else { if(hasPermission($config['mod']['noticeboard_post'])) { $body .= ''; } $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while($notice = $query->fetch()) { $body .= '' . $notice['body'] . '
' . $news['body'] . '
(' . _('No private messages for you.') . ')
'; } else { $unread_pms = 0; $body = 'ID | From | Date | Message snippet |
---|---|---|---|
' . $pm['id'] . ' | ' . '' . ($pm['username'] ? '' . $pm['username'] . '' : 'deleted?') . ' | ' . '' . strftime($config['post_date'], $pm['time']) . ' | ' . '' . pm_snippet($pm['message']) . ' | ' . '
Message sent successfully to ' . utf8tohtml($to['username']) . '.
', 'mod'=>true ) ); } else { $value = ''; if(isset($match[3])) { $reply = &$match[3]; $query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id"); $query->bindValue(':sender', $to['id'], PDO::PARAM_INT); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':id', $reply, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($pm = $query->fetch()) { $value = quote($pm['message']); } } $body = ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>'New PM for ' . utf8tohtml($to['username']), 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/search$/', $query)) { if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']); $body = '(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)
' . '(No results.)
'; } echo Element('page.html', Array( 'config'=>$config, 'title'=>'Search', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/users$/', $query)) { if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); $body = ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>_('Manage users'), 'body'=>$body ,'mod'=>true ) ); } elseif(preg_match('/^\/users\/new$/', $query)) { if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']); if(isset($_POST['username']) && isset($_POST['password'])) { if(!isset($_POST['type'])) { error(sprintf($config['error']['required'], 'type')); } if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) { error(sprintf($config['error']['invalidfield'], 'type')); } // Check if already exists $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); $query->bindValue(':username', $_POST['username']); $query->execute() or error(db_error($query)); if($_mod = $query->fetch()) { error(sprintf($config['error']['modexists'], $_mod['id'])); } $boards = Array(); foreach($_POST as $name => $null) { if(preg_match('/^board_(.+)$/', $name, $m)) $boards[] = $m[1]; } $boards = implode(',', $boards); $query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)"); $query->bindValue(':username', $_POST['username']); $query->bindValue(':password', sha1($_POST['password'])); $query->bindValue(':type', $_POST['type'], PDO::PARAM_INT); $query->bindValue(':boards', $boards); $query->execute() or error(db_error($query)); modLog('Create a new user: "' . $_POST['username'] . '"'); header('Location: ?/users', true, $config['redirect_http']); } else { $__boards = 'Showing ' . ($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.
'; echo Element('page.html', Array( 'config'=>$config, 'title'=>_('Report queue') . ' (' . $count['count'] . ')', 'body'=>$body, 'mod'=>true )); } elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) { if(isset($matches[2]) && $matches[2] == '/all') { if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']); $query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); $query->bindValue(':ip', $report['ip'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); modLog('Dismissed all reports by ' . $report['ip']); } } else { if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']); $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id"); $query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($report = $query->fetch()) { modLog('Dismissed a report for post #' . $report['post'], $report['board']); $query = prepare("DELETE FROM `reports` WHERE `post` = :post"); $query->bindValue(':post', $report['post'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // Redirect header('Location: ?/reports', true, $config['redirect_http']); } elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) { if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']); if(!openBoard($matches[1])) error($config['error']['noboard']); if(isset($matches[2]) && $matches[2] == '/delete') { if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']); // Delete board modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri'])); // Delete entire board directory rrmdir($board['uri'] . '/'); // Delete posting table $query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error()); // Clear reports $query = prepare("DELETE FROM `reports` WHERE `board` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); // Delete from table $query = prepare("DELETE FROM `boards` WHERE `id` = :id"); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) { cache::delete('board_' . $board['uri']); cache::delete('all_boards'); } $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); while($cite = $query->fetch()) { if($board['uri'] != $cite['board']) { if(!isset($tmp_board)) $tmp_board = $board; openBoard($cite['board']); rebuildPost($cite['post']); } } if(isset($tmp_board)) $board = $tmp_board; $query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); $_board = $board; rebuildThemes('boards'); $board = $_board; header('Location: ?/', true, $config['redirect_http']); } else { if(isset($_POST['title']) && isset($_POST['subtitle'])) { $query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id"); $query->bindValue(':title', utf8tohtml($_POST['title'], true)); if(!empty($_POST['subtitle'])) $query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true)); else $query->bindValue(':subtitle', null, PDO::PARAM_NULL); $query->bindValue(':id', $board['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($config['cache']['enabled']) { cache::delete('board_' . $board['uri']); cache::delete('all_boards'); } $_board = $board; rebuildThemes('boards'); $board = $_board; openBoard($board['uri']); } $body = ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']), 'body'=>$body, 'mod'=>true )); } } elseif(preg_match('/^\/bans$/', $query)) { if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); if(isset($_POST['unban'])) { if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); foreach($_POST as $post => $value) { if(preg_match('/^ban_(\d+)$/', $post, $m)) { removeBan($m[1]); } } } if(hasPermission($config['mod']['view_banexpired'])) { $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } else { // Filter out expired bans $query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->execute() or error(db_error($query)); } if($query->rowCount() < 1) { $body = '(There are no active bans.)
'; } else { $body = '' . $body . '
', 'mod'=>true )); } elseif(preg_match('/^\/rebuild$/', $query)) { if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); set_time_limit($config['mod']['rebuild_timelimit']); $body = '';
$body .= 'Clearing template cache…
';
$twig = new Twig_Environment($loader, Array(
'cache' => "{$config['dir']['template']}/cache"
));
$twig->clearCacheFiles();
$body .= 'Regenerating theme files…
';
rebuildThemes('all');
$body .= 'Generating Javascript file…
';
buildJavascript();
$boards = listBoards();
foreach($boards as &$board) {
$body .= "Opening board /{$board['uri']}/
";
openBoard($board['uri']);
$body .= 'Creating index pages
';
buildIndex();
$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
while($post = $query->fetch()) {
$body .= "Rebuilding #{$post['id']}
";
buildThread($post['id']);
}
}
$body .= 'Complete!
' . '[Edit using web editor]' : '') . '
'; echo Element('page.html', Array( 'config'=>$config, 'title'=>_('Configuration'), 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/new$/', $query)) { if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); // New board $body = ''; if(isset($_POST['new_board'])) { // Create new board if( !isset($_POST['uri']) || !isset($_POST['title']) || !isset($_POST['subtitle']) ) error($config['error']['missedafield']); $b = Array( 'uri' => $_POST['uri'], 'title' => $_POST['title'], 'subtitle' => $_POST['subtitle'] ); // HTML characters $b['title'] = utf8tohtml($b['title'], true); $b['subtitle'] = utf8tohtml($b['subtitle'], true); // Check required fields if(empty($b['uri'])) error(sprintf($config['error']['required'], 'URI')); if(empty($b['title'])) error(sprintf($config['error']['required'], 'title')); // Check string lengths if(mb_strlen($b['uri']) > 15) error(sprintf($config['error']['toolong'], 'URI')); if(strlen($b['title']) > 40) error(sprintf($config['error']['toolong'], 'title')); if(strlen($b['subtitle']) > 120) error(sprintf($config['error']['toolong'], 'subtitle')); if(!preg_match('/^\w+$/', $b['uri'])) error(sprintf($config['error']['invalidfield'], 'URI')); if(openBoard($b['uri'])) { unset($board); error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri']))); } $query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)"); $query->bindValue(':uri', $b['uri']); $query->bindValue(':title', $b['title']); if(!empty($b['subtitle'])) { $query->bindValue(':subtitle', $b['subtitle']); } else { $query->bindValue(':subtitle', null, PDO::PARAM_NULL); } $query->execute() or error(db_error($query)); // Record the action modLog("Created a new board: {$b['title']}"); // Open the board openBoard($b['uri']) or error("Couldn't open board after creation."); // Create the posts table query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error()); if($config['cache']['enabled']) cache::delete('all_boards'); // Build the board buildIndex(); rebuildThemes('boards'); header('Location: ?/board/' . $b['uri'], true, $config['redirect_http']); } else { $body .= form_newBoard(); // TODO: Statistics, etc, in the dashboard. echo Element('page.html', Array( 'config'=>$config, 'title'=>'New board', 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) { // Board index $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2]; if(!$page = index($page_no, $mod)) { error($config['error']['404']); } $page['pages'] = getPages(true); $page['pages'][$page_no-1]['selected'] = true; $page['btn'] = getPageButtons($page['pages'], true); $page['mod'] = true; echo Element('index.html', $page); } elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) { // View thread $boardName = &$matches[1]; $thread = &$matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $page = buildThread($thread, true, $mod); echo $page; } elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) { // Edit post body $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']); $postID = &$matches[2]; $query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $post = $query->fetch() or error($config['error']['invalidpost']); if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) { if(mb_strlen($_POST['subject']) > 100) error(sprintf($config['error']['toolong'], 'subject')); $body = $_POST['body']; $body_nomarkup = $body; wordfilters($body); $tracked_cites = markup($body, true); $query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post"); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->bindValue(':body', $body); $query->bindValue(':body_nomarkup', $body_nomarkup); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); $query->execute() or error(db_error($query)); if(isset($tracked_cites)) { foreach($tracked_cites as $cite) { $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $postID, PDO::PARAM_INT); $query->bindValue(':target_board',$cite[0]); $query->bindValue(':target', $cite[1], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } } // Record the action modLog("Edited post #{$postID}"); buildThread($post['thread'] ? $post['thread'] : $postID); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); exit; } $post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']); if($config['minify_html']) $post['body_nomarkup'] = str_replace("\n", ' ', $post['body_nomarkup']); $body = ''; echo Element('page.html', Array( 'config' => $config, 'body' => $body, 'title' => 'Edit Post #' . $postID )); } elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) { // Delete file from post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']); $post = &$matches[2]; // Delete post deleteFile($post); // Record the action modLog("Removed file from post #{$post}"); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { // Delete post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); $post = &$matches[2]; // Delete post deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) { // Add/remove sticky $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unstickied post #{$post}"); $query->bindValue(':sticky', 0, PDO::PARAM_INT); } else { // Record the action modLog("Stickied post #{$post}"); $query->bindValue(':sticky', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) { // Lock/Unlock $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unlocked post #{$post}"); $query->bindValue(':locked', 0, PDO::PARAM_INT); } else { // Record the action modLog("Locked post #{$post}"); $query->bindValue(':locked', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) { // Lock/Unlock $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']); $post = &$matches[3]; $query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); if($matches[2] == 'un') { // Record the action modLog("Unbumplocked post #{$post}"); $query->bindValue(':bumplocked', 0, PDO::PARAM_INT); } else { // Record the action modLog("Bumplocked post #{$post}"); $query->bindValue(':bumplocked', 1, PDO::PARAM_INT); } $query->execute() or error(db_error($query)); buildIndex(); buildThread($post); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) { // Delete all posts by an IP $boardName = &$matches[1]; $post = &$matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); $query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) error($config['error']['invalidpost']); $ip = $post['ip']; $boards = listBoards(); $query = ''; foreach($boards as &$_board) { $query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', '', $query); $query = prepare($query); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) error($config['error']['invalidpost']); $boards = Array(); while($post = $query->fetch()) { openBoard($post['board']); $boards[] = $post['board']; deletePost($post['id'], false); } foreach($boards as &$_board) { openBoard($_board); buildIndex(); } // Record the action modLog("Deleted all posts by IP address: {$ip}"); header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } elseif(preg_match('/^\/ban$/', $query)) { if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); // Ban page if(isset($_POST['new_ban'])) { if( !isset($_POST['ip']) || !isset($_POST['reason']) || !isset($_POST['length']) || !isset($_POST['board_id']) ) error($config['error']['missedafield']); // Check required fields if(empty($_POST['ip'])) error(sprintf($config['error']['required'], 'IP address')); $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)"); // 1yr2hrs30mins // 1y2h30m $expire = 0; if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) { if(isset($m[2])) { // Years $expire += $m[2]*60*60*24*365; } if(isset($m[4])) { // Months $expire += $m[4]*60*60*24*30; } if(isset($m[6])) { // Weeks $expire += $m[6]*60*60*24*7; } if(isset($m[8])) { // Days $expire += $m[8]*60*60*24; } if(isset($m[10])) { // Hours $expire += $m[10]*60*60; } if(isset($m[12])) { // Minutes $expire += $m[12]*60; } if(isset($m[14])) { // Seconds $expire += $m[14]; } } if($expire) { $query->bindValue(':expires', time()+$expire, PDO::PARAM_INT); } else { // Never expire $query->bindValue(':expires', null, PDO::PARAM_NULL); } $query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':set', time(), PDO::PARAM_INT); if(!empty($_POST['reason'])) { $reason = $_POST['reason']; markup($reason); $query->bindValue(':reason', $reason, PDO::PARAM_STR); } else { $query->bindValue(':reason', null, PDO::PARAM_NULL); } if($_POST['board_id'] < 0) { $query->bindValue(':board', null, PDO::PARAM_NULL); } else { $query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT); } // Record the action modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason')); $query->execute() or error(db_error($query)); if(isset($_POST['board'])) openBoard($_POST['board']); // Delete too if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) { $post = round($_POST['delete']); deletePost($post); // Record the action modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); } if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) { $post = round($_POST['post']); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); $query->execute() or error(db_error($query)); // Rebuild thread $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $thread = $query->fetch(); if($thread['thread']) buildThread($thread['thread']); else buildThread($post); // Rebuild board buildIndex(); // Record the action modLog("Attached a public ban message for post #{$post}: " . $_POST['message']); } // Redirect if(isset($_POST['continue'])) header('Location: ' . $_POST['continue'], true, $config['redirect_http']); elseif(isset($board)) header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); else header('Location: ?/', true, $config['redirect_http']); } } elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) { $boardName = &$matches[1]; $postID = $matches[2]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']); if(isset($_POST['board'])) { $targetBoard = $_POST['board']; $shadow = isset($_POST['shadow']); if($targetBoard == $boardName) error("Target and source board are the same."); // copy() if leaving a shadow thread behind. otherwise, rename(). $clone = $shadow ? 'copy' : 'rename'; $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$post = $query->fetch()) { error($config['error']['nonexistant']); } if($post['file']) { $post['has_file'] = true; $post['width'] = &$post['filewidth']; $post['height'] = &$post['fileheight']; $file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; $file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; } else $post['has_file'] = false; // allow thread to keep its same traits (stickied, locked, etc.) $post['mod'] = true; if(!openBoard($targetBoard)) error($config['error']['noboard']); $newID = post($post, true); if($post['has_file']) { $clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); $clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); } // move replies too... openBoard($boardName); $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $replies = Array(); while($post = $query->fetch()) { $post['mod'] = true; $post['thread'] = $newID; if($post['file']) { $post['has_file'] = true; $post['width'] = &$post['filewidth']; $post['height'] = &$post['fileheight']; $post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']; $post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']; } else $post['has_file'] = false; $replies[] = $post; } openBoard($targetBoard); foreach($replies as &$post) { post($post, false); if($post['has_file']) { $clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']); $clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']); } } // build thread buildThread($newID); buildIndex(); // trigger themes rebuildThemes('post'); openBoard($boardName); if($shadow) { // lock thread $query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $post = Array( 'mod' => true, 'subject' => '', 'email' => '', 'name' => $config['mod']['shadow_name'], 'capcode' => $config['mod']['shadow_capcode'], 'trip' => '', 'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID), 'password' => '', 'has_file' => false, // attach to original thread 'thread' => $postID ); markup($post['body']); $botID = post($post, false); header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']); } else { deletePost($postID); buildIndex(); openBoard($targetBoard); header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']); } } else { $body = ''; echo Element('page.html', Array( 'config'=>$config, 'title'=>'Move #' . $postID, 'body'=>$body, 'mod'=>true ) ); } } elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) { // Ban by post $boardName = &$matches[1]; // Open board if(!openBoard($boardName)) error($config['error']['noboard']); if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']); $delete = isset($matches[2]) && $matches[2] == '&delete'; if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']); $post = $matches[3]; $query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $post, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if($query->rowCount() < 1) { error($config['error']['invalidpost']); } $post = $query->fetch(); $body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete); echo Element('page.html', Array( 'config'=>$config, 'title'=>'New ban', 'body'=>$body, 'mod'=>true ) ); } elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P