array(), 'exec' => array(), 'purge' => array(), 'cached' => array(), 'write' => array(), 'time' => array( 'db_queries' => 0, 'exec' => 0, ), 'start' => $microtime_start, 'start_debug' => microtime(true) ); $debug['start'] = $microtime_start; } } } function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true) { global $config; if ($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } // Yes, this is horrible. die('
This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.
'); } function fatal_error_handler() { if ($error = error_get_last()) { if ($error['type'] == E_ERROR) { if (function_exists('error')) { error('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); } else { basic_error_function_because_the_other_isnt_loaded_yet('Caught fatal error: ' . $error['message'] . ' in ' . $error['file'] . ' on line ' . $error['line'], LOG_ERR); } } } } function _syslog($priority, $message) { if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) { // CGI syslog($priority, $message . ' - client: ' . $_SERVER['REMOTE_ADDR'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"'); } else { syslog($priority, $message); } } function verbose_error_handler($errno, $errstr, $errfile, $errline) { if (error_reporting() == 0) return false; // Looks like this warning was suppressed by the @ operator. error(utf8tohtml($errstr), true, array( 'file' => $errfile . ':' . $errline, 'errno' => $errno, 'error' => $errstr, 'backtrace' => array_slice(debug_backtrace(), 1) )); } function define_groups() { global $config; foreach ($config['mod']['groups'] as $group_value => $group_name) defined($group_name) or define($group_name, $group_value, true); ksort($config['mod']['groups']); } function create_antibot($board, $thread = null) { require_once dirname(__FILE__) . '/anti-bot.php'; return _create_antibot($board, $thread); } function rebuildThemes($action, $boardname = false) { global $config, $board; // Save the global variables $_config = $config; $_board = $board; // List themes $query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); while ($theme = $query->fetch(PDO::FETCH_ASSOC)) { rebuildTheme($theme['theme'], $action, $boardname); } // Restore them $config = $_config; $board = $_board; } function loadThemeConfig($_theme) { global $config; if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) return false; // Load theme information into $theme include $config['dir']['themes'] . '/' . $_theme . '/info.php'; return $theme; } function rebuildTheme($theme, $action, $board = false) { global $config, $_theme; $_theme = $theme; $theme = loadThemeConfig($_theme); if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) { require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php'; $theme['build_function']($action, themeSettings($_theme), $board); } } function themeSettings($theme) { $query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL"); $query->bindValue(':theme', $theme); $query->execute() or error(db_error($query)); $settings = array(); while ($s = $query->fetch(PDO::FETCH_ASSOC)) { $settings[$s['name']] = $s['value']; } return $settings; } function sprintf3($str, $vars, $delim = '%') { $replaces = array(); foreach ($vars as $k => $v) { $replaces[$delim . $k . $delim] = $v; } return str_replace(array_keys($replaces), array_values($replaces), $str); } function mb_substr_replace($string, $replacement, $start, $length) { return mb_substr($string, 0, $start) . $replacement . mb_substr($string, $start + $length); } function setupBoard($array) { global $board, $config; $board = array( 'uri' => $array['uri'], 'title' => $array['title'], 'subtitle' => $array['subtitle'] ); // older versions $board['name'] = &$board['title']; $board['dir'] = sprintf($config['board_path'], $board['uri']); $board['url'] = sprintf($config['board_abbreviation'], $board['uri']); loadConfig(); if (!file_exists($board['dir'])) @mkdir($board['dir'], 0777) or error("Couldn't create " . $board['dir'] . ". Check permissions.", true); if (!file_exists($board['dir'] . $config['dir']['img'])) @mkdir($board['dir'] . $config['dir']['img'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); if (!file_exists($board['dir'] . $config['dir']['thumb'])) @mkdir($board['dir'] . $config['dir']['thumb'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); if (!file_exists($board['dir'] . $config['dir']['res'])) @mkdir($board['dir'] . $config['dir']['res'], 0777) or error("Couldn't create " . $board['dir'] . $config['dir']['img'] . ". Check permissions.", true); } function openBoard($uri) { global $config, $build_pages; if ($config['try_smarter']) $build_pages = array(); $board = getBoardInfo($uri); if ($board) { setupBoard($board); return true; } return false; } function getBoardInfo($uri) { global $config; if ($config['cache']['enabled'] && ($board = cache::get('board_' . $uri))) { return $board; } $query = prepare("SELECT * FROM ``boards`` WHERE `uri` = :uri LIMIT 1"); $query->bindValue(':uri', $uri); $query->execute() or error(db_error($query)); if ($board = $query->fetch(PDO::FETCH_ASSOC)) { if ($config['cache']['enabled']) cache::set('board_' . $uri, $board); return $board; } return false; } function boardTitle($uri) { $board = getBoardInfo($uri); if ($board) return $board['title']; return false; } function purge($uri) { global $config, $debug; // Fix for Unicode $uri = rawurlencode($uri); $noescape = "/!~*()+:"; $noescape = preg_split('//', $noescape); $noescape_url = array_map("rawurlencode", $noescape); $uri = str_replace($noescape_url, $noescape, $uri); if (preg_match($config['referer_match'], $config['root']) && isset($_SERVER['REQUEST_URI'])) { $uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri; } else { $uri = $config['root'] . $uri; } if ($config['debug']) { $debug['purge'][] = $uri; } foreach ($config['purge'] as &$purge) { $host = &$purge[0]; $port = &$purge[1]; $http_host = isset($purge[2]) ? $purge[2] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'); $request = "PURGE {$uri} HTTP/1.1\r\nHost: {$http_host}\r\nUser-Agent: Tinyboard\r\nConnection: Close\r\n\r\n"; if ($fp = fsockopen($host, $port, $errno, $errstr, $config['purge_timeout'])) { fwrite($fp, $request); fclose($fp); } else { // Cannot connect? error('Could not PURGE for ' . $host); } } } function file_write($path, $data, $simple = false, $skip_purge = false) { global $config, $debug; if (preg_match('/^remote:\/\/(.+)\:(.+)$/', $path, $m)) { if (isset($config['remote'][$m[1]])) { require_once 'inc/remote.php'; $remote = new Remote($config['remote'][$m[1]]); $remote->write($data, $m[2]); return; } else { error('Invalid remote server: ' . $m[1]); } } if (!$fp = fopen($path, $simple ? 'w' : 'c')) error('Unable to open file for writing: ' . $path); // File locking if (!$simple && !flock($fp, LOCK_EX)) { error('Unable to lock file: ' . $path); } // Truncate file if (!$simple && !ftruncate($fp, 0)) error('Unable to truncate file: ' . $path); // Write data if (($bytes = fwrite($fp, $data)) === false) error('Unable to write to file: ' . $path); // Unlock if (!$simple) flock($fp, LOCK_UN); // Close if (!fclose($fp)) error('Unable to close file: ' . $path); if (!$skip_purge && isset($config['purge'])) { // Purge cache if (basename($path) == $config['file_index']) { // Index file (/index.html); purge "/" as well $uri = dirname($path); // root if ($uri == '.') $uri = ''; else $uri .= '/'; purge($uri); } purge($path); } if ($config['debug']) { $debug['write'][] = $path . ': ' . $bytes . ' bytes'; } event('write', $path); } function file_unlink($path) { global $config, $debug; if ($config['debug']) { if (!isset($debug['unlink'])) $debug['unlink'] = array(); $debug['unlink'][] = $path; } $ret = @unlink($path); if (isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) { // Purge cache if (basename($path) == $config['file_index']) { // Index file (/index.html); purge "/" as well $uri = dirname($path); // root if ($uri == '.') $uri = ''; else $uri .= '/'; purge($uri); } purge($path); } event('unlink', $path); return $ret; } function hasPermission($action = null, $board = null, $_mod = null) { global $config; if (isset($_mod)) $mod = &$_mod; else global $mod; if (!is_array($mod)) return false; if (isset($action) && $mod['type'] < $action) return false; if (!isset($board) || $config['mod']['skip_per_board']) return true; if (!isset($mod['boards'])) return false; if (!in_array('*', $mod['boards']) && !in_array($board, $mod['boards'])) return false; return true; } function listBoards($just_uri = false) { global $config; $just_uri ? $cache_name = 'all_boards_uri' : $cache_name = 'all_boards'; if ($config['cache']['enabled'] && ($boards = cache::get($cache_name))) return $boards; if (!$just_uri) { $query = query("SELECT * FROM ``boards`` ORDER BY `uri`") or error(db_error()); $boards = $query->fetchAll(); } else { $boards = array(); $query = query("SELECT `uri` FROM ``boards``") or error(db_error()); while ($board = $query->fetchColumn()) { $boards[] = $board; } } if ($config['cache']['enabled']) cache::set($cache_name, $boards); return $boards; } function until($timestamp) { $difference = $timestamp - time(); if ($difference < 60) { return $difference . ' ' . ngettext('second', 'seconds', $difference); } elseif ($difference < 60*60) { return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num); } elseif ($difference < 60*60*24) { return ($num = round($difference/(60*60))) . ' ' . ngettext('hour', 'hours', $num); } elseif ($difference < 60*60*24*7) { return ($num = round($difference/(60*60*24))) . ' ' . ngettext('day', 'days', $num); } elseif ($difference < 60*60*24*365) { return ($num = round($difference/(60*60*24*7))) . ' ' . ngettext('week', 'weeks', $num); } return ($num = round($difference/(60*60*24*365))) . ' ' . ngettext('year', 'years', $num); } function ago($timestamp) { $difference = time() - $timestamp; if ($difference < 60) { return $difference . ' ' . ngettext('second', 'seconds', $difference); } elseif ($difference < 60*60) { return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num); } elseif ($difference < 60*60*24) { return ($num = round($difference/(60*60))) . ' ' . ngettext('hour', 'hours', $num); } elseif ($difference < 60*60*24*7) { return ($num = round($difference/(60*60*24))) . ' ' . ngettext('day', 'days', $num); } elseif ($difference < 60*60*24*365) { return ($num = round($difference/(60*60*24*7))) . ' ' . ngettext('week', 'weeks', $num); } return ($num = round($difference/(60*60*24*365))) . ' ' . ngettext('year', 'years', $num); } function displayBan($ban) { global $config, $board; if (!$ban['seen']) { Bans::seen($ban['id']); } $ban['ip'] = $_SERVER['REMOTE_ADDR']; if ($ban['post'] && isset($ban['post']['board'], $ban['post']['id'])) { if (openBoard($ban['post']['board'])) { $query = query(sprintf("SELECT `thumb`, `file` FROM ``posts_%s`` WHERE `id` = " . (int)$ban['post']['id'], $board['uri'])); if ($_post = $query->fetch(PDO::FETCH_ASSOC)) { $ban['post'] = array_merge($ban['post'], $_post); } else { $ban['post']['file'] = 'deleted'; $ban['post']['thumb'] = false; } } else { $ban['post']['file'] = 'deleted'; $ban['post']['thumb'] = false; } if ($ban['post']['thread']) { $post = new Post($ban['post']); } else { $post = new Thread($ban['post'], null, false, false); } } $denied_appeals = array(); $pending_appeal = false; if ($config['ban_appeals']) { $query = query("SELECT `time`, `denied` FROM `ban_appeals` WHERE `ban_id` = " . (int)$ban['id']) or error(db_error()); while ($ban_appeal = $query->fetch(PDO::FETCH_ASSOC)) { if ($ban_appeal['denied']) { $denied_appeals[] = $ban_appeal['time']; } else { $pending_appeal = $ban_appeal['time']; } } } // Show banned page and exit die( Element('page.html', array( 'title' => _('Banned!'), 'config' => $config, 'nojavascript' => true, 'body' => Element('banned.html', array( 'config' => $config, 'ban' => $ban, 'board' => $board, 'post' => isset($post) ? $post->build(true) : false, 'denied_appeals' => $denied_appeals, 'pending_appeal' => $pending_appeal ) )) )); } function checkBan($board = false) { global $config; if (!isset($_SERVER['REMOTE_ADDR'])) { // Server misconfiguration return; } if (event('check-ban', $board)) return true; $bans = Bans::find($_SERVER['REMOTE_ADDR'], $board); foreach ($bans as &$ban) { if ($ban['expires'] && $ban['expires'] < time()) { Bans::delete($ban['id']); if ($config['require_ban_view'] && !$ban['seen']) { if (!isset($_POST['json_response'])) { displayBan($ban); } else { header('Content-Type: text/json'); die(json_encode(array('error' => true, 'banned' => true))); } } } else { if (!isset($_POST['json_response'])) { displayBan($ban); } else { header('Content-Type: text/json'); die(json_encode(array('error' => true, 'banned' => true))); } } } // I'm not sure where else to put this. It doesn't really matter where; it just needs to be called every // now and then to keep the ban list tidy. if ($config['cache']['enabled'] && $last_time_purged = cache::get('purged_bans_last')) { if (time() - $last_time_purged < $config['purge_bans'] ) return; } Bans::purge(); if ($config['cache']['enabled']) cache::set('purged_bans_last', time()); } function threadLocked($id) { global $board; if (event('check-locked', $id)) return true; $query = prepare(sprintf("SELECT `locked` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if (($locked = $query->fetchColumn()) === false) { // Non-existant, so it can't be locked... return false; } return (bool)$locked; } function threadSageLocked($id) { global $board; if (event('check-sage-locked', $id)) return true; $query = prepare(sprintf("SELECT `sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if (($sagelocked = $query->fetchColumn()) === false) { // Non-existant, so it can't be locked... return false; } return (bool)$sagelocked; } function threadExists($id) { global $board; $query = prepare(sprintf("SELECT 1 FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); if ($query->rowCount()) { return true; } return false; } function insertFloodPost(array $post) { global $board; $query = prepare("INSERT INTO ``flood`` VALUES (NULL, :ip, :board, :time, :posthash, :filehash, :isreply)"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board['uri']); $query->bindValue(':time', time()); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); if ($post['has_file']) $query->bindValue(':filehash', $post['filehash']); else $query->bindValue(':filehash', null, PDO::PARAM_NULL); $query->bindValue(':isreply', !$post['op'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } function post(array $post) { global $pdo, $board; $query = prepare(sprintf("INSERT INTO ``posts_%s`` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :files, :num_files, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); // Basic stuff if (!empty($post['subject'])) { $query->bindValue(':subject', $post['subject']); } else { $query->bindValue(':subject', null, PDO::PARAM_NULL); } if (!empty($post['email'])) { $query->bindValue(':email', $post['email']); } else { $query->bindValue(':email', null, PDO::PARAM_NULL); } if (!empty($post['trip'])) { $query->bindValue(':trip', $post['trip']); } else { $query->bindValue(':trip', null, PDO::PARAM_NULL); } $query->bindValue(':name', $post['name']); $query->bindValue(':body', $post['body']); $query->bindValue(':body_nomarkup', $post['body_nomarkup']); $query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT); $query->bindValue(':password', $post['password']); $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']); if ($post['op'] && $post['mod'] && isset($post['sticky']) && $post['sticky']) { $query->bindValue(':sticky', true, PDO::PARAM_INT); } else { $query->bindValue(':sticky', false, PDO::PARAM_INT); } if ($post['op'] && $post['mod'] && isset($post['locked']) && $post['locked']) { $query->bindValue(':locked', true, PDO::PARAM_INT); } else { $query->bindValue(':locked', false, PDO::PARAM_INT); } if ($post['mod'] && isset($post['capcode']) && $post['capcode']) { $query->bindValue(':capcode', $post['capcode'], PDO::PARAM_INT); } else { $query->bindValue(':capcode', null, PDO::PARAM_NULL); } if (!empty($post['embed'])) { $query->bindValue(':embed', $post['embed']); } else { $query->bindValue(':embed', null, PDO::PARAM_NULL); } if ($post['op']) { // No parent thread, image $query->bindValue(':thread', null, PDO::PARAM_NULL); } else { $query->bindValue(':thread', $post['thread'], PDO::PARAM_INT); } if ($post['has_file']) { $query->bindValue(':files', json_encode($post['files'])); $query->bindValue(':num_files', $post['num_files']); $query->bindValue(':filehash', $post['filehash']); } else { $query->bindValue(':files', null, PDO::PARAM_NULL); $query->bindValue(':num_files', 0); $query->bindValue(':filehash', null, PDO::PARAM_NULL); } if (!$query->execute()) { undoImage($post); error(db_error($query)); } return $pdo->lastInsertId(); } function bumpThread($id) { global $config, $board, $build_pages; if (event('bump', $id)) return true; if ($config['try_smarter']) $build_pages[] = thread_find_page($id); $query = prepare(sprintf("UPDATE ``posts_%s`` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } // Remove file from post function deleteFile($id, $remove_entirely_if_already=true, $file=null) { global $board, $config; $query = prepare(sprintf("SELECT `thread`, `files`, `num_files` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if (!$post = $query->fetch(PDO::FETCH_ASSOC)) error($config['error']['invalidpost']); $files = json_decode($post['files']); $file_to_delete = $file !== false ? $files[(int)$file] : (object)array('file' => false); if ($files[0]->file == 'deleted' && $post['num_files'] == 1 && !$post['thread']) return; // Can't delete OP's image completely. $query = prepare(sprintf("UPDATE ``posts_%s`` SET `files` = :file WHERE `id` = :id", $board['uri'])); if (($file && $file_to_delete->file == 'deleted') && $remove_entirely_if_already) { // Already deleted; remove file fully $files[$file] = null; } else { foreach ($files as $i => $f) { if (($file !== false && $i == $file) || $file === null) { // Delete thumbnail file_unlink($board['dir'] . $config['dir']['thumb'] . $f->thumb); unset($files[$i]->thumb); // Delete file file_unlink($board['dir'] . $config['dir']['img'] . $f->file); $files[$i]->file = 'deleted'; } } } $query->bindValue(':file', json_encode($files), PDO::PARAM_STR); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if ($post['thread']) buildThread($post['thread']); else buildThread($id); } // rebuild post (markup) function rebuildPost($id) { global $board; $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if ((!$post = $query->fetch(PDO::FETCH_ASSOC)) || !$post['body_nomarkup']) return false; markup($body = &$post['body_nomarkup']); $query = prepare(sprintf("UPDATE ``posts_%s`` SET `body` = :body WHERE `id` = :id", $board['uri'])); $query->bindValue(':body', $body); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); buildThread($post['thread'] ? $post['thread'] : $id); return true; } // Delete a post (reply or thread) function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { global $board, $config; // Select post and replies (if thread) in one query $query = prepare(sprintf("SELECT `id`,`thread`,`files` FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if ($query->rowCount() < 1) { if ($error_if_doesnt_exist) error($config['error']['invalidpost']); else return false; } $ids = array(); // Delete posts and maybe replies while ($post = $query->fetch(PDO::FETCH_ASSOC)) { event('delete', $post); if (!$post['thread']) { // Delete thread HTML page file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page50'], $post['id'])); file_unlink($board['dir'] . $config['dir']['res'] . sprintf('%d.json', $post['id'])); $antispam_query = prepare('DELETE FROM ``antispam`` WHERE `board` = :board AND `thread` = :thread'); $antispam_query->bindValue(':board', $board['uri']); $antispam_query->bindValue(':thread', $post['id']); $antispam_query->execute() or error(db_error($antispam_query)); } elseif ($query->rowCount() == 1) { // Rebuild thread $rebuild = &$post['thread']; } if ($post['files']) { // Delete file foreach (json_decode($post['files']) as $i => $f) { if ($f->file !== 'deleted') { file_unlink($board['dir'] . $config['dir']['img'] . $f->file); file_unlink($board['dir'] . $config['dir']['thumb'] . $f->thumb); } } } $ids[] = (int)$post['id']; } $query = prepare(sprintf("DELETE FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $query = prepare("SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ") ORDER BY `board`"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); while ($cite = $query->fetch(PDO::FETCH_ASSOC)) { if ($board['uri'] != $cite['board']) { if (!isset($tmp_board)) $tmp_board = $board['uri']; openBoard($cite['board']); } rebuildPost($cite['post']); } if (isset($tmp_board)) openBoard($tmp_board); $query = prepare("DELETE FROM ``cites`` WHERE (`target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")) OR (`board` = :board AND (`post` = " . implode(' OR `post` = ', $ids) . "))"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); if (isset($rebuild) && $rebuild_after) { buildThread($rebuild); buildIndex(); } return true; } function clean() { global $board, $config; $offset = round($config['max_pages']*$config['threads_per_page']); // I too wish there was an easier way of doing this... $query = prepare(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->execute() or error(db_error($query)); while ($post = $query->fetch(PDO::FETCH_ASSOC)) { deletePost($post['id'], false, false); } } function thread_find_page($thread) { global $config, $board; $query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC", $board['uri'])) or error(db_error($query)); $threads = $query->fetchAll(PDO::FETCH_COLUMN); if (($index = array_search($thread, $threads)) === false) return false; return floor(($config['threads_per_page'] + $index) / $config['threads_per_page']); } function index($page, $mod=false) { global $board, $config, $debug; $body = ''; $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if ($page == 1 && $query->rowCount() < $config['threads_per_page']) $board['thread_count'] = $query->rowCount(); if ($query->rowCount() < 1 && $page > 1) return false; $threads = array(); while ($th = $query->fetch(PDO::FETCH_ASSOC)) { $thread = new Thread($th, $mod ? '?/' : $config['root'], $mod); if ($config['cache']['enabled']) { $cached = cache::get("thread_index_{$board['uri']}_{$th['id']}"); if (isset($cached['replies'], $cached['omitted'])) { $replies = $cached['replies']; $omitted = $cached['omitted']; } else { unset($cached); } } if (!isset($cached)) { $posts = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); $posts->bindValue(':id', $th['id']); $posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); $replies = array_reverse($posts->fetchAll(PDO::FETCH_ASSOC)); if (count($replies) == ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) { $count = numPosts($th['id']); $omitted = array('post_count' => $count['replies'], 'image_count' => $count['images']); } else { $omitted = false; } if ($config['cache']['enabled']) cache::set("thread_index_{$board['uri']}_{$th['id']}", array( 'replies' => $replies, 'omitted' => $omitted, )); } $num_images = 0; foreach ($replies as $po) { if ($po['num_files']) $num_images+=$po['num_files']; $thread->add(new Post($po, $mod ? '?/' : $config['root'], $mod)); } $thread->images = $num_images; $thread->replies = isset($omitted['post_count']) ? $omitted['post_count'] : count($replies); if ($omitted) { $thread->omitted = $omitted['post_count'] - ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']); $thread->omitted_images = $omitted['image_count'] - $num_images; } $threads[] = $thread; $body .= $thread->build(true); } return array( 'board' => $board, 'body' => $body, 'post_url' => $config['post_url'], 'config' => $config, 'boardlist' => createBoardlist($mod), 'threads' => $threads, ); } function getPageButtons($pages, $mod=false) { global $config, $board; $btn = array(); $root = ($mod ? '?/' : $config['root']) . $board['dir']; foreach ($pages as $num => $page) { if (isset($page['selected'])) { // Previous button if ($num == 0) { // There is no previous page. $btn['prev'] = _('Previous'); } else { $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . ($num == 1 ? $config['file_index'] : sprintf($config['file_page'], $num) ); $btn['prev'] = ''; } if ($num == count($pages) - 1) { // There is no next page. $btn['next'] = _('Next'); } else { $loc = ($mod ? '?/' . $board['uri'] . '/' : '') . sprintf($config['file_page'], $num + 2); $btn['next'] = ''; } } } return $btn; } function getPages($mod=false) { global $board, $config; if (isset($board['thread_count'])) { $count = $board['thread_count']; } else { // Count threads $query = query(sprintf("SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); $count = $query->fetchColumn(); } $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); if ($count < 1) $count = 1; $pages = array(); for ($x=0;$x<$count && $x<$config['max_pages'];$x++) { $pages[] = array( 'num' => $x+1, 'link' => $x==0 ? ($mod ? '?/' : $config['root']) . $board['dir'] . $config['file_index'] : ($mod ? '?/' : $config['root']) . $board['dir'] . sprintf($config['file_page'], $x+1) ); } return $pages; } // Stolen with permission from PlainIB (by Frank Usrs) function make_comment_hex($str) { // remove cross-board citations // the numbers don't matter $str = preg_replace('!>>>/[A-Za-z0-9]+/!', '', $str); if (function_exists('iconv')) { // remove diacritics and other noise // FIXME: this removes cyrillic entirely $oldstr = $str; $str = @iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str); if (!$str) $str = $oldstr; } $str = strtolower($str); // strip all non-alphabet characters $str = preg_replace('/[^a-z]/', '', $str); return md5($str); } function makerobot($body) { global $config; $body = strtolower($body); // Leave only letters $body = preg_replace('/[^a-z]/i', '', $body); // Remove repeating characters if ($config['robot_strip_repeating']) $body = preg_replace('/(.)\\1+/', '$1', $body); return sha1($body); } function checkRobot($body) { if (empty($body) || event('check-robot', $body)) return true; $body = makerobot($body); $query = prepare("SELECT 1 FROM ``robot`` WHERE `hash` = :hash LIMIT 1"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); if ($query->fetchColumn()) { return true; } // Insert new hash $query = prepare("INSERT INTO ``robot`` VALUES (:hash)"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); return false; } // Returns an associative array with 'replies' and 'images' keys function numPosts($id) { global $board; $query = prepare(sprintf("SELECT COUNT(*) AS `replies`, SUM(`num_files`) AS `images` FROM ``posts_%s`` WHERE `thread` = :thread", $board['uri'], $board['uri'])); $query->bindValue(':thread', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); return $query->fetch(PDO::FETCH_ASSOC); } function muteTime() { global $config; if ($time = event('mute-time')) return $time; // Find number of mutes in the past X hours $query = prepare("SELECT COUNT(*) FROM ``mutes`` WHERE `time` >= :time AND `ip` = :ip"); $query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); if (!$result = $query->fetchColumn()) return 0; return pow($config['robot_mute_multiplier'], $result); } function mute() { // Insert mute $query = prepare("INSERT INTO ``mutes`` VALUES (:ip, :time)"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); return muteTime(); } function checkMute() { global $config, $debug; if ($config['cache']['enabled']) { // Cached mute? if (($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) { error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); } } $mutetime = muteTime(); if ($mutetime > 0) { // Find last mute time $query = prepare("SELECT `time` FROM ``mutes`` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); if (!$mute = $query->fetch(PDO::FETCH_ASSOC)) { // What!? He's muted but he's not muted... return; } if ($mute['time'] + $mutetime > time()) { if ($config['cache']['enabled']) { cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time()); cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time()); } // Not expired yet error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time())); } else { // Already expired return; } } } function buildIndex() { global $board, $config, $build_pages; $pages = getPages(); if (!$config['try_smarter']) $antibot = create_antibot($board['uri']); if ($config['api']['enabled']) { $api = new Api(); $catalog = array(); } for ($page = 1; $page <= $config['max_pages']; $page++) { $filename = $board['dir'] . ($page == 1 ? $config['file_index'] : sprintf($config['file_page'], $page)); if (!$config['api']['enabled'] && $config['try_smarter'] && isset($build_pages) && !empty($build_pages) && !in_array($page, $build_pages) && is_file($filename)) continue; $content = index($page); if (!$content) break; // json api if ($config['api']['enabled']) { $threads = $content['threads']; $json = json_encode($api->translatePage($threads)); $jsonFilename = $board['dir'] . ($page - 1) . '.json'; // pages should start from 0 file_write($jsonFilename, $json); $catalog[$page-1] = $threads; } if ($config['api']['enabled'] && $config['try_smarter'] && isset($build_pages) && !empty($build_pages) && !in_array($page, $build_pages) && is_file($filename)) continue; if ($config['try_smarter']) { $antibot = create_antibot($board['uri'], 0 - $page); $content['current_page'] = $page; } $antibot->reset(); $content['pages'] = $pages; $content['pages'][$page-1]['selected'] = true; $content['btn'] = getPageButtons($content['pages']); $content['antibot'] = $antibot; file_write($filename, Element('index.html', $content)); } if ($page < $config['max_pages']) { for (;$page<=$config['max_pages'];$page++) { $filename = $board['dir'] . ($page==1 ? $config['file_index'] : sprintf($config['file_page'], $page)); file_unlink($filename); if ($config['api']['enabled']) { $jsonFilename = $board['dir'] . ($page - 1) . '.json'; file_unlink($jsonFilename); } } } // json api catalog if ($config['api']['enabled']) { $json = json_encode($api->translateCatalog($catalog)); $jsonFilename = $board['dir'] . 'catalog.json'; file_write($jsonFilename, $json); $json = json_encode($api->translateCatalog($catalog, true)); $jsonFilename = $board['dir'] . 'threads.json'; file_write($jsonFilename, $json); } if ($config['try_smarter']) $build_pages = array(); } function buildJavascript() { global $config; $stylesheets = array(); foreach ($config['stylesheets'] as $name => $uri) { $stylesheets[] = array( 'name' => addslashes($name), 'uri' => addslashes((!empty($uri) ? $config['uri_stylesheets'] : '') . $uri)); } $script = Element('main.js', array( 'config' => $config, 'stylesheets' => $stylesheets )); // Check if we have translation for the javascripts; if yes, we add it to additional javascripts list($pure_locale) = explode(".", $config['locale']); if (file_exists ($jsloc = "inc/locale/$pure_locale/LC_MESSAGES/javascript.js")) { $script = file_get_contents($jsloc) . "\n\n" . $script; } if ($config['additional_javascript_compile']) { foreach ($config['additional_javascript'] as $file) { $script .= file_get_contents($file); } } if ($config['minify_js']) { require_once 'inc/lib/minify/JSMin.php'; $script = JSMin::minify($script); } file_write($config['file_script'], $script); } function checkDNSBL() { global $config; if (isIPv6()) return; // No IPv6 support yet. if (!isset($_SERVER['REMOTE_ADDR'])) return; // Fix your web server configuration if (in_array($_SERVER['REMOTE_ADDR'], $config['dnsbl_exceptions'])) return; $ipaddr = ReverseIPOctets($_SERVER['REMOTE_ADDR']); foreach ($config['dnsbl'] as $blacklist) { if (!is_array($blacklist)) $blacklist = array($blacklist); if (($lookup = str_replace('%', $ipaddr, $blacklist[0])) == $blacklist[0]) $lookup = $ipaddr . '.' . $blacklist[0]; if (!$ip = DNS($lookup)) continue; // not in list $blacklist_name = isset($blacklist[2]) ? $blacklist[2] : $blacklist[0]; if (!isset($blacklist[1])) { // If you're listed at all, you're blocked. error(sprintf($config['error']['dnsbl'], $blacklist_name)); } elseif (is_array($blacklist[1])) { foreach ($blacklist[1] as $octet) { if ($ip == $octet || $ip == '127.0.0.' . $octet) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } } elseif (is_callable($blacklist[1])) { if ($blacklist[1]($ip)) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } else { if ($ip == $blacklist[1] || $ip == '127.0.0.' . $blacklist[1]) error(sprintf($config['error']['dnsbl'], $blacklist_name)); } } } function isIPv6() { return strstr($_SERVER['REMOTE_ADDR'], ':') !== false; } function ReverseIPOctets($ip) { return implode('.', array_reverse(explode('.', $ip))); } function wordfilters(&$body) { global $config; foreach ($config['wordfilters'] as $filter) { if (isset($filter[2]) && $filter[2]) { if (is_callable($filter[1])) $body = preg_replace_callback($filter[0], $filter[1], $body); else $body = preg_replace($filter[0], $filter[1], $body); } else { $body = str_ireplace($filter[0], $filter[1], $body); } } } function quote($body, $quote=true) { global $config; $body = str_replace('