kashire
/
lainchan
4
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 26 Wiki Activity
The version of vichan running on lainchan.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4229 Commit
3 分支
120MB
分支: master
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
lainchan/inc/filters.php

250 line
6.8KB
原始文件 永久連結 Blame 文件歷史 

  1. <?php

  2. 

  3. /*

  4.  *  Copyright (c) 2010-2013 Tinyboard Development Group

  5.  */

  6. 

  7. defined('TINYBOARD') or exit;

  8. 

  9. class Filter {

  10. 	public $flood_check;

  11. 	private $condition;

  12. 	private $post;

  13. 	

  14. 	public function __construct(array $arr) {

  15. 		foreach ($arr as $key => $value)

  16. 			$this->$key = $value;		

  17. 	}

  18. 	

  19. 	public function match($condition, $match) {

  20. 		$condition = strtolower($condition);

  21. 

  22. 		$post = &$this->post;

  23. 		

  24. 		switch($condition) {

  25. 			case 'custom':

  26. 				if (!is_callable($match))

  27. 					error('Custom condition for filter is not callable!');

  28. 				return $match($post);

  29. 			case 'flood-match':

  30. 				if (!is_array($match))

  31. 					error('Filter condition "flood-match" must be an array.');

  32. 								

  33. 				// Filter out "flood" table entries which do not match this filter.

  34. 				

  35. 				$flood_check_matched = array();

  36. 				

  37. 				foreach ($this->flood_check as $flood_post) {

  38. 					foreach ($match as $flood_match_arg) {

  39. 						switch ($flood_match_arg) {

  40. 							case 'ip':

  41. 								if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])

  42. 									continue 3;

  43. 								break;

  44. 							case 'body':

  45. 								if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))

  46. 									continue 3;

  47. 								break;

  48. 							case 'file':

  49. 								if (!isset($post['filehash']))

  50. 									return false;

  51. 								if ($flood_post['filehash'] != $post['filehash'])

  52. 									continue 3;

  53. 								break;

  54. 							case 'board':

  55. 								if ($flood_post['board'] != $post['board'])

  56. 									continue 3;

  57. 								break;

  58. 							case 'isreply':

  59. 								if ($flood_post['isreply'] == $post['op'])

  60. 									continue 3;

  61. 								break;

  62. 							default:

  63. 								error('Invalid filter flood condition: ' . $flood_match_arg);

  64. 						}

  65. 					}

  66. 					$flood_check_matched[] = $flood_post;

  67. 				}

  68. 				

  69. 				$this->flood_check = $flood_check_matched;

  70. 				

  71. 				return !empty($this->flood_check);

  72. 			case 'flood-time':

  73. 				foreach ($this->flood_check as $flood_post) {

  74. 					if (time() - $flood_post['time'] <= $match) {

  75. 						return true;

  76. 					}

  77. 				}

  78. 				return false;

  79. 			case 'flood-count':

  80. 				$count = 0;

  81. 				foreach ($this->flood_check as $flood_post) {

  82. 					if (time() - $flood_post['time'] <= $this->condition['flood-time']) {

  83. 						++$count;

  84. 					}

  85. 				}

  86. 				return $count >= $match;

  87. 			case 'name':

  88. 				return preg_match($match, $post['name']);

  89. 			case 'trip':

  90. 				return $match === $post['trip'];

  91. 			case 'email':

  92. 				return preg_match($match, $post['email']);

  93. 			case 'subject':

  94. 				return preg_match($match, $post['subject']);

  95. 			case 'body':

  96. 				return preg_match($match, $post['body_nomarkup']);

  97. 			case 'filehash':

  98. 				return $match === $post['filehash'];

  99. 			case 'filename':

  100. 				if (!$post['files'])

  101. 					return false;

  102. 

  103. 				foreach ($post['files'] as $file) {

  104. 					if (preg_match($match, $file['filename'])) {

  105. 						return true;

  106. 					}

  107. 				}

  108. 				return false;

  109. 			case 'extension':

  110. 				if (!$post['files'])

  111. 					return false;

  112. 

  113. 				foreach ($post['files'] as $file) {

  114. 					if (preg_match($match, $file['extension'])) {

  115. 						return true;

  116. 					}

  117. 				}

  118. 				return false;

  119. 			case 'ip':

  120. 				return preg_match($match, $_SERVER['REMOTE_ADDR']);

  121. 			case 'op':

  122. 				return $post['op'] == $match;

  123. 			case 'has_file':

  124. 				return $post['has_file'] == $match;

  125. 			case 'board':

  126. 				return $post['board'] == $match;

  127. 			case 'password':

  128. 				return $post['password'] == $match;

  129. 			default:

  130. 				error('Unknown filter condition: ' . $condition);

  131. 		}

  132. 	}

  133. 	

  134. 	public function action() {

  135. 		global $board;

  136. 

  137. 		$this->add_note = isset($this->add_note) ? $this->add_note : false;

  138. 		if ($this->add_note) {

  139. 			$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');

  140. 	                $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);

  141.         	        $query->bindValue(':mod', -1);

  142. 	                $query->bindValue(':time', time());

  143. 	                $query->bindValue(':body', "Autoban message: ".$this->post['body']);

  144. 	                $query->execute() or error(db_error($query));

  145. 		}				

  146. 		if (isset ($this->action)) switch($this->action) {

  147. 			case 'reject':

  148. 				error(isset($this->message) ? $this->message : 'Posting blocked by filter.');

  149. 			case 'ban':

  150. 				if (!isset($this->reason))

  151. 					error('The ban action requires a reason.');

  152. 				

  153. 				$this->expires = isset($this->expires) ? $this->expires : false;

  154. 				$this->reject = isset($this->reject) ? $this->reject : true;

  155. 				$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;

  156. 				

  157. 				Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);

  158. 

  159. 				if ($this->reject) {

  160. 					if (isset($this->message))

  161. 						error($message);

  162. 					

  163. 					checkBan($board['uri']);

  164. 					exit;

  165. 				}

  166. 				

  167. 				break;

  168. 			default:

  169. 				error('Unknown filter action: ' . $this->action);

  170. 		}

  171. 	}

  172. 	

  173. 	public function check(array $post) {

  174. 		$this->post = $post;

  175. 		foreach ($this->condition as $condition => $value) {

  176. 			if ($condition[0] == '!') {

  177. 				$NOT = true;

  178. 				$condition = substr($condition, 1);

  179. 			} else $NOT = false;

  180. 			

  181. 			if ($this->match($condition, $value) == $NOT)

  182. 				return false;

  183. 		}

  184. 		return true;

  185. 	}

  186. }

  187. 

  188. function purge_flood_table() {

  189. 	global $config;

  190. 	

  191. 	// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not

  192. 	// aware of flood filters in other board configurations. You can solve this problem by settings the

  193. 	// config variable $config['flood_cache'] (seconds).

  194. 	

  195. 	if (isset($config['flood_cache'])) {

  196. 		$max_time = &$config['flood_cache'];

  197. 	} else {

  198. 		$max_time = 0;

  199. 		foreach ($config['filters'] as $filter) {

  200. 			if (isset($filter['condition']['flood-time']))

  201. 				$max_time = max($max_time, $filter['condition']['flood-time']);

  202. 		}

  203. 	}

  204. 	

  205. 	$time = time() - $max_time;

  206. 	

  207. 	query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());

  208. }

  209. 

  210. function do_filters(array $post) {

  211. 	global $config;

  212. 	

  213. 	if (!isset($config['filters']) || empty($config['filters']))

  214. 		return;

  215. 	

  216. 	foreach ($config['filters'] as $filter) {

  217. 		if (isset($filter['condition']['flood-match'])) {

  218. 			$has_flood = true;

  219. 			break;

  220. 		}

  221. 	}

  222. 	

  223. 	if (isset($has_flood)) {

  224. 		if ($post['has_file']) {

  225. 			$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");

  226. 			$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);

  227. 			$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));

  228. 			$query->bindValue(':filehash', $post['filehash']);

  229. 		} else {

  230. 			$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");

  231. 			$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);

  232. 			$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));

  233. 		}

  234. 		$query->execute() or error(db_error($query));

  235. 		$flood_check = $query->fetchAll(PDO::FETCH_ASSOC);

  236. 	} else {

  237. 		$flood_check = false;

  238. 	}

  239. 	

  240. 	foreach ($config['filters'] as $filter_array) {

  241. 		$filter = new Filter($filter_array);

  242. 		$filter->flood_check = $flood_check;

  243. 		if ($filter->check($post))

  244. 			$filter->action();

  245. 	}

  246. 	

  247. 	purge_flood_table();

  248. }