kashire
/
lainchan
4
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 26 Wiki Activity
The version of vichan running on lainchan.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4229 Commits
3 Branches
120MB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
lainchan/mod.php

215 lines
8.4KB
Raw Permalink Blame History 

  1. <?php

  2. 

  3. /*

  4.  *  Copyright (c) 2010-2014 Tinyboard Development Group

  5.  */

  6. 

  7. require_once 'inc/functions.php';

  8. 

  9. if ($config['debug'])

  10. 	$parse_start_time = microtime(true);

  11. 

  12. require_once 'inc/bans.php';

  13. require_once 'inc/mod/pages.php';

  14. 

  15. check_login(true);

  16. 

  17. $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';

  18. 

  19. // If there's a thread parameter (eg, for returning to after enacting a ban)

  20. // drop it from the $query.

  21. if(isset($_GET['thread'])) {

  22.     $query = explode("&thread=", $query)[0];

  23. }

  24. 

  25. $pages = array(

  26. 	''					=> ':?/',			// redirect to dashboard

  27. 	'/'					=> 'dashboard',			// dashboard

  28. 	'/confirm/(.+)'				=> 'confirm',			// confirm action (if javascript didn't work)

  29. 	'/logout'				=> 'secure logout',		// logout

  30. 	

  31. 	'/users'				=> 'users',			// manage users

  32. 	'/users/(\d+)/(promote|demote)'		=> 'secure user_promote',	// prmote/demote user

  33. 	'/users/(\d+)'				=> 'secure_POST user',		// edit user

  34. 	'/users/new'				=> 'secure_POST user_new',	// create a new user

  35. 	

  36. 	'/new_PM/([^/]+)'			=> 'secure_POST new_pm',	// create a new pm

  37. 	'/PM/(\d+)(/reply)?'			=> 'pm',			// read a pm

  38. 	'/inbox'				=> 'inbox',			// pm inbox

  39. 	

  40. 	'/log'					=> 'log',			// modlog

  41. 	'/log/(\d+)'				=> 'log',			// modlog

  42. 	'/log:([^/:]+)'				=> 'user_log',			// modlog

  43. 	'/log:([^/:]+)/(\d+)'			=> 'user_log',			// modlog

  44. 	'/log:b:([^/]+)'			=> 'board_log',			// modlog

  45. 	'/log:b:([^/]+)/(\d+)'			=> 'board_log',			// modlog

  46. 

  47. 	'/edit_news'				=> 'secure_POST news',		// view news

  48. 	'/edit_news/(\d+)'			=> 'secure_POST news',		// view news

  49. 	'/edit_news/delete/(\d+)'		=> 'secure news_delete',	// delete from news

  50. 

  51. 	'/edit_pages(?:/?(\%b)?)'		=> 'secure_POST pages',

  52. 	'/edit_page/(\d+)'			=> 'secure_POST edit_page',

  53. 	'/edit_pages/delete/([a-z0-9]+)'	=> 'secure delete_page',

  54. 	'/edit_pages/delete/([a-z0-9]+)/(\%b)'	=> 'secure delete_page_board',

  55. 	

  56. 	'/noticeboard'				=> 'secure_POST noticeboard',	// view noticeboard

  57. 	'/noticeboard/(\d+)'			=> 'secure_POST noticeboard',	// view noticeboard

  58. 	'/noticeboard/delete/(\d+)'		=> 'secure noticeboard_delete',	// delete from noticeboard

  59. 	

  60. 	'/edit/(\%b)'				=> 'secure_POST edit_board',	// edit board details

  61. 	'/new-board'				=> 'secure_POST new_board',	// create a new board

  62. 	

  63. 	'/rebuild'				=> 'secure_POST rebuild',	// rebuild static files

  64. 	'/reports'				=> 'reports',			// report queue

  65. 	'/reports/(\d+)/dismiss(all)?'		=> 'secure report_dismiss',	// dismiss a report

  66. 	

  67. 	'/IP/([\w.:]+)'				=> 'secure_POST ip',		// view ip address

  68. 	'/IP/([\w.:]+)/remove_note/(\d+)'	=> 'secure ip_remove_note',	// remove note from ip address

  69. 	

  70. 	'/ban'					=> 'secure_POST ban',		// new ban

  71. 	'/bans'					=> 'secure_POST bans',		// ban list

  72. 	'/bans.json'				=> 'secure bans_json',		// ban list JSON

  73. 	'/ban-appeals'				=> 'secure_POST ban_appeals',	// view ban appeals

  74. 	

  75. 	'/recent/(\d+)'				=> 'recent_posts',		// view recent posts

  76. 	'/recent/(\d+)/([\w,]+?)'				=> 'recent_posts',		// view recent posts

  77. 	'/recent/(\d+)/([\w,]+?)/(json)?'			=> 'recent_posts',		// view recent posts JSON

  78. 

  79. 	'/search'				=> 'search_redirect',		// search

  80. 	'/search/(posts|IP_notes|bans|log)/(.+)/(\d+)'	=> 'search',		// search

  81. 	'/search/(posts|IP_notes|bans|log)/(.+)'	=> 'search',		// search

  82. 

  83. 	'/(\%b)/warning/(\d+)'		        => 'secure_POST warning_post', 	// warn poster

  84. 	'/(\%b)/ban(&delete)?/(\d+)'		=> 'secure_POST ban_post', 	// ban poster

  85. 	'/(\%b)/move/(\d+)'			=> 'secure_POST move',		// move thread

  86. 	'/(\%b)/move_reply/(\d+)'			=> 'secure_POST move_reply',		// move reply

  87. 	'/(\%b)/merge/(\d+)'			=> 'secure_POST merge',		// merge thread

  88. 	'/(\%b)/edit(_raw)?/(\d+)'		=> 'secure_POST edit_post',	// edit post

  89. 	'/(\%b)/delete/(\d+)'			=> 'secure delete',		// delete post

  90. 	'/(\%b)/deletefile/(\d+)/(\d+)'		=> 'secure deletefile',		// delete file from post

  91. 	'/(\%b+)/spoiler/(\d+)/(\d+)'			=> 'secure spoiler_image',	// spoiler file

  92. 	'/(\%b)/deletebyip/(\d+)(/global)?'	=> 'secure deletebyip',		// delete all posts by IP address

  93. 	'/(\%b)/(un)?lock/(\d+)'		=> 'secure lock',		// lock thread

  94. 	'/(\%b)/(un)?sticky/(\d+)'		=> 'secure sticky',		// sticky thread

  95. 	'/(\%b)/(un)?cycle/(\d+)'                         => 'secure cycle',          // cycle thread

  96. 	'/(\%b)/bump(un)?lock/(\d+)'		=> 'secure bumplock',		// "bumplock" thread

  97. 	

  98. 	'/themes'				=> 'themes_list',		// manage themes

  99. 	'/themes/(\w+)'				=> 'secure_POST theme_configure',		// configure/reconfigure theme

  100. 	'/themes/(\w+)/rebuild'			=> 'secure theme_rebuild',		// rebuild theme

  101. 	'/themes/(\w+)/uninstall'		=> 'secure theme_uninstall',		// uninstall theme

  102. 	

  103. 	'/config'				=> 'secure_POST config',	// config editor

  104. 	'/config/(\%b)'				=> 'secure_POST config',	// config editor

  105. 	

  106. 	// these pages aren't listed in the dashboard without $config['debug']

  107. 	'/debug/antispam'			=> 'debug_antispam',

  108. 	'/debug/recent'				=> 'debug_recent_posts',

  109. 	'/debug/apc'				=> 'debug_apc',

  110. 	'/debug/sql'				=> 'secure_POST debug_sql',

  111. 	

  112. 	// This should always be at the end:

  113. 	'/(\%b)/'										=> 'view_board',

  114. 	'/(\%b)/' . preg_quote($config['file_index'], '!')					=> 'view_board',

  115. 	'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))		=> 'view_board',

  116. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  117. 			str_replace('%d', '(\d+)', preg_quote($config['file_page50'], '!'))	=> 'view_thread50',

  118. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  119. 			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))	=> 'view_thread',

  120. 

  121. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  122. 			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',

  123. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  124. 			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',

  125. );

  126. 

  127. 

  128. if (!$mod) {

  129. 	$pages = array('!^(.+)?$!' => 'login');

  130. } elseif (isset($_GET['status'], $_GET['r'])) {

  131. 	header('Location: ' . $_GET['r'], true, (int)$_GET['status']);

  132. 	exit;

  133. }

  134. 

  135. if (isset($config['mod']['custom_pages'])) {

  136. 	$pages = array_merge($pages, $config['mod']['custom_pages']);

  137. }

  138. 

  139. $new_pages = array();

  140. foreach ($pages as $key => $callback) {

  141. 	if (is_string($callback) && preg_match('/^secure /', $callback))

  142. 		$key .= '(/(?P<token>[a-f0-9]{8}))?';

  143. 	$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);

  144. 	$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;

  145. }

  146. $pages = $new_pages;

  147. 

  148. foreach ($pages as $uri => $handler) {

  149. 	if (preg_match($uri, $query, $matches)) {

  150. 		$matches = array_slice($matches, 1);

  151. 		

  152. 		if (isset($matches['board'])) {

  153. 			$board_match = $matches['board'];

  154. 			unset($matches['board']);

  155. 			$key = array_search($board_match, $matches);

  156. 			if (preg_match('/^' . sprintf(substr($config['board_path'], 0, -1), '(' . $config['board_regex'] . ')') . '$/u', $matches[$key], $board_match)) {

  157. 				$matches[$key] = $board_match[1];

  158. 			}

  159. 		}

  160. 		

  161. 		if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {

  162. 			$secure_post_only = isset($m[1]);

  163. 			if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') {

  164. 				$token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false);

  165. 				

  166. 				if ($token === false) {

  167. 					if ($secure_post_only)

  168. 						error($config['error']['csrf']);

  169. 					else {

  170. 						mod_confirm(substr($query, 1));

  171. 						exit;

  172. 					}

  173. 				}

  174. 			

  175. 				// CSRF-protected page; validate security token

  176. 				$actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);

  177. 				if ($token != make_secure_link_token(substr($actual_query, 1))) {

  178. 					error($config['error']['csrf']);

  179. 				}

  180. 			}

  181. 			$handler = preg_replace('/^secure(_POST)? /', '', $handler);

  182. 		}

  183. 		

  184. 		if ($config['debug']) {

  185. 			$debug['mod_page'] = array(

  186. 				'req' => $query,

  187. 				'match' => $uri,

  188. 				'handler' => $handler,

  189. 			);

  190. 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';

  191. 		}

  192. 		

  193. 		if (is_string($handler)) {

  194. 			if ($handler[0] == ':') {

  195. 				header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);

  196. 			} elseif (is_callable("mod_page_$handler")) {

  197. 				call_user_func_array("mod_page_$handler", $matches);

  198. 			} elseif (is_callable("mod_$handler")) {

  199. 				call_user_func_array("mod_$handler", $matches);

  200. 			} else {

  201. 				error("Mod page '$handler' not found!");

  202. 			}

  203. 		} elseif (is_callable($handler)) {

  204. 			call_user_func_array($handler, $matches);

  205. 		} else {

  206. 			error("Mod page '$handler' not a string, and not callable!");

  207. 		}

  208. 		

  209. 		exit;

  210. 	}

  211. }

  212. 

  213. error($config['error']['404']);