2009-09-20 02:53:15 +00:00
|
|
|
<?php
|
|
|
|
# TinyIB
|
|
|
|
#
|
2010-11-30 00:24:15 +00:00
|
|
|
# https://github.com/tslocum/TinyIB
|
2009-09-20 02:53:15 +00:00
|
|
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
ini_set("display_errors", 1);
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
if (get_magic_quotes_gpc()) {
|
|
|
|
foreach ($_GET as $key => $val) { $_GET[$key] = stripslashes($val); }
|
|
|
|
foreach ($_POST as $key => $val) { $_POST[$key] = stripslashes($val); }
|
|
|
|
}
|
|
|
|
if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); }
|
|
|
|
|
|
|
|
function fancyDie($message) {
|
2011-08-07 07:24:39 +00:00
|
|
|
die('<body text="#800000" bgcolor="#FFFFEE" align="center"><br><div style="display: inline-block; background-color: #F0E0D6;font-size: 1.25em;font-family: Tahoma, Geneva, sans-serif;padding: 7px;border: 1px solid #D9BFB7;border-left: none;border-top: none;">' . $message . '</div><br><br>- <a href="javascript:history.go(-1)">Click here to go back</a> -</body>');
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
2010-11-30 00:24:15 +00:00
|
|
|
if (!file_exists('settings.php')) {
|
|
|
|
fancyDie('Please rename the file settings.default.php to settings.php');
|
|
|
|
}
|
|
|
|
require 'settings.php';
|
|
|
|
|
2009-09-20 02:53:15 +00:00
|
|
|
// Check directories are writable by the script
|
|
|
|
$writedirs = array("res", "src", "thumb");
|
2010-12-03 10:11:14 +00:00
|
|
|
if (TINYIB_DBMODE == 'flatfile') { $writedirs[] = "inc/flatfile"; }
|
2009-09-20 02:53:15 +00:00
|
|
|
foreach ($writedirs as $dir) {
|
|
|
|
if (!is_writable($dir)) {
|
2011-08-07 07:24:39 +00:00
|
|
|
fancyDie("Directory '" . $dir . "' can not be written to. Please modify its permissions.");
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-08-07 07:24:39 +00:00
|
|
|
$includes = array("inc/defines.php", "inc/functions.php", "inc/html.php");
|
2011-01-08 01:36:00 +00:00
|
|
|
if (in_array(TINYIB_DBMODE, array('flatfile', 'mysql', 'sqlite'))) {
|
|
|
|
$includes[] = 'inc/database_' . TINYIB_DBMODE . '.php';
|
2009-09-20 02:53:15 +00:00
|
|
|
} else {
|
|
|
|
fancyDie("Unknown database mode specificed");
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach ($includes as $include) {
|
|
|
|
include $include;
|
|
|
|
}
|
|
|
|
|
2010-12-03 10:11:14 +00:00
|
|
|
if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') {
|
2011-08-07 07:24:39 +00:00
|
|
|
fancyDie('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured');
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$redirect = true;
|
|
|
|
// Check if the request is to make a post
|
|
|
|
if (isset($_POST["message"]) || isset($_POST["file"])) {
|
2010-12-03 10:31:51 +00:00
|
|
|
list($loggedin, $isadmin) = manageCheckLogIn();
|
2011-08-07 07:24:39 +00:00
|
|
|
$rawpost = isRawPost();
|
2011-01-07 08:56:59 +00:00
|
|
|
if (!$loggedin) {
|
|
|
|
checkBanned();
|
2011-01-07 09:50:03 +00:00
|
|
|
checkMessageSize();
|
2011-01-07 08:56:59 +00:00
|
|
|
checkFlood();
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
2011-08-07 07:24:39 +00:00
|
|
|
$post = newPost(setParent());
|
2009-09-20 02:53:15 +00:00
|
|
|
$post['ip'] = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
2010-12-03 10:11:14 +00:00
|
|
|
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST["name"]);
|
2009-09-20 02:53:15 +00:00
|
|
|
|
|
|
|
$post['name'] = cleanString(substr($post['name'], 0, 75));
|
|
|
|
$post['email'] = cleanString(str_replace('"', '"', substr($_POST["email"], 0, 75)));
|
|
|
|
$post['subject'] = cleanString(substr($_POST["subject"], 0, 75));
|
2011-08-07 07:24:39 +00:00
|
|
|
if ($rawpost) {
|
|
|
|
$rawposttext = ($isadmin) ? ' <span style="color: red;">## Admin</span>' : ' <span style="color: purple;">## Mod</span>';
|
2010-12-31 23:24:55 +00:00
|
|
|
$post['message'] = $_POST["message"]; // Treat message as raw HTML
|
2010-06-22 09:26:45 +00:00
|
|
|
} else {
|
2011-08-07 07:24:39 +00:00
|
|
|
$rawposttext = '';
|
2011-01-07 08:56:59 +00:00
|
|
|
$post['message'] = str_replace("\n", "<br>", colorQuote(postLink(cleanString(rtrim($_POST["message"])))));
|
2010-06-22 09:26:45 +00:00
|
|
|
}
|
2010-12-31 23:24:55 +00:00
|
|
|
$post['password'] = ($_POST['password'] != '') ? md5(md5($_POST['password'])) : '';
|
2010-11-10 10:12:11 +00:00
|
|
|
if (strtolower($post['email']) == "noko") {
|
|
|
|
$post['email'] = '';
|
|
|
|
$noko = true;
|
|
|
|
} else {
|
|
|
|
$noko = false;
|
|
|
|
}
|
2011-08-07 07:24:39 +00:00
|
|
|
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext);
|
2009-09-20 02:53:15 +00:00
|
|
|
|
|
|
|
if (isset($_FILES['file'])) {
|
|
|
|
if ($_FILES['file']['name'] != "") {
|
2010-12-03 10:31:51 +00:00
|
|
|
validateFileUpload();
|
2009-09-20 02:53:15 +00:00
|
|
|
|
|
|
|
if (!is_file($_FILES['file']['tmp_name']) || !is_readable($_FILES['file']['tmp_name'])) {
|
|
|
|
fancyDie("File transfer failure. Please retry the submission.");
|
|
|
|
}
|
|
|
|
|
2011-08-07 07:24:39 +00:00
|
|
|
if ((TINYIB_MAXKB > 0) && (filesize($_FILES['file']['tmp_name']) > (TINYIB_MAXKB * 1024))) {
|
|
|
|
fancyDie("That file is larger than " . TINYIB_MAXKBDESC . ".");
|
|
|
|
}
|
|
|
|
|
|
|
|
$post['file_original'] = htmlentities(substr($_FILES['file']['name'], 0, 50), ENT_QUOTES);
|
2009-09-20 02:53:15 +00:00
|
|
|
$post['file_hex'] = md5_file($_FILES['file']['tmp_name']);
|
|
|
|
$post['file_size'] = $_FILES['file']['size'];
|
|
|
|
$post['file_size_formatted'] = convertBytes($post['file_size']);
|
|
|
|
$file_type = strtolower(preg_replace('/.*(\..+)/', '\1', $_FILES['file']['name'])); if ($file_type == '.jpeg') { $file_type = '.jpg'; }
|
2011-08-07 07:24:39 +00:00
|
|
|
$file_name = time() . substr(microtime(), 2, 3);
|
2009-09-20 02:53:15 +00:00
|
|
|
$post['file'] = $file_name . $file_type;
|
2011-08-07 07:24:39 +00:00
|
|
|
$post['thumb'] = $file_name . "s" . $file_type;
|
2009-09-20 02:53:15 +00:00
|
|
|
$file_location = "src/" . $post['file'];
|
2011-08-07 07:24:39 +00:00
|
|
|
$thumb_location = "thumb/" . $post['thumb'];
|
2009-09-20 02:53:15 +00:00
|
|
|
|
2009-11-03 07:26:00 +00:00
|
|
|
if (!($file_type == '.jpg' || $file_type == '.gif' || $file_type == '.png')) {
|
2009-09-20 02:53:15 +00:00
|
|
|
fancyDie("Only GIF, JPG, and PNG files are allowed.");
|
|
|
|
}
|
|
|
|
|
2009-11-03 07:26:00 +00:00
|
|
|
if (!@getimagesize($_FILES['file']['tmp_name'])) {
|
|
|
|
fancyDie("Failed to read the size of the uploaded file. Please retry the submission.");
|
|
|
|
}
|
|
|
|
$file_info = getimagesize($_FILES['file']['tmp_name']);
|
|
|
|
$file_mime = $file_info['mime'];
|
2009-09-20 02:53:15 +00:00
|
|
|
|
2009-11-03 07:26:00 +00:00
|
|
|
if (!($file_mime == "image/jpeg" || $file_mime == "image/gif" || $file_mime == "image/png")) {
|
|
|
|
fancyDie("Only GIF, JPG, and PNG files are allowed.");
|
|
|
|
}
|
|
|
|
|
2010-12-03 10:31:51 +00:00
|
|
|
checkDuplicateImage($post['file_hex']);
|
2009-09-20 02:53:15 +00:00
|
|
|
|
|
|
|
if (!move_uploaded_file($_FILES['file']['tmp_name'], $file_location)) {
|
|
|
|
fancyDie("Could not copy uploaded file.");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($_FILES['file']['size'] != filesize($file_location)) {
|
|
|
|
fancyDie("File transfer failure. Please go back and try again.");
|
|
|
|
}
|
|
|
|
|
2010-12-03 10:31:51 +00:00
|
|
|
$post['image_width'] = $file_info[0]; $post['image_height'] = $file_info[1];
|
2009-09-20 02:53:15 +00:00
|
|
|
|
2010-12-03 10:31:51 +00:00
|
|
|
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post['image_width'], $post['image_height']);
|
2011-08-07 07:24:39 +00:00
|
|
|
|
2010-12-03 10:31:51 +00:00
|
|
|
if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight)) {
|
2009-09-20 02:53:15 +00:00
|
|
|
fancyDie("Could not create thumbnail.");
|
|
|
|
}
|
|
|
|
|
2009-11-03 07:26:00 +00:00
|
|
|
$thumb_info = getimagesize($thumb_location);
|
2010-12-03 10:31:51 +00:00
|
|
|
$post['thumb_width'] = $thumb_info[0]; $post['thumb_height'] = $thumb_info[1];
|
2009-11-03 07:26:00 +00:00
|
|
|
}
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($post['file'] == '') { // No file uploaded
|
2011-08-07 07:24:39 +00:00
|
|
|
if ($post['parent'] == TINYIB_NEWTHREAD) {
|
2009-09-20 02:53:15 +00:00
|
|
|
fancyDie("An image is required to start a thread.");
|
|
|
|
}
|
|
|
|
if (str_replace('<br>', '', $post['message']) == "") {
|
|
|
|
fancyDie("Please enter a message and/or upload an image to make a reply.");
|
|
|
|
}
|
2011-08-07 07:24:39 +00:00
|
|
|
} else {
|
|
|
|
echo $post['file_original'] . ' uploaded.<br>';
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$post['id'] = insertPost($post);
|
2010-11-10 10:12:11 +00:00
|
|
|
if ($noko) {
|
2011-08-07 07:24:39 +00:00
|
|
|
$redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id'];
|
2010-11-10 10:12:11 +00:00
|
|
|
}
|
2009-09-20 02:53:15 +00:00
|
|
|
trimThreads();
|
|
|
|
echo 'Updating thread page...<br>';
|
2011-08-07 07:24:39 +00:00
|
|
|
if ($post['parent'] != TINYIB_NEWTHREAD) {
|
2009-09-20 02:53:15 +00:00
|
|
|
rebuildThread($post['parent']);
|
|
|
|
|
|
|
|
if (strtolower($post['email']) != "sage") {
|
|
|
|
bumpThreadByID($post['parent']);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rebuildThread($post['id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
echo 'Updating thread index...<br>';
|
|
|
|
rebuildIndexes();
|
|
|
|
// Check if the request is to delete a post and/or its associated image
|
|
|
|
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
|
|
|
|
if (isset($_POST['delete'])) {
|
|
|
|
$post = postByID($_POST['delete']);
|
|
|
|
if ($post) {
|
2011-08-07 07:24:39 +00:00
|
|
|
list($loggedin, $isadmin) = manageCheckLogIn();
|
|
|
|
|
|
|
|
if ($loggedin && $_POST['password'] == '') {
|
|
|
|
// Redirect to post moderation page
|
|
|
|
echo '--> --> --><meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . $_POST['delete'] . '">';
|
|
|
|
} elseif ($post['password'] != '' && md5(md5($_POST['password'])) == $post['password']) {
|
2009-09-20 02:53:15 +00:00
|
|
|
deletePostByID($post['id']);
|
2011-08-07 07:24:39 +00:00
|
|
|
if ($post['parent'] == TINYIB_NEWTHREAD) { threadUpdated($post['id']); } else { threadUpdated($post['parent']); }
|
|
|
|
fancyDie('Post deleted.');
|
2009-09-20 02:53:15 +00:00
|
|
|
} else {
|
|
|
|
fancyDie('Invalid password.');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
fancyDie('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
fancyDie('Tick the box next to a post and click "Delete" to delete it.');
|
|
|
|
}
|
|
|
|
$redirect = false;
|
|
|
|
// Check if the request is to access the management area
|
|
|
|
} elseif (isset($_GET["manage"])) {
|
|
|
|
$text = ""; $onload = ""; $navbar = " ";
|
|
|
|
$redirect = false; $loggedin = false; $isadmin = false;
|
|
|
|
$returnlink = basename($_SERVER['PHP_SELF']);
|
|
|
|
|
|
|
|
list($loggedin, $isadmin) = manageCheckLogIn();
|
|
|
|
|
|
|
|
if ($loggedin) {
|
|
|
|
if ($isadmin) {
|
|
|
|
if (isset($_GET["rebuildall"])) {
|
|
|
|
$allthreads = allThreads();
|
|
|
|
foreach ($allthreads as $thread) {
|
|
|
|
rebuildThread($thread["id"]);
|
|
|
|
}
|
|
|
|
rebuildIndexes();
|
2011-08-07 07:24:39 +00:00
|
|
|
$text .= manageInfo('Rebuilt board.');
|
2009-09-20 02:53:15 +00:00
|
|
|
} elseif (isset($_GET["bans"])) {
|
|
|
|
clearExpiredBans();
|
|
|
|
|
|
|
|
if (isset($_POST['ip'])) {
|
|
|
|
if ($_POST['ip'] != '') {
|
|
|
|
$banexists = banByIP($_POST['ip']);
|
|
|
|
if ($banexists) {
|
|
|
|
fancyDie('Sorry, there is already a ban on record for that IP address.');
|
|
|
|
}
|
|
|
|
|
|
|
|
$ban = array();
|
|
|
|
$ban['ip'] = $_POST['ip'];
|
|
|
|
$ban['expire'] = ($_POST['expire'] > 0) ? (time() + $_POST['expire']) : 0;
|
|
|
|
$ban['reason'] = $_POST['reason'];
|
|
|
|
|
|
|
|
insertBan($ban);
|
2011-08-07 07:24:39 +00:00
|
|
|
$text .= manageInfo('Ban record added for ' . $ban['ip']);
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
} elseif (isset($_GET['lift'])) {
|
|
|
|
$ban = banByID($_GET['lift']);
|
|
|
|
if ($ban) {
|
|
|
|
deleteBanByID($_GET['lift']);
|
2011-08-07 07:24:39 +00:00
|
|
|
$text .= manageInfo('Ban record lifted for ' . $ban['ip']);
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$onload = manageOnLoad('bans');
|
|
|
|
$text .= manageBanForm();
|
|
|
|
$text .= manageBansTable();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_GET["delete"])) {
|
|
|
|
$post = postByID($_GET['delete']);
|
|
|
|
if ($post) {
|
|
|
|
deletePostByID($post['id']);
|
|
|
|
rebuildIndexes();
|
2011-08-07 07:24:39 +00:00
|
|
|
if ($post['parent'] != TINYIB_NEWTHREAD) {
|
2009-09-20 02:53:15 +00:00
|
|
|
rebuildThread($post['parent']);
|
|
|
|
}
|
2011-08-07 07:24:39 +00:00
|
|
|
$text .= manageInfo('Post No.' . $post['id'] . ' deleted.');
|
2009-09-20 02:53:15 +00:00
|
|
|
} else {
|
|
|
|
fancyDie("Sorry, there doesn't appear to be a post with that ID.");
|
|
|
|
}
|
|
|
|
} elseif (isset($_GET["moderate"])) {
|
|
|
|
if ($_GET['moderate'] > 0) {
|
|
|
|
$post = postByID($_GET['moderate']);
|
|
|
|
if ($post) {
|
|
|
|
$text .= manageModeratePost($post);
|
|
|
|
} else {
|
|
|
|
fancyDie("Sorry, there doesn't appear to be a post with that ID.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$onload = manageOnLoad('moderate');
|
|
|
|
$text .= manageModeratePostForm();
|
|
|
|
}
|
2011-08-07 07:24:39 +00:00
|
|
|
} elseif (isset($_GET["rawpost"])) {
|
|
|
|
$onload = manageOnLoad("rawpost");
|
|
|
|
$text .= manageRawPostForm();
|
2009-09-20 02:53:15 +00:00
|
|
|
} elseif (isset($_GET["logout"])) {
|
|
|
|
$_SESSION['tinyib'] = '';
|
|
|
|
session_destroy();
|
|
|
|
die('--> --> --><meta http-equiv="refresh" content="0;url=' . $returnlink . '?manage">');
|
|
|
|
}
|
2009-09-22 21:29:27 +00:00
|
|
|
if ($text == '') {
|
2011-08-07 07:24:39 +00:00
|
|
|
$text = manageStatus();
|
2009-09-22 21:29:27 +00:00
|
|
|
}
|
2009-09-20 02:53:15 +00:00
|
|
|
} else {
|
|
|
|
$onload = manageOnLoad('login');
|
|
|
|
$text .= manageLogInForm();
|
|
|
|
}
|
|
|
|
|
|
|
|
echo managePage($text, $onload);
|
|
|
|
} elseif (!file_exists('index.html') || count(allThreads()) == 0) {
|
|
|
|
rebuildIndexes();
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($redirect) {
|
2010-12-31 23:24:55 +00:00
|
|
|
echo '--> --> --><meta http-equiv="refresh" content="0;url=' . (is_string($redirect) ? $redirect : 'index.html') . '">';
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
?>
|