Support reporting posts

Resolves #43.
merge-requests/65/head
Trevor Slocum 2 years ago
parent 20dbe42fbe
commit 2a6c8c8dc3

@ -18,7 +18,8 @@ See [TinyIB Installations](https://gitlab.com/tslocum/tinyib/wikis/Home) for dem
- A simple, self-hosted implementation is included.
- [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported but [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/).
- Reference links. `>>###`
- Delete post via password.
- Delete posts via password.
- Report posts.
- Management panel:
- Administrators and moderators use separate passwords.
- Moderators are only able to sticky threads, lock threads, delete posts, and approve posts when necessary. (See ``TINYIB_REQMOD``)
@ -45,7 +46,7 @@ Please consider supporting the continued development of TinyIB.
## Install
1. Verify the following are installed:
- [PHP 5.3+](https://php.net)
- [PHP 5.5+](https://php.net)
- [GD Image Processing Library](https://php.net/gd)
- This library is usually installed by default.
- If you plan on disabling image uploads to use TinyIB as a text board only, this library is not required.
@ -54,7 +55,7 @@ Please consider supporting the continued development of TinyIB.
- `git clone https://gitlab.com/tslocum/tinyib.git ./`
4. Copy **settings.default.php** to **settings.php**
5. Configure **settings.php**
- When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post and ban data are exposed as the database is composed of standard text files. Access to ./inc/database/flatfile/ should be denied.
- When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post, report and ban data are exposed as the database is composed of standard text files. Access to ./inc/database/flatfile/ should be denied.
- When setting ``TINYIB_DBMODE`` to ``pdo``, note that only the MySQL and PostgreSQL databases drivers have been tested. Theoretically it will work with any applicable driver, but this is not guaranteed. If you use an alternative driver, please report back.
- To require moderation before displaying posts:
- Set ``TINYIB_REQMOD`` to ``files`` to require moderation for posts with files attached.
@ -99,7 +100,7 @@ Please consider supporting the continued development of TinyIB.
- Otherwise, [download](https://gitlab.com/tslocum/tinyib/-/archive/master/tinyib-master.zip) and extract a zipped archive.
2. Note which files were modified.
- If **settings.default.php** was updated, migrate the changes to **settings.php**
- Take care to not change the value of **TINYIB_TRIPSEED**, as it would result in different secure tripcodes.
- Take care to not change the value of `TINYIB_TRIPSEED`, as it is used to generate secure tripcodes, hash passwords and hash IP addresses.
- If other files were updated, and you have made changes yourself:
- Visit [GitLab](https://gitlab.com/tslocum/tinyib) and review the changes made in the update.
- Ensure the update does not interfere with your changes.

@ -40,20 +40,6 @@ if (function_exists('ob_get_level')) {
}
}
if (version_compare(phpversion(), '5.3.0', '<')) {
if (get_magic_quotes_gpc()) {
foreach ($_GET as $key => $val) {
$_GET[$key] = stripslashes($val);
}
foreach ($_POST as $key => $val) {
$_POST[$key] = stripslashes($val);
}
}
if (get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
}
function fancyDie($message) {
$back = 'Click here to go back';
if (function_exists('__')) {
@ -91,7 +77,7 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
"parent" integer NOT NULL,
"timestamp" integer NOT NULL,
"bumped" integer NOT NULL,
"ip" varchar(39) NOT NULL,
"ip" varchar(255) NOT NULL,
"name" varchar(75) NOT NULL,
"tripcode" varchar(10) NOT NULL,
"email" varchar(75) NOT NULL,
@ -121,20 +107,27 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
"id" bigserial NOT NULL,
"ip" varchar(39) NOT NULL,
"ip" varchar(255) NOT NULL,
"timestamp" integer NOT NULL,
"expire" integer NOT NULL,
"reason" text NOT NULL,
PRIMARY KEY ("id")
);
CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
$reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
"id" bigserial NOT NULL,
"ip" varchar(255) NOT NULL,
"post" integer NOT NULL,
PRIMARY KEY ("id")
);';
} else {
$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`parent` mediumint(7) unsigned NOT NULL,
`timestamp` int(20) NOT NULL,
`bumped` int(20) NOT NULL,
`ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`name` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`tripcode` varchar(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`email` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
@ -163,13 +156,20 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`timestamp` int(20) NOT NULL,
`expire` int(20) NOT NULL,
`reason` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `ip` (`ip`)
)";
$reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`post` int(20) NOT NULL,
PRIMARY KEY (`id`)
)";
}
// Check directories are writable by the script
@ -200,6 +200,8 @@ if (TINYIB_TIMEZONE != '') {
date_default_timezone_set(TINYIB_TIMEZONE);
}
$bcrypt_salt = '$2y$12$' . str_replace('+', '.', str_pad(substr(base64_encode(TINYIB_TRIPSEED), 0, 22), 22, "="));
$redirect = true;
// Check if the request is to make a post
if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
@ -256,7 +258,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
}
}
if ($rawpost || !in_array('password', $hide_fields)) {
$post['password'] = ($_POST['password'] != '') ? md5(md5($_POST['password'])) : '';
$post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
}
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext);
@ -389,6 +391,26 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
echo __('Updating index...') . '<br>';
rebuildIndexes();
}
// Check if the request is to report a post
} elseif (isset($_GET['report']) && !isset($_GET['manage'])) {
if (!TINYIB_REPORT) {
fancyDie(__('Reporting is disabled.'));
}
$post = postByID($_GET['report']);
if (!$post) {
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
}
$report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
if (!empty($report)) {
fancyDie(__('You have already submitted a report for that post.'));
}
$report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
insertReport($report);
fancyDie(__('Post reported.'));
// Check if the request is to delete a post and/or its associated image
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
if (!isset($_POST['delete'])) {
@ -406,8 +428,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
if ($loggedin && $_POST['password'] == '') {
// Redirect to post moderation page
echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . $_POST['delete'] . '">';
} elseif ($post['password'] != '' && md5(md5($_POST['password'])) == $post['password']) {
deletePostByID($post['id']);
} elseif ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
deletePost($post['id']);
if ($post['parent'] == TINYIB_NEWTHREAD) {
threadUpdated($post['id']);
} else {
@ -528,10 +550,11 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
if (isset($_GET['delete'])) {
$post = postByID($_GET['delete']);
if ($post) {
deletePostByID($post['id']);
rebuildIndexes();
if ($post['parent'] != TINYIB_NEWTHREAD) {
rebuildThread($post['parent']);
deletePost($post['id']);
if ($post['parent'] == TINYIB_NEWTHREAD) {
threadUpdated($post['id']);
} else {
threadUpdated($post['parent']);
}
$text .= manageInfo(sprintf(__('Post No.%d deleted.'), $post['id']));
} else {
@ -594,6 +617,17 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
} else {
fancyDie(__('Form data was lost. Please go back and try again.'));
}
} elseif (isset($_GET['clearreports'])) {
if ($_GET['clearreports'] > 0) {
$post = postByID($_GET['clearreports']);
if ($post) {
deleteReportsByPost($post['id']);
$text .= manageInfo(__('Reports cleared.'));
} else {
fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
}
}
} elseif (isset($_GET["rawpost"])) {
$onload = manageOnLoad("rawpost");
$text .= buildPostForm(0, true);

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
return 0; // Unsupported by this database option
}
@ -22,31 +22,31 @@ function threadExistsByID($id) {
function insertPost($newpost) {
$post = array();
$post[POST_ID] = '0';
$post[POST_PARENT] = $newpost['parent'];
$post[POST_TIMESTAMP] = time();
$post[POST_BUMPED] = time();
$post[POST_IP] = $newpost['ip'];
$post[POST_NAME] = $newpost['name'];
$post[POST_TRIPCODE] = $newpost['tripcode'];
$post[POST_EMAIL] = $newpost['email'];
$post[POST_NAMEBLOCK] = $newpost['nameblock'];
$post[POST_SUBJECT] = $newpost['subject'];
$post[POST_MESSAGE] = $newpost['message'];
$post[POST_PASSWORD] = $newpost['password'];
$post[POST_FILE] = $newpost['file'];
$post[POST_FILE_HEX] = $newpost['file_hex'];
$post[POST_FILE_ORIGINAL] = $newpost['file_original'];
$post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_ID] = '0';
$post[POST_PARENT] = $newpost['parent'];
$post[POST_TIMESTAMP] = time();
$post[POST_BUMPED] = time();
$post[POST_IP] = hashData($newpost['ip']);
$post[POST_NAME] = $newpost['name'];
$post[POST_TRIPCODE] = $newpost['tripcode'];
$post[POST_EMAIL] = $newpost['email'];
$post[POST_NAMEBLOCK] = $newpost['nameblock'];
$post[POST_SUBJECT] = $newpost['subject'];
$post[POST_MESSAGE] = $newpost['message'];
$post[POST_PASSWORD] = $newpost['password'];
$post[POST_FILE] = $newpost['file'];
$post[POST_FILE_HEX] = $newpost['file_hex'];
$post[POST_FILE_ORIGINAL] = $newpost['file_original'];
$post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_FILE_SIZE_FORMATTED] = $newpost['file_size_formatted'];
$post[POST_IMAGE_WIDTH] = $newpost['image_width'];
$post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
$post[POST_THUMB] = $newpost['thumb'];
$post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
$post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
$post[POST_STICKIED] = $newpost['stickied'];
$post[POST_LOCKED] = $newpost['locked'];
$post[POST_MODERATED] = $newpost['moderated'];
$post[POST_IMAGE_WIDTH] = $newpost['image_width'];
$post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
$post[POST_THUMB] = $newpost['thumb'];
$post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
$post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
$post[POST_STICKIED] = $newpost['stickied'];
$post[POST_LOCKED] = $newpost['locked'];
$post[POST_MODERATED] = $newpost['moderated'];
return $GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
}
@ -100,30 +100,30 @@ function convertPostsToSQLStyle($posts, $singlepost = false) {
$newposts = array();
foreach ($posts as $oldpost) {
$post = newPost();
$post['id'] = $oldpost[POST_ID];
$post['parent'] = $oldpost[POST_PARENT];
$post['timestamp'] = $oldpost[POST_TIMESTAMP];
$post['bumped'] = $oldpost[POST_BUMPED];
$post['ip'] = $oldpost[POST_IP];
$post['name'] = $oldpost[POST_NAME];
$post['tripcode'] = $oldpost[POST_TRIPCODE];
$post['email'] = $oldpost[POST_EMAIL];
$post['nameblock'] = $oldpost[POST_NAMEBLOCK];
$post['subject'] = $oldpost[POST_SUBJECT];
$post['message'] = $oldpost[POST_MESSAGE];
$post['password'] = $oldpost[POST_PASSWORD];
$post['file'] = $oldpost[POST_FILE];
$post['file_hex'] = $oldpost[POST_FILE_HEX];
$post['file_original'] = $oldpost[POST_FILE_ORIGINAL];
$post['file_size'] = $oldpost[POST_FILE_SIZE];
$post['id'] = $oldpost[POST_ID];
$post['parent'] = $oldpost[POST_PARENT];
$post['timestamp'] = $oldpost[POST_TIMESTAMP];
$post['bumped'] = $oldpost[POST_BUMPED];
$post['ip'] = $oldpost[POST_IP];
$post['name'] = $oldpost[POST_NAME];
$post['tripcode'] = $oldpost[POST_TRIPCODE];
$post['email'] = $oldpost[POST_EMAIL];
$post['nameblock'] = $oldpost[POST_NAMEBLOCK];
$post['subject'] = $oldpost[POST_SUBJECT];
$post['message'] = $oldpost[POST_MESSAGE];
$post['password'] = $oldpost[POST_PASSWORD];
$post['file'] = $oldpost[POST_FILE];
$post['file_hex'] = $oldpost[POST_FILE_HEX];
$post['file_original'] = $oldpost[POST_FILE_ORIGINAL];
$post['file_size'] = $oldpost[POST_FILE_SIZE];
$post['file_size_formatted'] = $oldpost[POST_FILE_SIZE_FORMATTED];
$post['image_width'] = $oldpost[POST_IMAGE_WIDTH];
$post['image_height'] = $oldpost[POST_IMAGE_HEIGHT];
$post['thumb'] = $oldpost[POST_THUMB];
$post['thumb_width'] = $oldpost[POST_THUMB_WIDTH];
$post['thumb_height'] = $oldpost[POST_THUMB_HEIGHT];
$post['stickied'] = isset($oldpost[POST_STICKIED]) ? $oldpost[POST_STICKIED] : 0;
$post['locked'] = isset($oldpost[POST_LOCKED]) ? $oldpost[POST_LOCKED] : 0;
$post['image_width'] = $oldpost[POST_IMAGE_WIDTH];
$post['image_height'] = $oldpost[POST_IMAGE_HEIGHT];
$post['thumb'] = $oldpost[POST_THUMB];
$post['thumb_width'] = $oldpost[POST_THUMB_WIDTH];
$post['thumb_height'] = $oldpost[POST_THUMB_HEIGHT];
$post['stickied'] = isset($oldpost[POST_STICKIED]) ? $oldpost[POST_STICKIED] : 0;
$post['locked'] = isset($oldpost[POST_LOCKED]) ? $oldpost[POST_LOCKED] : 0;
if ($post['parent'] == '') {
$post['parent'] = TINYIB_NEWTHREAD;
@ -178,23 +178,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $post['id'], INTEGER_COMPARISON));
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == 0) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $thispost['id'], INTEGER_COMPARISON));
}
$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON));
}
function trimThreads() {
@ -203,24 +187,30 @@ function trimThreads() {
if ($numthreads > TINYIB_MAXTHREADS) {
$allthreads = allThreads();
for ($i = TINYIB_MAXTHREADS; $i < $numthreads; $i++) {
deletePostByID($allthreads[$i]['id']);
deletePost($allthreads[$i]['id']);
}
}
}
}
function lastPostByIP() {
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON), 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
$compClause = new OrWhereClause();
$compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
return convertPostsToSQLStyle($rows, true);
}
// Ban Functions
// Ban functions
function banByID($id) {
return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON), 1), true);
}
function banByIP($ip) {
return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON), 1), true);
$compClause = new OrWhereClause();
$compClause->add(new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON));
$compClause->add(new SimpleWhereClause(BAN_IP, '=', hashData($ip), STRING_COMPARISON));
return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, $compClause, 1), true);
}
function allBans() {
@ -249,7 +239,7 @@ function convertBansToSQLStyle($bans, $singleban = false) {
function insertBan($newban) {
$ban = array();
$ban[BAN_ID] = '0';
$ban[BAN_IP] = $newban['ip'];
$ban[BAN_IP] = hashData($newban['ip']);
$ban[BAN_TIMESTAMP] = time();
$ban[BAN_EXPIRE] = $newban['expire'];
$ban[BAN_REASON] = $newban['reason'];
@ -271,3 +261,62 @@ function clearExpiredBans() {
function deleteBanByID($id) {
$GLOBALS['db']->deleteWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON));
}
// Report functions
function reportByIP($post, $ip) {
$ipClause = new OrWhereClause();
$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
$andClause = new AndWhereClause();
$andClause->add(new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
$andClause->add($ipClause);
return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, $andClause, 1), true);
}
function reportsByPost($post) {
return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON), 1), true);
}
function allReports() {
$rows = $GLOBALS['db']->selectWhere(REPORTS_FILE, NULL, -1, new OrderBy(REPORT_POST, ASCENDING, INTEGER_COMPARISON));
return convertReportsToSQLStyle($rows);
}
function convertReportsToSQLStyle($reports, $singlereport = false) {
$newreports = array();
foreach ($reports as $oldreport) {
$report = array();
$report['id'] = $oldreport[REPORT_ID];
$report['ip'] = $oldreport[REPORT_IP];
$report['post'] = $oldreport[REPORT_POST];
if ($singlereport) {
return $report;
}
$newreports[] = $report;
}
return $newreports;
}
function insertReport($newreport) {
$report = array();
$report[REPORT_ID] = '0';
$report[REPORT_IP] = hashData($newreport['ip']);
$report[REPORT_POST] = $newreport['post'];
$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
}
function deleteReportsByPost($post) {
$GLOBALS['db']->deleteWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
}
function deleteReportsByIP($ip) {
$ipClause = new OrWhereClause();
$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
$GLOBALS['db']->deleteWhere(REPORTS_FILE, $ipClause);
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Structure
// Posts table
define('POSTS_FILE', '.posts');
define('POST_ID', 0);
define('POST_PARENT', 1);
@ -31,7 +31,7 @@ define('POST_STICKIED', 22);
define('POST_LOCKED', 23);
define('POST_MODERATED', 24);
// Ban Structure
// Bans table
define('BANS_FILE', '.bans');
define('BAN_ID', 0);
define('BAN_IP', 1);
@ -39,6 +39,12 @@ define('BAN_TIMESTAMP', 2);
define('BAN_EXPIRE', 3);
define('BAN_REASON', 4);
// Reports table
define('REPORTS_FILE', '.reports');
define('REPORT_ID', 0);
define('REPORT_IP', 1);
define('REPORT_POST', 2);
require_once 'flatfile/flatfile.php';
$db = new Flatfile();
$db->datadir = 'inc/database/flatfile/';
@ -50,41 +56,49 @@ if (file_exists('inc/flatfile/' . POSTS_FILE)) {
if (function_exists('insertPost')) {
function migratePost($newpost) {
$post = array();
$post[POST_ID] = $newpost['id'];
$post[POST_PARENT] = $newpost['parent'];
$post[POST_TIMESTAMP] = $newpost['timestamp'];
$post[POST_BUMPED] = $newpost['bumped'];
$post[POST_IP] = $newpost['ip'];
$post[POST_NAME] = $newpost['name'];
$post[POST_TRIPCODE] = $newpost['tripcode'];
$post[POST_EMAIL] = $newpost['email'];
$post[POST_NAMEBLOCK] = $newpost['nameblock'];
$post[POST_SUBJECT] = $newpost['subject'];
$post[POST_MESSAGE] = $newpost['message'];
$post[POST_PASSWORD] = $newpost['password'];
$post[POST_FILE] = $newpost['file'];
$post[POST_FILE_HEX] = $newpost['file_hex'];
$post[POST_FILE_ORIGINAL] = $newpost['file_original'];
$post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_ID] = $newpost['id'];
$post[POST_PARENT] = $newpost['parent'];
$post[POST_TIMESTAMP] = $newpost['timestamp'];
$post[POST_BUMPED] = $newpost['bumped'];
$post[POST_IP] = $newpost['ip'];
$post[POST_NAME] = $newpost['name'];
$post[POST_TRIPCODE] = $newpost['tripcode'];
$post[POST_EMAIL] = $newpost['email'];
$post[POST_NAMEBLOCK] = $newpost['nameblock'];
$post[POST_SUBJECT] = $newpost['subject'];
$post[POST_MESSAGE] = $newpost['message'];
$post[POST_PASSWORD] = $newpost['password'];
$post[POST_FILE] = $newpost['file'];
$post[POST_FILE_HEX] = $newpost['file_hex'];
$post[POST_FILE_ORIGINAL] = $newpost['file_original'];
$post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_FILE_SIZE_FORMATTED] = $newpost['file_size_formatted'];
$post[POST_IMAGE_WIDTH] = $newpost['image_width'];
$post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
$post[POST_THUMB] = $newpost['thumb'];
$post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
$post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
$post[POST_MODERATED] = $newpost['moderated'];
$post[POST_STICKIED] = $newpost['stickied'];
$post[POST_LOCKED] = $newpost['locked'];
$post[POST_IMAGE_WIDTH] = $newpost['image_width'];
$post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
$post[POST_THUMB] = $newpost['thumb'];
$post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
$post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
$post[POST_MODERATED] = $newpost['moderated'];
$post[POST_STICKIED] = $newpost['stickied'];
$post[POST_LOCKED] = $newpost['locked'];
$GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
}
function migrateBan($newban) {
$ban = array();
$ban[BAN_ID] = $newban['id'];
$ban[BAN_IP] = $newban['ip'];
$ban[BAN_ID] = $newban['id'];
$ban[BAN_IP] = $newban['ip'];
$ban[BAN_TIMESTAMP] = $newban['timestamp'];
$ban[BAN_EXPIRE] = $newban['expire'];
$ban[BAN_REASON] = $newban['reason'];
$ban[BAN_EXPIRE] = $newban['expire'];
$ban[BAN_REASON] = $newban['reason'];
$GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
}
function migrateReport($newreport) {
$report = array();
$report[REPORT_ID] = $newreport['id'];
$report[REPORT_IP] = $newreport['ip'];
$report[REPORT_POST] = $newreport['post'];
$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
}
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
$row = mysql_fetch_row(mysql_query("SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
return $row[0];
@ -23,7 +23,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysql_insert_id();
}
@ -107,22 +107,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == TINYIB_NEWTHREAD) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
}
mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
}
function trimThreads() {
@ -130,14 +115,14 @@ function trimThreads() {
$result = mysql_query("SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
deletePostByID($post['id']);
deletePost($post['id']);
}
}
}
}
function lastPostByIP() {
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysql_fetch_assoc($replies)) {
return $post;
@ -145,7 +130,7 @@ function lastPostByIP() {
}
}
// Ban Functions
// Ban functions
function banByID($id) {
$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' LIMIT 1");
if ($result) {
@ -156,7 +141,7 @@ function banByID($id) {
}
function banByIP($ip) {
$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' LIMIT 1");
$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "' LIMIT 1");
if ($result) {
while ($ban = mysql_fetch_assoc($result)) {
return $ban;
@ -176,7 +161,7 @@ function allBans() {
}
function insertBan($ban) {
mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string($ban['ip']) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
return mysql_insert_id();
}
@ -192,3 +177,47 @@ function clearExpiredBans() {
function deleteBanByID($id) {
mysql_query("DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
}
// Report functions
function reportByIP($post, $ip) {
$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "' AND (`ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "') LIMIT 1");
if ($result) {
while ($report = mysql_fetch_assoc($result)) {
return $report;
}
}
}
function reportsByPost($post) {
$reports = array();
$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "'");
if ($result) {
while ($report = mysql_fetch_assoc($result)) {
$reports[] = $report;
}
}
return $reports;
}
function allReports() {
$reports = array();
$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
if ($result) {
while ($report = mysql_fetch_assoc($result)) {
$reports[] = $report;
}
}
return $reports;
}
function insertReport($report) {
mysql_query("INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysql_real_escape_string(hashData($report['ip'])) . "', '" . mysql_real_escape_string($report['post']) . "')");
}
function deleteReportsByPost($post) {
mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = " . mysql_real_escape_string($post));
}
function deleteReportsByIP($ip) {
mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = " . mysql_real_escape_string($ip) . " OR `ip` = " . mysql_real_escape_string(hashData($ip)));
}

@ -35,12 +35,19 @@ if (mysql_num_rows(mysql_query("SHOW COLUMNS FROM `" . TINYIB_DBPOSTS . "` LIKE
mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
mysql_query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
if (function_exists('insertPost')) {
function migratePost($post) {
mysql_query("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysql_real_escape_string($post['ip']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
}
function migrateBan($ban) {
mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysql_real_escape_string($ban['reason']) . "')");
mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysql_real_escape_string($ban['id']) . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . mysql_real_escape_string($ban['timestamp']) . "', '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
}
function migrateReport($report) {
mysql_query("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysql_real_escape_string($report['id']) . "', '" . mysql_real_escape_string($report['ip']) . "', '" . mysql_real_escape_string($report['post']) . "')");
}
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
global $link;
$row = mysqli_fetch_row(mysqli_query($link, "SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
@ -27,7 +27,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $link;
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysqli_insert_id($link);
}
@ -122,22 +122,7 @@ function latestPosts($moderated = true) {
function deletePostByID($id) {
global $link;
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == TINYIB_NEWTHREAD) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
}
mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
}
function trimThreads() {
@ -146,7 +131,7 @@ function trimThreads() {
$result = mysqli_query($link, "SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
deletePostByID($post['id']);
deletePost($post['id']);
}
}
}
@ -154,7 +139,7 @@ function trimThreads() {
function lastPostByIP() {
global $link;
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysqli_fetch_assoc($replies)) {
return $post;
@ -162,7 +147,7 @@ function lastPostByIP() {
}
}
// Ban Functions
// Ban functions
function banByID($id) {
global $link;
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' LIMIT 1");
@ -175,7 +160,7 @@ function banByID($id) {
function banByIP($ip) {
global $link;
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' LIMIT 1");
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "' LIMIT 1");
if ($result) {
while ($ban = mysqli_fetch_assoc($result)) {
return $ban;
@ -197,7 +182,7 @@ function allBans() {
function insertBan($ban) {
global $link;
mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, hashData($ban['ip'])) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
return mysqli_insert_id($link);
}
@ -216,6 +201,57 @@ function deleteBanByID($id) {
mysqli_query($link, "DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
}
// Report functions
function reportByIP($post, $ip) {
global $link;
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "' AND (`ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "') LIMIT 1");
if ($result) {
while ($report = mysqli_fetch_assoc($result)) {
return $report;
}
}
}
function reportsByPost($post) {
global $link;
$reports = array();
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
if ($result) {
while ($report = mysqli_fetch_assoc($result)) {
$reports[] = $report;
}
}
return $reports;
}
function allReports() {
global $link;
$reports = array();
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
if ($result) {
while ($report = mysqli_fetch_assoc($result)) {
$reports[] = $report;
}
}
return $reports;
}
function insertReport($report) {
global $link;
mysqli_query($link, "INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysqli_real_escape_string($link, hashData($report['ip'])) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
}
function deleteReportsByPost($post) {
global $link;
mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
}
function deleteReportsByIP($ip) {
global $link;
mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "'");
}
// Utility functions
function mysqli_result($res, $row, $field = 0) {
$res->data_seek($row);
$datarow = $res->fetch_array();

@ -35,6 +35,9 @@ if (mysqli_num_rows(mysqli_query($link, "SHOW COLUMNS FROM `" . TINYIB_DBPOSTS .
mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
mysqli_query($link, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
if (function_exists('insertPost')) {
function migratePost($post) {
global $link;
@ -43,6 +46,11 @@ if (function_exists('insertPost')) {
function migrateBan($ban) {
global $link;
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysqli_real_escape_string($link, $ban['id']) . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . mysqli_real_escape_string($link, $ban['timestamp']) . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
}
function migrateReport($report) {
global $link;
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysqli_real_escape_string($link, $report['id']) . "', '" . mysqli_real_escape_string($link, $report['ip']) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
}
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
$result = pdoQuery("SELECT COUNT(DISTINCT(ip)) FROM " . TINYIB_DBPOSTS);
return (int)$result->fetchColumn();
@ -26,7 +26,7 @@ function insertPost($post) {
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stm->execute(array($post['parent'], $now, $now, $_SERVER['REMOTE_ADDR'], $post['name'], $post['tripcode'], $post['email'],
$stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@ -108,22 +108,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($id));
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == TINYIB_NEWTHREAD) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($thispost['id']));
}
pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($id));
}
function trimThreads() {
@ -137,7 +122,7 @@ function trimThreads() {
MSSQL: WITH ts AS (SELECT ROWNUMBER() OVER (ORDER BY bumped) AS 'rownum', * FROM $table) SELECT id FROM ts WHERE rownum >= $limit
*/
foreach ($results as $post) {
deletePostByID($post['id']);
deletePost($post['id']);
}
}
}
@ -147,14 +132,14 @@ function lastPostByIP() {
return $result->fetch(PDO::FETCH_ASSOC);
}
// Ban Functions
// Ban functions
function banByID($id) {
$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
return $result->fetch(PDO::FETCH_ASSOC);
}
function banByIP($ip) {
$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? LIMIT 1", array($ip));
$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? OR ip = ? LIMIT 1", array($ip, hashData($ip)));
return $result->fetch(PDO::FETCH_ASSOC);
}
@ -171,7 +156,7 @@ function insertBan($ban) {
global $dbh;
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES (?, ?, ?, ?)");
$stm->execute(array($ban['ip'], $now, $ban['expire'], $ban['reason']));
$stm->execute(array(hashData($ban['ip']), $now, $ban['expire'], $ban['reason']));
return $dbh->lastInsertId();
}
@ -183,3 +168,41 @@ function clearExpiredBans() {
function deleteBanByID($id) {
pdoQuery("DELETE FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
}
// Report functions
function reportByIP($post, $ip) {
$result = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ? AND (ip = ? OR ip = ?) LIMIT 1", array($post, $ip, hashData($ip)));
return $result->fetch(PDO::FETCH_ASSOC);
}
function reportsByPost($post) {
$reports = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
$reports[] = $row;
}
return $reports;
}
function allReports() {
$reports = array();
$results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
$reports[] = $row;
}
return $reports;
}
function insertReport($report) {
global $dbh;
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES (?, ?)");
$stm->execute(array(hashData($report['ip']), $report['post']));
}
function deleteReportsByPost($post) {
pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
}
function deleteReportsByIP($ip) {
pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = ? OR ip = ?", array($ip, hashData($ip)));
}

@ -89,6 +89,14 @@ if (!$locked_exists) {
$dbh->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
if (TINYIB_DBDRIVER === 'pgsql') {
$dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
$dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
} else {
$dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
$dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
}
function pdoQuery($sql, $params = false) {
global $dbh;
@ -118,4 +126,10 @@ if (function_exists('insertPost')) {
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (?, ?, ?, ?, ?)");
$stm->execute(array($ban['id'], $ban['ip'], $ban['timestamp'], $ban['expire'], $ban['reason']));
}
function migrateReport($report) {
global $dbh;
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES (?, ?, ?)");
$stm->execute(array($report['id'], $report['ip'], $report['post']));
}
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
return sqlite_fetch_single(sqlite_query($GLOBALS["db"], "SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")"));
}
@ -20,7 +20,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@ -96,41 +96,26 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == TINYIB_NEWTHREAD) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
}
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id));
}
function trimThreads() {
if (TINYIB_MAXTHREADS > 0) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10"), SQLITE_ASSOC);
foreach ($result as $post) {
deletePostByID($post['id']);
deletePost($post['id']);
}
}
}
function lastPostByIP() {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $post) {
return $post;
}
}
// Ban Functions
// Ban functions
function banByID($id) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "' LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $ban) {
@ -139,7 +124,7 @@ function banByID($id) {
}
function banByIP($ip) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' LIMIT 1"), SQLITE_ASSOC);
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "' LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $ban) {
return $ban;
}
@ -155,7 +140,7 @@ function allBans() {
}
function insertBan($ban) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string($ban['ip']) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@ -169,3 +154,41 @@ function clearExpiredBans() {
function deleteBanByID($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id));
}
// Report functions
function reportByIP($post, $ip) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "' AND (ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "') LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $report) {
return $report;
}
}
function reportByPost($post) {
$reports = array();
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'"), SQLITE_ASSOC);
foreach ($result as $report) {
$reports[] = $report;
}
return $reports;
}
function allReports() {
$reports = array();
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC"), SQLITE_ASSOC);
foreach ($result as $report) {
$reports[] = $report;
}
return $reports;
}
function insertReport($report) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . sqlite_escape_string(hashData($report['ip'])) . "', '" . sqlite_escape_string($report['post']) . "')");
}
function deleteReportsByPost($post) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post));
}
function deleteReportsByIP($ip) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "'");
}

@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
// Post Functions
// Post functions
function uniquePosts() {
global $db;
return $db->querySingle("SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")");
@ -24,7 +24,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return $db->lastInsertRowID();
}
@ -111,22 +111,7 @@ function latestPosts($moderated = true) {
function deletePostByID($id) {
global $db;
$posts = postsInThreadByID($id, false);
foreach ($posts as $post) {
if ($post['id'] != $id) {
deletePostImages($post);
$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
} else {
$thispost = $post;
}
}
if (isset($thispost)) {
if ($thispost['parent'] == TINYIB_NEWTHREAD) {
@unlink('res/' . $thispost['id'] . '.html');
}
deletePostImages($thispost);
$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
}
$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id));
}
function trimThreads() {
@ -134,20 +119,20 @@ function trimThreads() {
if (TINYIB_MAXTHREADS > 0) {
$result = $db->query("SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
while ($post = $result->fetchArray()) {
deletePostByID($post['id']);
deletePost($post['id']);
}
}
}
function lastPostByIP() {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1");
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
while ($post = $result->fetchArray()) {
return $post;
}
}
// Ban Functions
// Ban functions
function banByID($id) {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "' LIMIT 1");
@ -158,7 +143,7 @@ function banByID($id) {
function banByIP($ip) {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' LIMIT 1");
$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "' LIMIT 1");
while ($ban = $result->fetchArray()) {
return $ban;
}
@ -176,7 +161,7 @@ function allBans() {
function insertBan($ban) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString($ban['ip']) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
$db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString(hashData($ban['ip'])) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
return $db->lastInsertRowID();
}
@ -192,3 +177,47 @@ function deleteBanByID($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id));
}
// Report functions
function reportByIP($post, $ip) {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "' AND (ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "') LIMIT 1");
while ($report = $result->fetchArray()) {
return $report;
}
}
function reportsByPost($post) {
global $db;
$reports = array();
$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'");
while ($report = $result->fetchArray()) {
$reports[] = $report;
}
return $reports;
}
function allReports() {
global $db;
$reports = array();
$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
while ($report = $result->fetchArray()) {
$reports[] = $report;
}
return $reports;
}
function insertReport($report) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . $db->escapeString(hashData($report['ip'])) . "', '" . $db->escapeString($report['post']) . "')");
}
function deleteReportsByPost($post) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post));
}
function deleteReportsByIP($ip) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "'");
}

@ -65,6 +65,9 @@ if (!$result->fetchArray()) {
// Add locked column if it isn't present
@$db->exec("ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
@$db->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
@$db->exec("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
if (function_exists('insertPost')) {
function migratePost($post) {
global $db;
@ -73,6 +76,11 @@ if (function_exists('insertPost')) {
function migrateBan($ban) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . ", '" . $db->escapeString($ban['ip']) . "', " . $ban['timestamp'] . ", " . $ban['expire'] . ", '" . $db->escapeString($ban['reason']) . "')");
$db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $db->escapeString($ban['id']) . ", '" . $db->escapeString($ban['ip']) . "', " . $db->escapeString($ban['timestamp']) . ", " . $db->escapeString($ban['expire']) . ", '" . $db->escapeString($ban['reason']) . "')");
}
function migrateReport($report) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . $db->escapeString($report['id']) . "', '" . $db->escapeString($report['ip']) . "', '" . $db->escapeString($report['post']) . "')");
}
}

@ -64,12 +64,19 @@ sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN stickied INTEGE
// Add locked column if it isn't present
sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
sqlite_query($db, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
sqlite_query($db, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
if (function_exists('insertPost')) {
function migratePost($post) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . sqlite_escape_string($post['ip']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
}
function migrateBan($ban) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . sqlite_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . sqlite_escape_string($ban['reason']) . "')");
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . sqlite_escape_string($ban['id']) . "', '" . sqlite_escape_string($ban['ip']) . "', '" . sqlite_escape_string($ban['timestamp']) . "', '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
}
function migrateReport($report) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . sqlite_escape_string($report['id']) . "', '" . sqlite_escape_string($report['ip']) . "', '" . sqlite_escape_string($report['post']) . "')");
}
}

@ -29,7 +29,7 @@ if (!defined('TINYIB_THUMBNAIL')) {
define('TINYIB_THUMBNAIL', 'gd');
}
if (!defined('TINYIB_UPLOADVIAURL')) {
define('TINYIB_UPLOADVIAURL', false);
define('TINYIB_UPLOADVIAURL', false);
}
if (!defined('TINYIB_NOFILEOK')) {
define('TINYIB_NOFILEOK', false);
@ -40,6 +40,9 @@ if (!defined('TINYIB_CAPTCHA')) {
if (!defined('TINYIB_MANAGECAPTCHA')) {
define('TINYIB_MANAGECAPTCHA', '');
}
if (!defined('TINYIB_REPORT')) {
define('TINYIB_REPORT', '');
}
if (!defined('TINYIB_REQMOD')) {
define('TINYIB_REQMOD', '');
}
@ -64,6 +67,9 @@ if (!defined('TINYIB_DATEFMT')) {
if (!defined('TINYIB_DBMIGRATE')) {
define('TINYIB_DBMIGRATE', false);
}
if (!defined('TINYIB_DBREPORTS')) {
define('TINYIB_DBREPORTS', TINYIB_BOARD . '_reports');
}
if (!defined('TINYIB_DBPORT')) {
define('TINYIB_DBPORT', 3306);
}

@ -11,6 +11,14 @@ if (!function_exists('array_column')) {
}
}
function hashData($data) {
global $bcrypt_salt;
if (substr($data, 0, 4) == '$2y$') {
return $data;
}
return crypt($data, $bcrypt_salt);
}
function cleanString($string) {
$search = array("&", "<", ">");
$replace = array("&amp;", "&lt;", "&gt;");
@ -196,6 +204,30 @@ function deletePostImages($post) {
}
}
function deletePost($id) {
$id = intval($id);
$posts = postsInThreadByID($id, false);
$op = array();
foreach ($posts as $post) {
if ($post['parent'] == TINYIB_NEWTHREAD) {
$op = $post;
continue;
}
deletePostImages($post);
deleteReportsByPost($post['id']);
deletePostByID($post['id']);
}
if (!empty($op)) {
deletePostImages($op);
deleteReportsByPost($op['id']);
deletePostByID($op['id']);
}
@unlink('res/' . $id . '.html');
}
function checkCAPTCHA($mode) {
if ($mode === 'recaptcha') {
require_once 'inc/recaptcha/autoload.php';
@ -277,19 +309,19 @@ function manageCheckLogIn() {
checkCAPTCHA(TINYIB_MANAGECAPTCHA);
if ($_POST['managepassword'] === TINYIB_ADMINPASS) {
$_SESSION['tinyib'] = TINYIB_ADMINPASS;
$_SESSION['tinyib'] = hashData(TINYIB_ADMINPASS);
} elseif (TINYIB_MODPASS != '' && $_POST['managepassword'] === TINYIB_MODPASS) {
$_SESSION['tinyib'] = TINYIB_MODPASS;
$_SESSION['tinyib'] = hashData(TINYIB_MODPASS);
} else {
fancyDie(__('Invalid password.'));
}
}
if (isset($_SESSION['tinyib'])) {
if ($_SESSION['tinyib'] === TINYIB_ADMINPASS) {
if ($_SESSION['tinyib'] === hashData(TINYIB_ADMINPASS)) {
$loggedin = true;
$isadmin = true;
} elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === TINYIB_MODPASS) {
} elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === hashData(TINYIB_MODPASS)) {
$loggedin = true;
}
}

@ -466,6 +466,10 @@ EOF;
$return .= $filehtml;
}
if (TINYIB_REPORT) {
$return .= "&nbsp;[<a href=\"imgboard.php?report=${post["id"]}\">" . __("Report") . "</a>]";
}
if ($post['parent'] == TINYIB_NEWTHREAD && $res == TINYIB_INDEXPAGE) {
$return .= "&nbsp;[<a href=\"res/${post["id"]}.html\">" . __("Reply") . "</a>]";
}
@ -680,12 +684,16 @@ function rebuildIndexes() {
function rebuildThread($id) {
$id = intval($id);
$htmlposts = "";
$posts = postsInThreadByID($id);
if (count($posts) == 0) {
@unlink('res/' . $id . '.html');
return;
}
$htmlposts = "";
foreach ($posts as $post) {
$htmlposts .= buildPost($post, TINYIB_RESPAGE);
}
$htmlposts .= "\n<hr>";
writePage('res/' . $id . '.html', fixLinksInRes(buildPage($htmlposts, $id)));
@ -924,6 +932,24 @@ EOF;
$txt_delete = __('Delete post');
}
$txt_ban = __('Ban poster');
$report_html = '';
$reports = reportsByPost($post['id']);
if (TINYIB_REPORT && count($reports) > 0) {
$txt_clear_reports = __('Clear reports');
$report_info = count($reports) . ' ' . plural(count($reports), __('report'), __('reports'));
$report_html = <<<EOF
<tr><td align="right" width="50%;">
<form method="get" action="?">
<input type="hidden" name="manage" value="">
<input type="hidden" name="clearreports" value="${post['id']}">
<input type="submit" value="$txt_clear_reports" class="managebutton" style="width: 50%;">
</form>
</td><td><small>$report_info</small></td></tr>
EOF;
}
return <<<EOF
<fieldset>
<legend>$txt_moderating</legend>
@ -955,6 +981,8 @@ EOF;
$lock_html
$report_html