Add TINYIB_CLOUDFLARE

Resolves #188.
This commit is contained in:
Trevor Slocum 2021-04-13 22:54:27 -07:00
parent 392609cab8
commit 4ed5f2e125
10 changed files with 31 additions and 20 deletions

View File

@ -271,7 +271,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
checkCAPTCHA(TINYIB_CAPTCHA);
checkFlood();
}
$rawpost = isRawPost();
$rawposttext = '';
if (!$rawpost) {
@ -304,7 +304,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
}
$post['ip'] = $_SERVER['REMOTE_ADDR'];
$post['ip'] = remoteAddress();
if ($rawpost || !in_array('name', $hide_fields)) {
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
@ -389,7 +389,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$expire_txt = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
$reason_txt = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
}
break;
}
@ -575,7 +575,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
}
$report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
$report = reportByIP($post['id'], remoteAddress());
if (!empty($report)) {
fancyDie(__('You have already submitted a report for that post.'));
}
@ -634,7 +634,7 @@ EOF;
}
}
$report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
$report = array('ip' => remoteAddress(), 'post' => $post['id']);
insertReport($report);
fancyDie(__('Post reported.'));

View File

@ -403,8 +403,8 @@ function trimThreads() {
function lastPostByIP() {
$compClause = new OrWhereClause();
$compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
$compClause->add(new SimpleWhereClause(POST_IP, '=', remoteAddress(), STRING_COMPARISON));
$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData(remoteAddress()), STRING_COMPARISON));
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
return convertPostsToSQLStyle($rows, true);
}

View File

@ -169,7 +169,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysql_insert_id();
}
@ -268,7 +268,7 @@ function trimThreads() {
}
function lastPostByIP() {
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string(remoteAddress()) . "' OR `ip` = '" . mysql_real_escape_string(hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysql_fetch_assoc($replies)) {
return $post;

View File

@ -195,7 +195,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $link;
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysqli_insert_id($link);
}
@ -307,7 +307,7 @@ function trimThreads() {
function lastPostByIP() {
global $link;
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, remoteAddress()) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysqli_fetch_assoc($replies)) {
return $post;

View File

@ -152,7 +152,7 @@ function insertPost($post) {
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
$stm->execute(array($post['parent'], $now, $now, hashData(remoteAddress()), $post['name'], $post['tripcode'], $post['email'],
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@ -254,7 +254,7 @@ function trimThreads() {
}
function lastPostByIP() {
$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array($_SERVER['REMOTE_ADDR'], hashData($_SERVER['REMOTE_ADDR'])));
$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array(remoteAddress(), hashData(remoteAddress())));
return $result->fetch(PDO::FETCH_ASSOC);
}

View File

@ -147,7 +147,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@ -236,7 +236,7 @@ function trimThreads() {
}
function lastPostByIP() {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string(remoteAddress()) . "' OR ip = '" . sqlite_escape_string(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $post) {
return $post;
}

View File

@ -171,7 +171,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $db;
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return $db->lastInsertRowID();
}
@ -273,7 +273,7 @@ function trimThreads() {
function lastPostByIP() {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString(remoteAddress()) . "' OR ip = '" . $db->escapeString(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1");
while ($post = $result->fetchArray()) {
return $post;
}

View File

@ -76,6 +76,9 @@ if (!defined('TINYIB_REQMOD')) {
if (!defined('TINYIB_AUTOREFRESH')) {
define('TINYIB_AUTOREFRESH', 30);
}
if (!defined('TINYIB_CLOUDFLARE')) {
define('TINYIB_CLOUDFLARE', false);
}
if (!defined('TINYIB_DISALLOWTHREADS')) {
define('TINYIB_DISALLOWTHREADS', '');
}

View File

@ -259,7 +259,7 @@ function checkCAPTCHA($mode) {
$failed_captcha = true;
$recaptcha = new \ReCaptcha\ReCaptcha(TINYIB_RECAPTCHA_SECRET);
$resp = $recaptcha->verify($captcha, $_SERVER['REMOTE_ADDR']);
$resp = $recaptcha->verify($captcha, remoteAddress());
if ($resp->isSuccess()) {
$failed_captcha = false;
}
@ -296,12 +296,12 @@ function checkCAPTCHA($mode) {
}
function checkBanned() {
$ban = banByIP($_SERVER['REMOTE_ADDR']);
$ban = banByIP(remoteAddress());
if ($ban) {
if ($ban['expire'] == 0 || $ban['expire'] > time()) {
$expire = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
$reason = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire . $reason);
fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire . $reason);
} else {
clearExpiredBans();
}
@ -785,6 +785,13 @@ function attachFile($post, $filepath, $filename, $uploaded) {
return $post;
}
function remoteAddress() {
if (TINYIB_CLOUDFLARE) {
return $_SERVER['HTTP_CF_CONNECTING_IP'];
}
return $_SERVER['REMOTE_ADDR'];
}
function installedViaGit() {
return is_dir('.git');
}

View File

@ -30,6 +30,7 @@ define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to
define('TINYIB_REPORT', false); // Allow users to report posts
define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable]
define('TINYIB_AUTOREFRESH', 30); // Delay (in seconds) between attempts to refresh a thread automatically [0 to disable]
define('TINYIB_CLOUDFLARE', false); // Only enable when the site is served via Cloudflare to identify IP addresses correctly
define('TINYIB_DISALLOWTHREADS', ''); // When set, users attempting to post a new thread are shown this message instead ['' to disable]
define('TINYIB_DISALLOWREPLIES', ''); // When set, users attempting to post a reply are shown this message instead ['' to disable]