tinyib/imgboard.php

1225 lines
42 KiB
PHP
Raw Normal View History

2009-09-20 02:53:15 +00:00
<?php
2020-08-11 20:04:09 +00:00
/*
2020-08-12 16:28:41 +00:00
TinyIB
https://code.rocket9labs.com/tslocum/tinyib
2020-08-11 20:04:09 +00:00
MIT License
Copyright (c) 2020 Trevor Slocum <trevor@rocket9labs.com>
2020-08-11 20:04:09 +00:00
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
2009-09-20 02:53:15 +00:00
error_reporting(E_ALL);
ini_set("display_errors", 1);
session_start();
setcookie(session_name(), session_id(), time() + 2592000);
ob_implicit_flush();
while (ob_get_level() > 0) {
ob_end_flush();
2014-11-04 23:53:06 +00:00
}
2009-09-20 02:53:15 +00:00
2021-04-18 08:10:52 +00:00
function fancyDie($message, $go_back = 1) {
2021-04-16 04:30:31 +00:00
$go_back_text = 'Click here to go back';
2020-10-22 16:05:49 +00:00
if (function_exists('__')) {
2021-04-16 04:30:31 +00:00
$go_back_text = __('Click here to go back');
2020-10-22 16:05:49 +00:00
}
2021-04-16 04:30:31 +00:00
die('<body text="#800000" bgcolor="#FFFFEE" align="center"><br><div style="display: inline-block; background-color: #F0E0D6;font-size: 1.25em;font-family: Tahoma, Geneva, sans-serif;padding: 7px;border: 1px solid #D9BFB7;border-left: none;border-top: none;">' . $message . '</div><br><br>- <a href="javascript:history.go(-' . $go_back . ')">' . $go_back_text . '</a> -</body>');
2009-09-20 02:53:15 +00:00
}
if (!file_exists('settings.php')) {
fancyDie('Please copy the file settings.default.php to settings.php');
}
require 'settings.php';
require 'inc/defines.php';
global $tinyib_capcodes, $tinyib_embeds, $tinyib_hidefields, $tinyib_hidefieldsop;
if (!defined('TINYIB_LOCALE') || TINYIB_LOCALE == '') {
function __($string) {
return $string;
}
} else {
require 'inc/gettext.php';
}
if ((TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_REPLYCAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') && (TINYIB_HCAPTCHA_SITE == '' || TINYIB_HCAPTCHA_SECRET == '')) {
fancyDie(__('TINYIB_HCAPTCHA_SITE and TINYIB_HCAPTCHA_SECRET must be configured.'));
}
if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_REPLYCAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.'));
}
if (TINYIB_TIMEZONE != '') {
date_default_timezone_set(TINYIB_TIMEZONE);
}
if (TINYIB_TRIPSEED == '') {
2021-08-05 18:20:51 +00:00
fancyDie(__('TINYIB_TRIPSEED must be configured.'));
}
$bcrypt_salt = '$2y$12$' . str_pad(str_replace('=', '/', str_replace('+', '.', substr(base64_encode(TINYIB_TRIPSEED), 0, 22))), 22, '/');
$database_modes = array('flatfile', 'mysql', 'mysqli', 'sqlite', 'sqlite3', 'pdo');
if (!in_array(TINYIB_DBMODE, $database_modes)) {
fancyDie(__('Unknown database mode specified.'));
}
if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
$accounts_sql = 'CREATE TABLE "' . TINYIB_DBACCOUNTS . '" (
"id" bigserial NOT NULL,
"username" varchar(255) NOT NULL,
"password" text NOT NULL,
"role" integer NOT NULL,
"lastactive" integer NOT NULL,
PRIMARY KEY ("id")
);';
$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
"id" bigserial NOT NULL,
"ip" varchar(255) NOT NULL,
"timestamp" integer NOT NULL,
"expire" integer NOT NULL,
"reason" text NOT NULL,
PRIMARY KEY ("id")
);
CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
$keywords_sql = 'CREATE TABLE "' . TINYIB_DBKEYWORDS . '" (
"id" bigserial NOT NULL,
"text" varchar(255) NOT NULL,
"action" varchar(255) NOT NULL,
PRIMARY KEY ("id")
);';
$logs_sql = 'CREATE TABLE "' . TINYIB_DBLOGS . '" (
"id" bigserial NOT NULL,
"timestamp" integer NOT NULL,
"account" integer NOT NULL,
"message" text NOT NULL,
PRIMARY KEY ("id")
);
CREATE INDEX ON "' . TINYIB_DBLOGS . '"("account");';
$posts_sql = 'CREATE TABLE "' . TINYIB_DBPOSTS . '" (
"id" bigserial NOT NULL,
"parent" integer NOT NULL,
"timestamp" integer NOT NULL,
"bumped" integer NOT NULL,
2020-11-13 20:32:42 +00:00
"ip" varchar(255) NOT NULL,
"name" varchar(75) NOT NULL,
"tripcode" varchar(24) NOT NULL,
"email" varchar(75) NOT NULL,
"nameblock" varchar(255) NOT NULL,
"subject" varchar(75) NOT NULL,
"message" text NOT NULL,
"password" varchar(255) NOT NULL,
"file" text NOT NULL,
"file_hex" varchar(75) NOT NULL,
"file_original" varchar(255) NOT NULL,
"file_size" integer NOT NULL default \'0\',
"file_size_formatted" varchar(75) NOT NULL,
"image_width" smallint NOT NULL default \'0\',
"image_height" smallint NOT NULL default \'0\',
"thumb" varchar(255) NOT NULL,
"thumb_width" smallint NOT NULL default \'0\',
"thumb_height" smallint NOT NULL default \'0\',
"moderated" smallint NOT NULL default \'1\',
"stickied" smallint NOT NULL default \'0\',
"locked" smallint NOT NULL default \'0\',
PRIMARY KEY ("id")
);
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("parent");
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("bumped");
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("stickied");
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("moderated");';
2020-11-13 20:32:42 +00:00
$reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
"id" bigserial NOT NULL,
"ip" varchar(255) NOT NULL,
"post" integer NOT NULL,
PRIMARY KEY ("id")
);';
} else {
$accounts_sql = "CREATE TABLE `" . TINYIB_DBACCOUNTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`password` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`role` mediumint(7) unsigned NOT NULL,
`lastactive` int(20) unsigned NOT NULL,
PRIMARY KEY (`id`)
)";
$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`timestamp` int(20) NOT NULL,
`expire` int(20) NOT NULL,
`reason` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `ip` (`ip`)
)";
$keywords_sql = "CREATE TABLE `" . TINYIB_DBKEYWORDS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`text` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`action` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
)";
$logs_sql = "CREATE TABLE `" . TINYIB_DBLOGS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`timestamp` int(20),
`account` mediumint(7) unsigned NOT NULL,
`message` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `account` (`account`)
)";
$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`parent` mediumint(7) unsigned NOT NULL,
`timestamp` int(20) NOT NULL,
`bumped` int(20) NOT NULL,
2021-03-17 02:18:31 +00:00
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`name` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`tripcode` varchar(24) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`email` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`nameblock` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`subject` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`message` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`file` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`file_hex` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`file_original` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`file_size` int(20) unsigned NOT NULL default '0',
2021-03-17 02:18:31 +00:00
`file_size_formatted` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`image_width` smallint(5) unsigned NOT NULL default '0',
`image_height` smallint(5) unsigned NOT NULL default '0',
2021-03-17 02:18:31 +00:00
`thumb` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`thumb_width` smallint(5) unsigned NOT NULL default '0',
`thumb_height` smallint(5) unsigned NOT NULL default '0',
`stickied` tinyint(1) NOT NULL default '0',
`moderated` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`id`),
KEY `parent` (`parent`),
KEY `bumped` (`bumped`),
KEY `stickied` (`stickied`),
KEY `moderated` (`moderated`)
)";
2020-11-13 20:32:42 +00:00
$reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
2021-03-17 02:18:31 +00:00
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
2020-11-13 20:32:42 +00:00
`post` int(20) NOT NULL,
PRIMARY KEY (`id`)
)";
}
2009-09-20 02:53:15 +00:00
// Check directories are writable by the script
$writedirs = array('res', 'src', 'thumb');
2014-06-24 19:51:22 +00:00
if (TINYIB_DBMODE == 'flatfile') {
$writedirs[] = 'inc/database/flatfile';
2014-06-24 19:51:22 +00:00
}
2009-09-20 02:53:15 +00:00
foreach ($writedirs as $dir) {
if (!is_writable($dir)) {
fancyDie(sprintf(__("Directory '%s' can not be written to. Please modify its permissions."), $dir));
2009-09-20 02:53:15 +00:00
}
}
$includes = array('inc/functions.php', 'inc/html.php', 'inc/database/' . TINYIB_DBMODE . '_link.php', 'inc/database/' . TINYIB_DBMODE . '.php', 'inc/database/database.php');
2009-09-20 02:53:15 +00:00
foreach ($includes as $include) {
require $include;
2009-09-20 02:53:15 +00:00
}
list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
if (!$loggedin) {
checkBanned();
}
2009-09-20 02:53:15 +00:00
$redirect = true;
// Check if the request is to make a post
if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
$lock = lockDatabase();
if (TINYIB_DBMIGRATE) {
fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
}
$staffpost = isStaffPost();
$capcode = '';
if (!$staffpost) {
checkMessageSize();
}
2014-06-24 19:51:22 +00:00
$post = newPost(setParent());
if (!$loggedin) {
checkCAPTCHA($post['parent'] == TINYIB_NEWTHREAD ? TINYIB_CAPTCHA : TINYIB_REPLYCAPTCHA);
checkFlood();
}
if (!$loggedin) {
if ($post['parent'] == TINYIB_NEWTHREAD && TINYIB_DISALLOWTHREADS != '') {
fancyDie(TINYIB_DISALLOWTHREADS);
} else if ($post['parent'] != TINYIB_NEWTHREAD && TINYIB_DISALLOWREPLIES != '') {
fancyDie(TINYIB_DISALLOWREPLIES);
}
}
$hide_fields = $post['parent'] == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields;
2014-06-24 19:51:22 +00:00
2020-07-31 23:16:37 +00:00
if ($post['parent'] != TINYIB_NEWTHREAD && !$loggedin) {
$parent = postByID($post['parent']);
if (!isset($parent['locked'])) {
fancyDie(__('Invalid parent thread ID supplied, unable to create post.'));
2020-07-31 23:16:37 +00:00
} else if ($parent['locked'] == 1) {
fancyDie(__('Replies are not allowed to locked threads.'));
2020-07-31 23:16:37 +00:00
}
}
if ($post['name'] == '' && $post['tripcode'] == '') {
global $tinyib_anonymous;
$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
}
2021-04-14 05:54:27 +00:00
$post['ip'] = remoteAddress();
$spoiler = TINYIB_SPOILERIMAGE && isset($_POST['spoiler']);
if ($staffpost || !in_array('name', $hide_fields)) {
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
2023-10-06 20:25:08 +00:00
if (TINYIB_MAXNAME > 0) {
2023-10-12 04:37:08 +00:00
$post['name'] = _substr($post['name'], 0, TINYIB_MAXNAME);
}
2023-10-06 20:25:08 +00:00
$post['name'] = cleanString($post['name']);
}
if ($staffpost || !in_array('email', $hide_fields)) {
2023-10-06 20:25:08 +00:00
$post['email'] = $_POST['email'];
if (TINYIB_MAXEMAIL > 0) {
2023-10-12 04:37:08 +00:00
$post['email'] = _substr($post['email'], 0, TINYIB_MAXEMAIL);
}
2023-10-06 20:25:08 +00:00
$post['email'] = cleanString(str_replace('"', '&quot;', $post['email']));
}
if ($staffpost) {
$capcode = ($isadmin) ? ' <span style="color: ' . $tinyib_capcodes[0][1] . ' ;">## ' . $tinyib_capcodes[0][0] . '</span>' : ' <span style="color: ' . $tinyib_capcodes[1][1] . ';">## ' . $tinyib_capcodes[1][0] . '</span>';
}
if ($staffpost || !in_array('subject', $hide_fields)) {
2023-10-06 20:25:08 +00:00
$post['subject'] = $_POST['subject'];
if (TINYIB_MAXSUBJECT > 0) {
2023-10-12 04:37:08 +00:00
$post['subject'] = _substr($post['subject'], 0, TINYIB_MAXSUBJECT);
}
2023-10-06 20:25:08 +00:00
$post['subject'] = cleanString($post['subject']);
}
if ($staffpost || !in_array('message', $hide_fields)) {
$post['message'] = $_POST['message'];
if ($staffpost && isset($_POST['raw'])) {
// Treat message as raw HTML
} else {
if (TINYIB_WORDBREAK > 0) {
$post['message'] = preg_replace('/([^\s]{' . TINYIB_WORDBREAK . '})(?=[^\s])/u', '$1' . TINYIB_WORDBREAK_IDENTIFIER, $post['message']);
}
$post['message'] = str_replace("\n", '<br>', makeLinksClickable(colorQuote(postLink(cleanString(rtrim($post['message']))))));
if (TINYIB_SPOILERTEXT) {
$post['message'] = preg_replace('/&lt;s&gt;(.*?)&lt;\/s&gt;/i', '<span class="spoiler">$1</span>', $post['message']);
$post['message'] = preg_replace('/&lt;spoiler&gt;(.*?)&lt;\/spoiler&gt;/i', '<span class="spoiler">$1</span>', $post['message']);
$post['message'] = preg_replace('/&lt;spoilers&gt;(.*?)&lt;\/spoilers&gt;/i', '<span class="spoiler">$1</span>', $post['message']);
}
if (TINYIB_WORDBREAK > 0) {
$post['message'] = finishWordBreak($post['message']);
}
2018-07-24 23:46:58 +00:00
}
}
if ($staffpost || !in_array('password', $hide_fields)) {
2020-11-13 20:32:42 +00:00
$post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
}
$hide_post = false;
$report_post = false;
foreach (array($post['name'], $post['email'], $post['subject'], $post['message']) as $field) {
$keyword = checkKeywords($field);
if (empty($keyword)) {
continue;
}
$expire = -1;
switch ($keyword['action']) {
case 'report':
$report_post = true;
break;
case 'hide':
$hide_post = true;
break;
case 'delete':
fancyDie(__('Your post contains a blocked keyword.'));
case 'ban0':
$expire = 0;
break;
case 'ban1h':
$expire = 3600;
break;
case 'ban1d':
$expire = 86400;
break;
case 'ban2d':
$expire = 172800;
break;
case 'ban1w':
$expire = 604800;
break;
case 'ban2w':
$expire = 1209600;
break;
case 'ban1m':
$expire = 2592000;
break;
}
if ($expire >= 0) {
$ban = array();
$ban['ip'] = $post['ip'];
$ban['expire'] = $expire > 0 ? (time() + $expire) : 0;
2021-08-05 18:20:51 +00:00
$ban['reason'] = __('Keyword') . ': ' . $keyword['text'];
insertBan($ban);
2021-08-05 18:20:51 +00:00
if ($ban['expire'] > 0) {
$bannedText = sprintf(__('Your IP address (%1$s) is banned until %2$s.'), remoteAddress(), formatDate($ban['expire']));
2021-08-05 18:20:51 +00:00
} else {
$bannedText = sprintf(__('Your IP address (%s) is permanently banned.'), remoteAddress());
}
if ($ban['reason'] != '') {
$bannedText .= '<br>' . __('Reason') . ': ' . $ban['reason'];
}
fancyDie($bannedText);
}
break;
}
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $capcode);
2014-06-24 19:51:22 +00:00
if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($staffpost || !in_array('embed', $hide_fields))) {
if (isset($_FILES['file']) && $_FILES['file']['name'] != "") {
fancyDie(__('Embedding a URL and uploading a file at the same time is not supported.'));
}
list($service, $embed) = getEmbed(trim($_POST['embed']));
if (empty($embed) || !isset($embed['html']) || !isset($embed['title']) || !isset($embed['thumbnail_url'])) {
if (!TINYIB_UPLOADVIAURL) {
fancyDie(sprintf(__('Invalid embed URL. Only %s URLs are supported.'), implode('/', array_keys($tinyib_embeds))));
2009-09-20 02:53:15 +00:00
}
$headers = get_headers(trim($_POST['embed']), true);
if (TINYIB_MAXKB > 0 && isset($headers['Content-Length']) && intval($headers['Content-Length']) > (TINYIB_MAXKB * 1024)) {
fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
}
2014-06-24 19:51:22 +00:00
$data = url_get_contents(trim($_POST['embed']));
if (strlen($data) == 0) {
fancyDie(__('Failed to download file at specified URL.'));
2014-06-24 19:51:22 +00:00
}
if (TINYIB_MAXKB > 0 && strlen($data) > (TINYIB_MAXKB * 1024)) {
fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
}
$filepath = 'src/' . time() . substr(microtime(), 2, 3) . rand(1000, 9999) . '.txt';
if (!file_put_contents($filepath, $data)) {
@unlink($filepath);
fancyDie(__('Failed to download file at specified URL.'));
2016-09-30 07:17:24 +00:00
}
$post = attachFile($post, $filepath, basename(parse_url(trim($_POST['embed']), PHP_URL_PATH)), false, $spoiler);
} else {
$post['file_hex'] = $service;
$temp_file = time() . substr(microtime(), 2, 3);
$file_location = "thumb/" . $temp_file;
file_put_contents($file_location, url_get_contents($embed['thumbnail_url']));
$file_info = getimagesize($file_location);
$file_mime = mime_content_type($file_location);
$post['image_width'] = $file_info[0];
$post['image_height'] = $file_info[1];
if ($file_mime == "image/jpeg") {
$post['thumb'] = $temp_file . '.jpg';
} else if ($file_mime == "image/gif") {
$post['thumb'] = $temp_file . '.gif';
} else if ($file_mime == "image/png") {
$post['thumb'] = $temp_file . '.png';
} else {
fancyDie(__('Error while processing audio/video.'));
2009-09-20 02:53:15 +00:00
}
$thumb_location = "thumb/" . $post['thumb'];
2009-09-20 02:53:15 +00:00
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post);
2014-06-24 19:51:22 +00:00
if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight, $spoiler)) {
fancyDie(__('Could not create thumbnail.'));
2016-09-30 07:17:24 +00:00
}
2014-06-24 19:51:22 +00:00
addVideoOverlay($thumb_location);
$thumb_info = getimagesize($thumb_location);
$post['thumb_width'] = $thumb_info[0];
$post['thumb_height'] = $thumb_info[1];
$post['file_original'] = cleanString($embed['title']);
$post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']);
}
} else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($staffpost || !in_array('file', $hide_fields))) {
validateFileUpload();
$post = attachFile($post, $_FILES['file']['tmp_name'], $_FILES['file']['name'], true, $spoiler);
2009-09-20 02:53:15 +00:00
}
2014-06-24 19:51:22 +00:00
2009-09-20 02:53:15 +00:00
if ($post['file'] == '') { // No file uploaded
$file_ok = !empty($tinyib_uploads) && ($staffpost || !in_array('file', $hide_fields));
$embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staffpost || !in_array('embed', $hide_fields));
2020-10-22 16:05:49 +00:00
$allowed = '';
if ($file_ok && $embed_ok) {
$allowed = __('upload a file or embed a URL');
} else if ($file_ok) {
$allowed = __('upload a file');
} else if ($embed_ok) {
$allowed = __('embed a URL');
}
if ($post['parent'] == TINYIB_NEWTHREAD && $allowed != "" && !TINYIB_NOFILEOK) {
2020-10-22 16:05:49 +00:00
fancyDie(sprintf(__('Please %s to start a new thread.'), $allowed));
2009-09-20 02:53:15 +00:00
}
if (!$staffpost && str_replace('<br>', '', $post['message']) == "") {
2020-10-22 16:05:49 +00:00
$message_ok = !in_array('message', $hide_fields);
if ($message_ok) {
if ($allowed != '') {
fancyDie(sprintf(__('Please enter a message and/or %s.'), $allowed));
}
fancyDie(__('Please enter a message.'));
}
2020-10-22 16:05:49 +00:00
fancyDie(sprintf(__('Please %s.'), $allowed));
2009-09-20 02:53:15 +00:00
}
}
2014-06-24 19:51:22 +00:00
if (!$loggedin && (($post['file'] != '' && TINYIB_REQMOD == 'files') || TINYIB_REQMOD == 'all')) {
$post['moderated'] = '0';
echo sprintf(__('Your %s will be shown <b>once it has been approved</b>.'), $post['parent'] == TINYIB_NEWTHREAD ? 'thread' : 'post') . '<br>';
$slow_redirect = true;
2010-11-10 10:12:11 +00:00
}
2014-06-24 19:51:22 +00:00
$post['id'] = insertPost($post);
if ($report_post) {
$report = array('ip' => $post['ip'], 'post' => $post['id']);
insertReport($report);
2021-05-06 02:55:18 +00:00
checkAutoHide($post);
}
if ($hide_post) {
approvePostByID($post['id'], 0);
}
if ($post['moderated'] == '1') {
2017-12-16 03:17:31 +00:00
if (TINYIB_ALWAYSNOKO || strtolower($post['email']) == 'noko') {
$redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id'];
}
trimThreads();
2014-06-24 19:51:22 +00:00
echo __('Updating thread...') . '<br>';
if ($post['parent'] != TINYIB_NEWTHREAD) {
rebuildThread($post['parent']);
2014-06-24 19:51:22 +00:00
if (strtolower($post['email']) != 'sage') {
if (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($post['parent']) <= TINYIB_MAXREPLIES) {
bumpThreadByID($post['parent']);
}
}
} else {
rebuildThread($post['id']);
2009-09-20 02:53:15 +00:00
}
2014-06-24 19:51:22 +00:00
echo __('Updating index...') . '<br>';
rebuildIndexes();
}
2021-04-10 03:38:10 +00:00
if ($staffpost) {
manageLogAction(__('Created staff post') . ' ' . postLink('&gt;&gt;' . $post['id']));
2021-04-10 03:38:10 +00:00
}
2021-05-07 07:11:13 +00:00
// Check if the request is to preview a post
} elseif (isset($_GET['preview']) && !isset($_GET['manage'])) {
$post = postByID(intval($_GET['preview']));
if (empty($post)) {
die(__('This post has been deleted'));
} else if ($post['moderated'] == 0 && !$isadmin) {
die(__('This post requires moderation before it can be displayed'));
}
$html = buildPost($post, isset($_GET['res']), true);
2021-05-07 07:11:13 +00:00
if (isset($_GET['res'])) {
$html = fixLinksInRes($html);
}
2021-05-07 07:11:13 +00:00
echo $html;
die();
2021-03-13 08:39:08 +00:00
// Check if the request is to auto-refresh a thread
} elseif (isset($_GET['posts']) && !isset($_GET['manage'])) {
if (TINYIB_AUTOREFRESH <= 0) {
fancyDie(__('Automatic refreshing is disabled.'));
}
$thread_id = intval($_GET['posts']);
$new_since = intval($_GET['since']);
if ($thread_id <= 0 || $new_since < 0) {
fancyDie('');
}
$json_posts = array();
$posts = postsInThreadByID($thread_id);
if ($new_since > 0) {
foreach ($posts as $i => $post) {
2021-03-13 08:39:08 +00:00
if ($post['id'] <= $new_since) {
continue;
}
$json_posts[$post['id']] = fixLinksInRes(buildPost($post, true));
}
}
2021-03-13 08:39:08 +00:00
echo json_encode($json_posts);
die();
2020-11-13 20:32:42 +00:00
// Check if the request is to report a post
} elseif (isset($_GET['report']) && !isset($_GET['manage'])) {
$lock = lockDatabase();
2020-11-13 20:32:42 +00:00
if (!TINYIB_REPORT) {
fancyDie(__('Reporting is disabled.'));
}
$post = postByID($_GET['report']);
if (!$post) {
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
}
2021-04-16 04:30:31 +00:00
if ($post['moderated'] == 2) {
fancyDie(__('Moderators have determined that post does not break any rules.'));
}
2021-04-14 05:54:27 +00:00
$report = reportByIP($post['id'], remoteAddress());
2020-11-13 20:32:42 +00:00
if (!empty($report)) {
fancyDie(__('You have already submitted a report for that post.'));
}
$go_back = 1;
if (TINYIB_REPORTCAPTCHA != '') {
if (isset($_GET['verify'])) {
checkCAPTCHA(TINYIB_REPORTCAPTCHA);
$go_back = 2;
} else {
if (TINYIB_REPORTCAPTCHA === 'hcaptcha') {
$captcha = '
<br>
<div style="min-height: 82px;">
<div class="h-captcha" data-sitekey="' . TINYIB_HCAPTCHA_SITE . '"></div>
</div><br><br>';
} else if (TINYIB_REPORTCAPTCHA === 'recaptcha') {
$captcha = '
<br>
<div style="min-height: 80px;">
<div class="g-recaptcha" data-sitekey="' . TINYIB_RECAPTCHA_SITE . '"></div>
<noscript>
<div>
<div style="width: 302px; height: 422px; position: relative;">
<div style="width: 302px; height: 422px; position: absolute;">
<iframe src="https://www.google.com/recaptcha/api/fallback?k=' . TINYIB_RECAPTCHA_SITE . '" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"></iframe>
</div>
</div>
<div style="width: 300px; height: 60px; border-style: none;bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;"></textarea>
</div>
</div>
</noscript>
</div><br><br>';
} else { // Simple CAPTCHA
$captcha = '
<br>
<input type="text" name="captcha" id="captcha" size="6" accesskey="c" autocomplete="off">&nbsp;&nbsp;' . __('(enter the text below)') . '<br>
<img id="captchaimage" src="inc/captcha.php" width="175" height="55" alt="CAPTCHA" onclick="javascript:reloadCAPTCHA()" style="margin-top: 5px;cursor: pointer;"><br><br>';
}
$txt_report = __('Please complete a CAPTCHA to submit your report');
$txt_submit = __('Submit');
$body = <<<EOF
<form id="tinyib" name="tinyib" method="post" action="?report={$post['id']}&verify">
<fieldset>
<legend align="center">$txt_report</legend>
<div class="login">
$captcha
<input type="submit" value="$txt_submit" class="managebutton">
</div>
</fieldset>
</form>
EOF;
echo pageHeader() . $body . pageFooter();
die();
}
}
2021-04-14 05:54:27 +00:00
$report = array('ip' => remoteAddress(), 'post' => $post['id']);
2020-11-13 20:32:42 +00:00
insertReport($report);
2021-05-06 02:55:18 +00:00
checkAutoHide($post);
2020-11-13 20:32:42 +00:00
fancyDie(__('Post reported.'), $go_back);
2009-09-20 02:53:15 +00:00
// Check if the request is to delete a post and/or its associated image
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
$lock = lockDatabase();
2014-06-24 19:51:22 +00:00
if (!isset($_POST['delete'])) {
fancyDie(__('Tick the box next to a post and click "Delete" to delete it.'));
2014-06-24 19:51:22 +00:00
}
2011-09-06 06:53:37 +00:00
if (TINYIB_DBMIGRATE) {
fancyDie(__('Post deletion is currently disabled.<br>Please try again in a few moments.'));
}
2021-04-18 08:10:52 +00:00
$post_ids = array();
if (is_array($_POST['delete'])) {
$post_ids = $_POST['delete'];
} else {
$post_ids = array($_POST['delete']);
}
2014-06-24 19:51:22 +00:00
2021-04-18 08:10:52 +00:00
list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
if (!empty($account)) {
// Redirect to post moderation page
echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . implode(',', $post_ids) . '">';
die();
}