2009-09-20 02:53:15 +00:00
|
|
|
<?php
|
2020-08-11 20:04:09 +00:00
|
|
|
/*
|
2020-08-12 16:28:41 +00:00
|
|
|
TinyIB
|
2023-09-24 23:29:34 +00:00
|
|
|
https://code.rocket9labs.com/tslocum/tinyib
|
2020-08-11 20:04:09 +00:00
|
|
|
|
|
|
|
MIT License
|
|
|
|
|
2023-09-24 23:29:34 +00:00
|
|
|
Copyright (c) 2020 Trevor Slocum <trevor@rocket9labs.com>
|
2020-08-11 20:04:09 +00:00
|
|
|
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
of this software and associated documentation files (the "Software"), to deal
|
|
|
|
in the Software without restriction, including without limitation the rights
|
|
|
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
copies of the Software, and to permit persons to whom the Software is
|
|
|
|
furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
The above copyright notice and this permission notice shall be included in all
|
|
|
|
copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
SOFTWARE.
|
|
|
|
*/
|
2020-10-08 18:02:25 +00:00
|
|
|
|
2009-09-20 02:53:15 +00:00
|
|
|
error_reporting(E_ALL);
|
|
|
|
ini_set("display_errors", 1);
|
|
|
|
session_start();
|
2015-10-28 04:37:16 +00:00
|
|
|
setcookie(session_name(), session_id(), time() + 2592000);
|
2012-12-28 07:00:14 +00:00
|
|
|
ob_implicit_flush();
|
2021-04-04 20:01:56 +00:00
|
|
|
while (ob_get_level() > 0) {
|
|
|
|
ob_end_flush();
|
2014-11-04 23:53:06 +00:00
|
|
|
}
|
2009-09-20 02:53:15 +00:00
|
|
|
|
2021-04-18 08:10:52 +00:00
|
|
|
function fancyDie($message, $go_back = 1) {
|
2021-04-16 04:30:31 +00:00
|
|
|
$go_back_text = 'Click here to go back';
|
2020-10-22 16:05:49 +00:00
|
|
|
if (function_exists('__')) {
|
2021-04-16 04:30:31 +00:00
|
|
|
$go_back_text = __('Click here to go back');
|
2020-10-22 16:05:49 +00:00
|
|
|
}
|
2021-04-16 04:30:31 +00:00
|
|
|
die('<body text="#800000" bgcolor="#FFFFEE" align="center"><br><div style="display: inline-block; background-color: #F0E0D6;font-size: 1.25em;font-family: Tahoma, Geneva, sans-serif;padding: 7px;border: 1px solid #D9BFB7;border-left: none;border-top: none;">' . $message . '</div><br><br>- <a href="javascript:history.go(-' . $go_back . ')">' . $go_back_text . '</a> -</body>');
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
2010-11-30 00:24:15 +00:00
|
|
|
if (!file_exists('settings.php')) {
|
2016-09-24 03:59:09 +00:00
|
|
|
fancyDie('Please copy the file settings.default.php to settings.php');
|
2010-11-30 00:24:15 +00:00
|
|
|
}
|
|
|
|
require 'settings.php';
|
2020-11-13 20:36:02 +00:00
|
|
|
require 'inc/defines.php';
|
2021-04-04 20:01:56 +00:00
|
|
|
global $tinyib_capcodes, $tinyib_embeds, $tinyib_hidefields, $tinyib_hidefieldsop;
|
2010-11-30 00:24:15 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
if (!defined('TINYIB_LOCALE') || TINYIB_LOCALE == '') {
|
2021-04-15 03:35:25 +00:00
|
|
|
function __($string) {
|
2020-08-28 23:20:22 +00:00
|
|
|
return $string;
|
|
|
|
}
|
2020-09-01 03:51:14 +00:00
|
|
|
} else {
|
2022-03-11 04:36:18 +00:00
|
|
|
require 'inc/gettext.php';
|
2020-08-28 23:20:22 +00:00
|
|
|
}
|
|
|
|
|
2021-07-09 07:22:02 +00:00
|
|
|
if ((TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_REPLYCAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') && (TINYIB_HCAPTCHA_SITE == '' || TINYIB_HCAPTCHA_SECRET == '')) {
|
2021-04-04 20:01:56 +00:00
|
|
|
fancyDie(__('TINYIB_HCAPTCHA_SITE and TINYIB_HCAPTCHA_SECRET must be configured.'));
|
|
|
|
}
|
|
|
|
|
2021-07-09 07:22:02 +00:00
|
|
|
if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_REPLYCAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
|
2021-04-04 20:01:56 +00:00
|
|
|
fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.'));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (TINYIB_TIMEZONE != '') {
|
|
|
|
date_default_timezone_set(TINYIB_TIMEZONE);
|
|
|
|
}
|
|
|
|
|
2021-05-18 05:37:19 +00:00
|
|
|
if (TINYIB_TRIPSEED == '') {
|
2021-08-05 18:20:51 +00:00
|
|
|
fancyDie(__('TINYIB_TRIPSEED must be configured.'));
|
2021-05-18 05:37:19 +00:00
|
|
|
}
|
|
|
|
|
2021-04-04 20:01:56 +00:00
|
|
|
$bcrypt_salt = '$2y$12$' . str_pad(str_replace('=', '/', str_replace('+', '.', substr(base64_encode(TINYIB_TRIPSEED), 0, 22))), 22, '/');
|
|
|
|
|
2020-10-14 16:37:15 +00:00
|
|
|
$database_modes = array('flatfile', 'mysql', 'mysqli', 'sqlite', 'sqlite3', 'pdo');
|
|
|
|
if (!in_array(TINYIB_DBMODE, $database_modes)) {
|
|
|
|
fancyDie(__('Unknown database mode specified.'));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
|
2021-04-04 20:01:56 +00:00
|
|
|
$accounts_sql = 'CREATE TABLE "' . TINYIB_DBACCOUNTS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"username" varchar(255) NOT NULL,
|
|
|
|
"password" text NOT NULL,
|
|
|
|
"role" integer NOT NULL,
|
|
|
|
"lastactive" integer NOT NULL,
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);';
|
|
|
|
|
|
|
|
$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"ip" varchar(255) NOT NULL,
|
|
|
|
"timestamp" integer NOT NULL,
|
|
|
|
"expire" integer NOT NULL,
|
|
|
|
"reason" text NOT NULL,
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
|
|
|
|
|
|
|
|
$keywords_sql = 'CREATE TABLE "' . TINYIB_DBKEYWORDS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"text" varchar(255) NOT NULL,
|
|
|
|
"action" varchar(255) NOT NULL,
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);';
|
|
|
|
|
|
|
|
$logs_sql = 'CREATE TABLE "' . TINYIB_DBLOGS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"timestamp" integer NOT NULL,
|
|
|
|
"account" integer NOT NULL,
|
|
|
|
"message" text NOT NULL,
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBLOGS . '"("account");';
|
|
|
|
|
2020-10-14 16:37:15 +00:00
|
|
|
$posts_sql = 'CREATE TABLE "' . TINYIB_DBPOSTS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"parent" integer NOT NULL,
|
|
|
|
"timestamp" integer NOT NULL,
|
|
|
|
"bumped" integer NOT NULL,
|
2020-11-13 20:32:42 +00:00
|
|
|
"ip" varchar(255) NOT NULL,
|
2020-10-14 16:37:15 +00:00
|
|
|
"name" varchar(75) NOT NULL,
|
2020-11-28 18:32:40 +00:00
|
|
|
"tripcode" varchar(24) NOT NULL,
|
2020-10-14 16:37:15 +00:00
|
|
|
"email" varchar(75) NOT NULL,
|
|
|
|
"nameblock" varchar(255) NOT NULL,
|
|
|
|
"subject" varchar(75) NOT NULL,
|
|
|
|
"message" text NOT NULL,
|
|
|
|
"password" varchar(255) NOT NULL,
|
|
|
|
"file" text NOT NULL,
|
|
|
|
"file_hex" varchar(75) NOT NULL,
|
|
|
|
"file_original" varchar(255) NOT NULL,
|
|
|
|
"file_size" integer NOT NULL default \'0\',
|
|
|
|
"file_size_formatted" varchar(75) NOT NULL,
|
|
|
|
"image_width" smallint NOT NULL default \'0\',
|
|
|
|
"image_height" smallint NOT NULL default \'0\',
|
|
|
|
"thumb" varchar(255) NOT NULL,
|
|
|
|
"thumb_width" smallint NOT NULL default \'0\',
|
|
|
|
"thumb_height" smallint NOT NULL default \'0\',
|
|
|
|
"moderated" smallint NOT NULL default \'1\',
|
|
|
|
"stickied" smallint NOT NULL default \'0\',
|
|
|
|
"locked" smallint NOT NULL default \'0\',
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("parent");
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("bumped");
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("stickied");
|
|
|
|
CREATE INDEX ON "' . TINYIB_DBPOSTS . '"("moderated");';
|
|
|
|
|
2020-11-13 20:32:42 +00:00
|
|
|
$reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
|
|
|
|
"id" bigserial NOT NULL,
|
|
|
|
"ip" varchar(255) NOT NULL,
|
|
|
|
"post" integer NOT NULL,
|
|
|
|
PRIMARY KEY ("id")
|
|
|
|
);';
|
2020-10-14 16:37:15 +00:00
|
|
|
} else {
|
2021-04-04 20:01:56 +00:00
|
|
|
$accounts_sql = "CREATE TABLE `" . TINYIB_DBACCOUNTS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
|
|
|
`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`password` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`role` mediumint(7) unsigned NOT NULL,
|
|
|
|
`lastactive` int(20) unsigned NOT NULL,
|
|
|
|
PRIMARY KEY (`id`)
|
|
|
|
)";
|
|
|
|
|
|
|
|
$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
|
|
|
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`timestamp` int(20) NOT NULL,
|
|
|
|
`expire` int(20) NOT NULL,
|
|
|
|
`reason` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
PRIMARY KEY (`id`),
|
|
|
|
KEY `ip` (`ip`)
|
|
|
|
)";
|
|
|
|
|
|
|
|
$keywords_sql = "CREATE TABLE `" . TINYIB_DBKEYWORDS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
|
|
|
`text` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`action` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
PRIMARY KEY (`id`)
|
|
|
|
)";
|
|
|
|
|
|
|
|
$logs_sql = "CREATE TABLE `" . TINYIB_DBLOGS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
|
|
|
`timestamp` int(20),
|
|
|
|
`account` mediumint(7) unsigned NOT NULL,
|
|
|
|
`message` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
PRIMARY KEY (`id`),
|
|
|
|
KEY `account` (`account`)
|
|
|
|
)";
|
|
|
|
|
2020-10-14 16:37:15 +00:00
|
|
|
$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
|
|
|
`parent` mediumint(7) unsigned NOT NULL,
|
|
|
|
`timestamp` int(20) NOT NULL,
|
|
|
|
`bumped` int(20) NOT NULL,
|
2021-03-17 02:18:31 +00:00
|
|
|
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`name` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`tripcode` varchar(24) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`email` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`nameblock` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`subject` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`message` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`file` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`file_hex` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
|
|
|
`file_original` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
2020-10-14 16:37:15 +00:00
|
|
|
`file_size` int(20) unsigned NOT NULL default '0',
|
2021-03-17 02:18:31 +00:00
|
|
|
`file_size_formatted` varchar(75) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
2020-10-14 16:37:15 +00:00
|
|
|
`image_width` smallint(5) unsigned NOT NULL default '0',
|
|
|
|
`image_height` smallint(5) unsigned NOT NULL default '0',
|
2021-03-17 02:18:31 +00:00
|
|
|
`thumb` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
2020-10-14 16:37:15 +00:00
|
|
|
`thumb_width` smallint(5) unsigned NOT NULL default '0',
|
|
|
|
`thumb_height` smallint(5) unsigned NOT NULL default '0',
|
|
|
|
`stickied` tinyint(1) NOT NULL default '0',
|
|
|
|
`moderated` tinyint(1) NOT NULL default '1',
|
|
|
|
PRIMARY KEY (`id`),
|
|
|
|
KEY `parent` (`parent`),
|
|
|
|
KEY `bumped` (`bumped`),
|
|
|
|
KEY `stickied` (`stickied`),
|
|
|
|
KEY `moderated` (`moderated`)
|
|
|
|
)";
|
|
|
|
|
2020-11-13 20:32:42 +00:00
|
|
|
$reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
|
|
|
|
`id` mediumint(7) unsigned NOT NULL auto_increment,
|
2021-03-17 02:18:31 +00:00
|
|
|
`ip` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
|
2020-11-13 20:32:42 +00:00
|
|
|
`post` int(20) NOT NULL,
|
|
|
|
PRIMARY KEY (`id`)
|
|
|
|
)";
|
2020-10-14 16:37:15 +00:00
|
|
|
}
|
|
|
|
|
2009-09-20 02:53:15 +00:00
|
|
|
// Check directories are writable by the script
|
2020-10-14 16:37:15 +00:00
|
|
|
$writedirs = array('res', 'src', 'thumb');
|
2014-06-24 19:51:22 +00:00
|
|
|
if (TINYIB_DBMODE == 'flatfile') {
|
2020-10-14 16:37:15 +00:00
|
|
|
$writedirs[] = 'inc/database/flatfile';
|
2014-06-24 19:51:22 +00:00
|
|
|
}
|
2009-09-20 02:53:15 +00:00
|
|
|
foreach ($writedirs as $dir) {
|
|
|
|
if (!is_writable($dir)) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(sprintf(__("Directory '%s' can not be written to. Please modify its permissions."), $dir));
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-04 20:01:56 +00:00
|
|
|
$includes = array('inc/functions.php', 'inc/html.php', 'inc/database/' . TINYIB_DBMODE . '_link.php', 'inc/database/' . TINYIB_DBMODE . '.php', 'inc/database/database.php');
|
2009-09-20 02:53:15 +00:00
|
|
|
foreach ($includes as $include) {
|
2020-10-14 16:37:15 +00:00
|
|
|
require $include;
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
|
2021-04-14 05:44:03 +00:00
|
|
|
list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
|
|
|
|
|
|
|
|
if (!$loggedin) {
|
|
|
|
checkBanned();
|
|
|
|
}
|
|
|
|
|
2009-09-20 02:53:15 +00:00
|
|
|
$redirect = true;
|
|
|
|
// Check if the request is to make a post
|
2018-08-01 18:15:02 +00:00
|
|
|
if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
|
2022-04-08 21:55:02 +00:00
|
|
|
$lock = lockDatabase();
|
|
|
|
|
2014-07-20 19:12:00 +00:00
|
|
|
if (TINYIB_DBMIGRATE) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
|
2014-07-20 19:12:00 +00:00
|
|
|
}
|
|
|
|
|
2021-06-07 02:42:09 +00:00
|
|
|
$staffpost = isStaffPost();
|
|
|
|
$capcode = '';
|
|
|
|
if (!$staffpost) {
|
2021-01-28 23:03:30 +00:00
|
|
|
checkMessageSize();
|
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2011-08-07 07:24:39 +00:00
|
|
|
$post = newPost(setParent());
|
2021-01-31 08:09:51 +00:00
|
|
|
|
2021-07-09 07:22:02 +00:00
|
|
|
if (!$loggedin) {
|
|
|
|
checkCAPTCHA($post['parent'] == TINYIB_NEWTHREAD ? TINYIB_CAPTCHA : TINYIB_REPLYCAPTCHA);
|
|
|
|
checkFlood();
|
|
|
|
}
|
|
|
|
|
2021-01-28 23:24:35 +00:00
|
|
|
if (!$loggedin) {
|
|
|
|
if ($post['parent'] == TINYIB_NEWTHREAD && TINYIB_DISALLOWTHREADS != '') {
|
|
|
|
fancyDie(TINYIB_DISALLOWTHREADS);
|
|
|
|
} else if ($post['parent'] != TINYIB_NEWTHREAD && TINYIB_DISALLOWREPLIES != '') {
|
|
|
|
fancyDie(TINYIB_DISALLOWREPLIES);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-12 21:47:13 +00:00
|
|
|
$hide_fields = $post['parent'] == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields;
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2020-07-31 23:16:37 +00:00
|
|
|
if ($post['parent'] != TINYIB_NEWTHREAD && !$loggedin) {
|
|
|
|
$parent = postByID($post['parent']);
|
|
|
|
if (!isset($parent['locked'])) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Invalid parent thread ID supplied, unable to create post.'));
|
2020-07-31 23:16:37 +00:00
|
|
|
} else if ($parent['locked'] == 1) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Replies are not allowed to locked threads.'));
|
2020-07-31 23:16:37 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-31 08:09:51 +00:00
|
|
|
if ($post['name'] == '' && $post['tripcode'] == '') {
|
|
|
|
global $tinyib_anonymous;
|
|
|
|
$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
|
|
|
|
}
|
|
|
|
|
2021-04-14 05:54:27 +00:00
|
|
|
$post['ip'] = remoteAddress();
|
2021-01-31 08:09:51 +00:00
|
|
|
|
2021-05-08 06:16:43 +00:00
|
|
|
$spoiler = TINYIB_SPOILERIMAGE && isset($_POST['spoiler']);
|
|
|
|
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost || !in_array('name', $hide_fields)) {
|
2018-08-01 17:05:25 +00:00
|
|
|
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
|
2023-10-06 20:25:08 +00:00
|
|
|
if (TINYIB_MAXNAME > 0) {
|
2023-10-12 04:37:08 +00:00
|
|
|
$post['name'] = _substr($post['name'], 0, TINYIB_MAXNAME);
|
2021-01-28 23:03:30 +00:00
|
|
|
}
|
2023-10-06 20:25:08 +00:00
|
|
|
$post['name'] = cleanString($post['name']);
|
2018-08-01 17:05:25 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost || !in_array('email', $hide_fields)) {
|
2023-10-06 20:25:08 +00:00
|
|
|
$post['email'] = $_POST['email'];
|
|
|
|
if (TINYIB_MAXEMAIL > 0) {
|
2023-10-12 04:37:08 +00:00
|
|
|
$post['email'] = _substr($post['email'], 0, TINYIB_MAXEMAIL);
|
2021-01-28 23:03:30 +00:00
|
|
|
}
|
2023-10-06 20:25:08 +00:00
|
|
|
$post['email'] = cleanString(str_replace('"', '"', $post['email']));
|
2018-08-01 17:05:25 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost) {
|
|
|
|
$capcode = ($isadmin) ? ' <span style="color: ' . $tinyib_capcodes[0][1] . ' ;">## ' . $tinyib_capcodes[0][0] . '</span>' : ' <span style="color: ' . $tinyib_capcodes[1][1] . ';">## ' . $tinyib_capcodes[1][0] . '</span>';
|
|
|
|
}
|
|
|
|
if ($staffpost || !in_array('subject', $hide_fields)) {
|
2023-10-06 20:25:08 +00:00
|
|
|
$post['subject'] = $_POST['subject'];
|
|
|
|
if (TINYIB_MAXSUBJECT > 0) {
|
2023-10-12 04:37:08 +00:00
|
|
|
$post['subject'] = _substr($post['subject'], 0, TINYIB_MAXSUBJECT);
|
2021-01-28 23:03:30 +00:00
|
|
|
}
|
2023-10-06 20:25:08 +00:00
|
|
|
$post['subject'] = cleanString($post['subject']);
|
2018-08-01 17:05:25 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost || !in_array('message', $hide_fields)) {
|
2018-08-01 17:05:25 +00:00
|
|
|
$post['message'] = $_POST['message'];
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost && isset($_POST['raw'])) {
|
2018-08-01 17:05:25 +00:00
|
|
|
// Treat message as raw HTML
|
|
|
|
} else {
|
|
|
|
if (TINYIB_WORDBREAK > 0) {
|
2023-09-24 21:17:24 +00:00
|
|
|
$post['message'] = preg_replace('/([^\s]{' . TINYIB_WORDBREAK . '})(?=[^\s])/u', '$1' . TINYIB_WORDBREAK_IDENTIFIER, $post['message']);
|
2018-08-01 17:05:25 +00:00
|
|
|
}
|
|
|
|
$post['message'] = str_replace("\n", '<br>', makeLinksClickable(colorQuote(postLink(cleanString(rtrim($post['message']))))));
|
2021-05-08 06:02:07 +00:00
|
|
|
|
|
|
|
if (TINYIB_SPOILERTEXT) {
|
|
|
|
$post['message'] = preg_replace('/<s>(.*?)<\/s>/i', '<span class="spoiler">$1</span>', $post['message']);
|
|
|
|
$post['message'] = preg_replace('/<spoiler>(.*?)<\/spoiler>/i', '<span class="spoiler">$1</span>', $post['message']);
|
|
|
|
$post['message'] = preg_replace('/<spoilers>(.*?)<\/spoilers>/i', '<span class="spoiler">$1</span>', $post['message']);
|
|
|
|
}
|
|
|
|
|
2018-08-01 17:05:25 +00:00
|
|
|
if (TINYIB_WORDBREAK > 0) {
|
|
|
|
$post['message'] = finishWordBreak($post['message']);
|
|
|
|
}
|
2018-07-24 23:46:58 +00:00
|
|
|
}
|
2010-06-22 09:26:45 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost || !in_array('password', $hide_fields)) {
|
2020-11-13 20:32:42 +00:00
|
|
|
$post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
|
2018-08-01 17:05:25 +00:00
|
|
|
}
|
2020-11-23 20:44:02 +00:00
|
|
|
|
2021-05-06 05:24:07 +00:00
|
|
|
$hide_post = false;
|
2020-11-23 20:44:02 +00:00
|
|
|
$report_post = false;
|
|
|
|
foreach (array($post['name'], $post['email'], $post['subject'], $post['message']) as $field) {
|
|
|
|
$keyword = checkKeywords($field);
|
|
|
|
if (empty($keyword)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
$expire = -1;
|
|
|
|
switch ($keyword['action']) {
|
|
|
|
case 'report':
|
|
|
|
$report_post = true;
|
|
|
|
break;
|
2021-05-06 05:24:07 +00:00
|
|
|
case 'hide':
|
|
|
|
$hide_post = true;
|
|
|
|
break;
|
2020-11-23 20:44:02 +00:00
|
|
|
case 'delete':
|
|
|
|
fancyDie(__('Your post contains a blocked keyword.'));
|
|
|
|
case 'ban0':
|
|
|
|
$expire = 0;
|
|
|
|
break;
|
|
|
|
case 'ban1h':
|
|
|
|
$expire = 3600;
|
|
|
|
break;
|
|
|
|
case 'ban1d':
|
|
|
|
$expire = 86400;
|
|
|
|
break;
|
|
|
|
case 'ban2d':
|
|
|
|
$expire = 172800;
|
|
|
|
break;
|
|
|
|
case 'ban1w':
|
|
|
|
$expire = 604800;
|
|
|
|
break;
|
|
|
|
case 'ban2w':
|
|
|
|
$expire = 1209600;
|
|
|
|
break;
|
|
|
|
case 'ban1m':
|
|
|
|
$expire = 2592000;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if ($expire >= 0) {
|
|
|
|
$ban = array();
|
|
|
|
$ban['ip'] = $post['ip'];
|
|
|
|
$ban['expire'] = $expire > 0 ? (time() + $expire) : 0;
|
2021-08-05 18:20:51 +00:00
|
|
|
$ban['reason'] = __('Keyword') . ': ' . $keyword['text'];
|
2020-11-23 20:44:02 +00:00
|
|
|
insertBan($ban);
|
|
|
|
|
2021-08-05 18:20:51 +00:00
|
|
|
if ($ban['expire'] > 0) {
|
2022-03-16 18:03:05 +00:00
|
|
|
$bannedText = sprintf(__('Your IP address (%1$s) is banned until %2$s.'), remoteAddress(), formatDate($ban['expire']));
|
2021-08-05 18:20:51 +00:00
|
|
|
} else {
|
|
|
|
$bannedText = sprintf(__('Your IP address (%s) is permanently banned.'), remoteAddress());
|
|
|
|
}
|
|
|
|
if ($ban['reason'] != '') {
|
|
|
|
$bannedText .= '<br>' . __('Reason') . ': ' . $ban['reason'];
|
|
|
|
}
|
|
|
|
fancyDie($bannedText);
|
2020-11-23 20:44:02 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2021-06-07 02:42:09 +00:00
|
|
|
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $capcode);
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2021-06-07 02:42:09 +00:00
|
|
|
if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($staffpost || !in_array('embed', $hide_fields))) {
|
2018-08-01 17:12:57 +00:00
|
|
|
if (isset($_FILES['file']) && $_FILES['file']['name'] != "") {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Embedding a URL and uploading a file at the same time is not supported.'));
|
2018-08-01 17:12:57 +00:00
|
|
|
}
|
|
|
|
|
2015-08-07 07:01:18 +00:00
|
|
|
list($service, $embed) = getEmbed(trim($_POST['embed']));
|
|
|
|
if (empty($embed) || !isset($embed['html']) || !isset($embed['title']) || !isset($embed['thumbnail_url'])) {
|
2020-10-08 18:02:25 +00:00
|
|
|
if (!TINYIB_UPLOADVIAURL) {
|
|
|
|
fancyDie(sprintf(__('Invalid embed URL. Only %s URLs are supported.'), implode('/', array_keys($tinyib_embeds))));
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
2020-12-01 01:25:48 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
$headers = get_headers(trim($_POST['embed']), true);
|
2020-12-01 01:25:48 +00:00
|
|
|
if (TINYIB_MAXKB > 0 && isset($headers['Content-Length']) && intval($headers['Content-Length']) > (TINYIB_MAXKB * 1024)) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
|
2011-08-07 07:24:39 +00:00
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
$data = url_get_contents(trim($_POST['embed']));
|
|
|
|
if (strlen($data) == 0) {
|
|
|
|
fancyDie(__('Failed to download file at specified URL.'));
|
2014-06-24 19:51:22 +00:00
|
|
|
}
|
|
|
|
|
2020-12-01 01:25:48 +00:00
|
|
|
if (TINYIB_MAXKB > 0 && strlen($data) > (TINYIB_MAXKB * 1024)) {
|
|
|
|
fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
|
|
|
|
}
|
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
$filepath = 'src/' . time() . substr(microtime(), 2, 3) . rand(1000, 9999) . '.txt';
|
|
|
|
if (!file_put_contents($filepath, $data)) {
|
|
|
|
@unlink($filepath);
|
|
|
|
fancyDie(__('Failed to download file at specified URL.'));
|
2016-09-30 07:17:24 +00:00
|
|
|
}
|
|
|
|
|
2021-05-08 06:16:43 +00:00
|
|
|
$post = attachFile($post, $filepath, basename(parse_url(trim($_POST['embed']), PHP_URL_PATH)), false, $spoiler);
|
2020-10-08 18:02:25 +00:00
|
|
|
} else {
|
|
|
|
$post['file_hex'] = $service;
|
|
|
|
$temp_file = time() . substr(microtime(), 2, 3);
|
|
|
|
$file_location = "thumb/" . $temp_file;
|
|
|
|
file_put_contents($file_location, url_get_contents($embed['thumbnail_url']));
|
|
|
|
|
|
|
|
$file_info = getimagesize($file_location);
|
|
|
|
$file_mime = mime_content_type($file_location);
|
|
|
|
$post['image_width'] = $file_info[0];
|
|
|
|
$post['image_height'] = $file_info[1];
|
|
|
|
|
|
|
|
if ($file_mime == "image/jpeg") {
|
|
|
|
$post['thumb'] = $temp_file . '.jpg';
|
|
|
|
} else if ($file_mime == "image/gif") {
|
|
|
|
$post['thumb'] = $temp_file . '.gif';
|
|
|
|
} else if ($file_mime == "image/png") {
|
|
|
|
$post['thumb'] = $temp_file . '.png';
|
|
|
|
} else {
|
|
|
|
fancyDie(__('Error while processing audio/video.'));
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
2020-10-08 18:02:25 +00:00
|
|
|
$thumb_location = "thumb/" . $post['thumb'];
|
2009-09-20 02:53:15 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post);
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2021-05-08 06:16:43 +00:00
|
|
|
if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight, $spoiler)) {
|
2020-10-08 18:02:25 +00:00
|
|
|
fancyDie(__('Could not create thumbnail.'));
|
2016-09-30 07:17:24 +00:00
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
addVideoOverlay($thumb_location);
|
2014-07-05 19:27:18 +00:00
|
|
|
|
2020-10-08 18:02:25 +00:00
|
|
|
$thumb_info = getimagesize($thumb_location);
|
|
|
|
$post['thumb_width'] = $thumb_info[0];
|
|
|
|
$post['thumb_height'] = $thumb_info[1];
|
|
|
|
|
|
|
|
$post['file_original'] = cleanString($embed['title']);
|
|
|
|
$post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']);
|
2009-11-03 07:26:00 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
} else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($staffpost || !in_array('file', $hide_fields))) {
|
2020-10-08 18:02:25 +00:00
|
|
|
validateFileUpload();
|
|
|
|
|
2021-05-08 06:16:43 +00:00
|
|
|
$post = attachFile($post, $_FILES['file']['tmp_name'], $_FILES['file']['name'], true, $spoiler);
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2009-09-20 02:53:15 +00:00
|
|
|
if ($post['file'] == '') { // No file uploaded
|
2021-06-07 02:42:09 +00:00
|
|
|
$file_ok = !empty($tinyib_uploads) && ($staffpost || !in_array('file', $hide_fields));
|
|
|
|
$embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staffpost || !in_array('embed', $hide_fields));
|
2020-10-22 16:05:49 +00:00
|
|
|
$allowed = '';
|
|
|
|
if ($file_ok && $embed_ok) {
|
|
|
|
$allowed = __('upload a file or embed a URL');
|
|
|
|
} else if ($file_ok) {
|
|
|
|
$allowed = __('upload a file');
|
|
|
|
} else if ($embed_ok) {
|
|
|
|
$allowed = __('embed a URL');
|
2015-08-07 07:01:18 +00:00
|
|
|
}
|
|
|
|
if ($post['parent'] == TINYIB_NEWTHREAD && $allowed != "" && !TINYIB_NOFILEOK) {
|
2020-10-22 16:05:49 +00:00
|
|
|
fancyDie(sprintf(__('Please %s to start a new thread.'), $allowed));
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
2021-06-07 02:42:09 +00:00
|
|
|
if (!$staffpost && str_replace('<br>', '', $post['message']) == "") {
|
2020-10-22 16:05:49 +00:00
|
|
|
$message_ok = !in_array('message', $hide_fields);
|
|
|
|
if ($message_ok) {
|
|
|
|
if ($allowed != '') {
|
|
|
|
fancyDie(sprintf(__('Please enter a message and/or %s.'), $allowed));
|
|
|
|
}
|
|
|
|
fancyDie(__('Please enter a message.'));
|
2018-08-01 18:15:02 +00:00
|
|
|
}
|
2020-10-22 16:05:49 +00:00
|
|
|
fancyDie(sprintf(__('Please %s.'), $allowed));
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2014-10-17 01:12:52 +00:00
|
|
|
if (!$loggedin && (($post['file'] != '' && TINYIB_REQMOD == 'files') || TINYIB_REQMOD == 'all')) {
|
|
|
|
$post['moderated'] = '0';
|
2020-09-01 03:51:14 +00:00
|
|
|
echo sprintf(__('Your %s will be shown <b>once it has been approved</b>.'), $post['parent'] == TINYIB_NEWTHREAD ? 'thread' : 'post') . '<br>';
|
2014-10-17 01:12:52 +00:00
|
|
|
$slow_redirect = true;
|
2010-11-10 10:12:11 +00:00
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2014-10-17 01:12:52 +00:00
|
|
|
$post['id'] = insertPost($post);
|
|
|
|
|
2020-11-23 20:44:02 +00:00
|
|
|
if ($report_post) {
|
|
|
|
$report = array('ip' => $post['ip'], 'post' => $post['id']);
|
|
|
|
insertReport($report);
|
2021-05-06 02:55:18 +00:00
|
|
|
checkAutoHide($post);
|
2020-11-23 20:44:02 +00:00
|
|
|
}
|
|
|
|
|
2021-05-06 05:24:07 +00:00
|
|
|
if ($hide_post) {
|
|
|
|
approvePostByID($post['id'], 0);
|
|
|
|
}
|
|
|
|
|
2014-10-17 01:12:52 +00:00
|
|
|
if ($post['moderated'] == '1') {
|
2017-12-16 03:17:31 +00:00
|
|
|
if (TINYIB_ALWAYSNOKO || strtolower($post['email']) == 'noko') {
|
2014-10-17 01:12:52 +00:00
|
|
|
$redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id'];
|
|
|
|
}
|
|
|
|
|
|
|
|
trimThreads();
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2020-09-01 03:51:14 +00:00
|
|
|
echo __('Updating thread...') . '<br>';
|
2014-10-17 01:12:52 +00:00
|
|
|
if ($post['parent'] != TINYIB_NEWTHREAD) {
|
|
|
|
rebuildThread($post['parent']);
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2014-10-17 01:12:52 +00:00
|
|
|
if (strtolower($post['email']) != 'sage') {
|
|
|
|
if (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($post['parent']) <= TINYIB_MAXREPLIES) {
|
|
|
|
bumpThreadByID($post['parent']);
|
|
|
|
}
|
2013-04-16 02:50:52 +00:00
|
|
|
}
|
2014-10-17 01:12:52 +00:00
|
|
|
} else {
|
|
|
|
rebuildThread($post['id']);
|
2009-09-20 02:53:15 +00:00
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2020-09-01 03:51:14 +00:00
|
|
|
echo __('Updating index...') . '<br>';
|
2014-10-17 01:12:52 +00:00
|
|
|
rebuildIndexes();
|
|
|
|
}
|
2021-04-10 03:38:10 +00:00
|
|
|
|
2021-06-07 02:42:09 +00:00
|
|
|
if ($staffpost) {
|
|
|
|
manageLogAction(__('Created staff post') . ' ' . postLink('>>' . $post['id']));
|
2021-04-10 03:38:10 +00:00
|
|
|
}
|
2021-05-07 07:11:13 +00:00
|
|
|
// Check if the request is to preview a post
|
|
|
|
} elseif (isset($_GET['preview']) && !isset($_GET['manage'])) {
|
|
|
|
$post = postByID(intval($_GET['preview']));
|
|
|
|
if (empty($post)) {
|
|
|
|
die(__('This post has been deleted'));
|
|
|
|
} else if ($post['moderated'] == 0 && !$isadmin) {
|
|
|
|
die(__('This post requires moderation before it can be displayed'));
|
|
|
|
}
|
|
|
|
|
2021-06-03 06:04:59 +00:00
|
|
|
$html = buildPost($post, isset($_GET['res']), true);
|
2021-05-07 07:11:13 +00:00
|
|
|
if (isset($_GET['res'])) {
|
|
|
|
$html = fixLinksInRes($html);
|
|
|
|
}
|
2021-06-11 07:31:40 +00:00
|
|
|
|
2021-05-07 07:11:13 +00:00
|
|
|
echo $html;
|
|
|
|
die();
|
2021-03-13 08:39:08 +00:00
|
|
|
// Check if the request is to auto-refresh a thread
|
|
|
|
} elseif (isset($_GET['posts']) && !isset($_GET['manage'])) {
|
|
|
|
if (TINYIB_AUTOREFRESH <= 0) {
|
|
|
|
fancyDie(__('Automatic refreshing is disabled.'));
|
|
|
|
}
|
|
|
|
|
|
|
|
$thread_id = intval($_GET['posts']);
|
|
|
|
$new_since = intval($_GET['since']);
|
|
|
|
if ($thread_id <= 0 || $new_since < 0) {
|
|
|
|
fancyDie('');
|
|
|
|
}
|
|
|
|
|
|
|
|
$json_posts = array();
|
|
|
|
$posts = postsInThreadByID($thread_id);
|
|
|
|
if ($new_since > 0) {
|
2021-04-04 20:01:56 +00:00
|
|
|
foreach ($posts as $i => $post) {
|
2021-03-13 08:39:08 +00:00
|
|
|
if ($post['id'] <= $new_since) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$json_posts[$post['id']] = fixLinksInRes(buildPost($post, true));
|
|
|
|
}
|
|
|
|
}
|
2021-03-14 02:25:53 +00:00
|
|
|
|
2021-03-13 08:39:08 +00:00
|
|
|
echo json_encode($json_posts);
|
|
|
|
die();
|
2020-11-13 20:32:42 +00:00
|
|
|
// Check if the request is to report a post
|
|
|
|
} elseif (isset($_GET['report']) && !isset($_GET['manage'])) {
|
2022-04-08 21:55:02 +00:00
|
|
|
$lock = lockDatabase();
|
|
|
|
|
2020-11-13 20:32:42 +00:00
|
|
|
if (!TINYIB_REPORT) {
|
|
|
|
fancyDie(__('Reporting is disabled.'));
|
|
|
|
}
|
|
|
|
|
|
|
|
$post = postByID($_GET['report']);
|
|
|
|
if (!$post) {
|
|
|
|
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
|
|
|
|
}
|
|
|
|
|
2021-04-16 04:30:31 +00:00
|
|
|
if ($post['moderated'] == 2) {
|
2021-04-16 04:16:01 +00:00
|
|
|
fancyDie(__('Moderators have determined that post does not break any rules.'));
|
|
|
|
}
|
|
|
|
|
2021-04-14 05:54:27 +00:00
|
|
|
$report = reportByIP($post['id'], remoteAddress());
|
2020-11-13 20:32:42 +00:00
|
|
|
if (!empty($report)) {
|
|
|
|
fancyDie(__('You have already submitted a report for that post.'));
|
|
|
|
}
|
|
|
|
|
2021-04-16 04:22:10 +00:00
|
|
|
$go_back = 1;
|
2021-04-14 05:40:31 +00:00
|
|
|
if (TINYIB_REPORTCAPTCHA != '') {
|
|
|
|
if (isset($_GET['verify'])) {
|
|
|
|
checkCAPTCHA(TINYIB_REPORTCAPTCHA);
|
2021-04-16 04:22:10 +00:00
|
|
|
$go_back = 2;
|
2021-04-14 05:40:31 +00:00
|
|
|
} else {
|
|
|
|
if (TINYIB_REPORTCAPTCHA === 'hcaptcha') {
|
|
|
|
$captcha = '
|
|
|
|
<br>
|
|
|
|
<div style="min-height: 82px;">
|
|
|
|
<div class="h-captcha" data-sitekey="' . TINYIB_HCAPTCHA_SITE . '"></div>
|
|
|
|
</div><br><br>';
|
|
|
|
} else if (TINYIB_REPORTCAPTCHA === 'recaptcha') {
|
|
|
|
$captcha = '
|
|
|
|
<br>
|
|
|
|
<div style="min-height: 80px;">
|
|
|
|
<div class="g-recaptcha" data-sitekey="' . TINYIB_RECAPTCHA_SITE . '"></div>
|
|
|
|
<noscript>
|
|
|
|
<div>
|
|
|
|
<div style="width: 302px; height: 422px; position: relative;">
|
|
|
|
<div style="width: 302px; height: 422px; position: absolute;">
|
|
|
|
<iframe src="https://www.google.com/recaptcha/api/fallback?k=' . TINYIB_RECAPTCHA_SITE . '" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"></iframe>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div style="width: 300px; height: 60px; border-style: none;bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
|
|
|
|
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;"></textarea>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</noscript>
|
|
|
|
</div><br><br>';
|
|
|
|
} else { // Simple CAPTCHA
|
|
|
|
$captcha = '
|
|
|
|
<br>
|
|
|
|
<input type="text" name="captcha" id="captcha" size="6" accesskey="c" autocomplete="off"> ' . __('(enter the text below)') . '<br>
|
|
|
|
<img id="captchaimage" src="inc/captcha.php" width="175" height="55" alt="CAPTCHA" onclick="javascript:reloadCAPTCHA()" style="margin-top: 5px;cursor: pointer;"><br><br>';
|
|
|
|
}
|
|
|
|
|
|
|
|
$txt_report = __('Please complete a CAPTCHA to submit your report');
|
|
|
|
$txt_submit = __('Submit');
|
|
|
|
$body = <<<EOF
|
2021-04-14 18:49:30 +00:00
|
|
|
<form id="tinyib" name="tinyib" method="post" action="?report={$post['id']}&verify">
|
2021-04-14 05:40:31 +00:00
|
|
|
<fieldset>
|
|
|
|
<legend align="center">$txt_report</legend>
|
|
|
|
<div class="login">
|
|
|
|
$captcha
|
|
|
|
<input type="submit" value="$txt_submit" class="managebutton">
|
|
|
|
</div>
|
|
|
|
</fieldset>
|
|
|
|
</form>
|
|
|
|
EOF;
|
|
|
|
|
|
|
|
echo pageHeader() . $body . pageFooter();
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-14 05:54:27 +00:00
|
|
|
$report = array('ip' => remoteAddress(), 'post' => $post['id']);
|
2020-11-13 20:32:42 +00:00
|
|
|
insertReport($report);
|
2021-05-06 02:55:18 +00:00
|
|
|
checkAutoHide($post);
|
2020-11-13 20:32:42 +00:00
|
|
|
|
2021-04-16 04:22:10 +00:00
|
|
|
fancyDie(__('Post reported.'), $go_back);
|
2009-09-20 02:53:15 +00:00
|
|
|
// Check if the request is to delete a post and/or its associated image
|
|
|
|
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
|
2022-04-08 21:55:02 +00:00
|
|
|
$lock = lockDatabase();
|
|
|
|
|
2014-06-24 19:51:22 +00:00
|
|
|
if (!isset($_POST['delete'])) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Tick the box next to a post and click "Delete" to delete it.'));
|
2014-06-24 19:51:22 +00:00
|
|
|
}
|
2011-09-06 06:53:37 +00:00
|
|
|
|
2014-07-20 19:12:00 +00:00
|
|
|
if (TINYIB_DBMIGRATE) {
|
2020-09-01 03:51:14 +00:00
|
|
|
fancyDie(__('Post deletion is currently disabled.<br>Please try again in a few moments.'));
|
2014-07-20 19:12:00 +00:00
|
|
|
}
|
|
|
|
|
2021-04-18 08:10:52 +00:00
|
|
|
$post_ids = array();
|
|
|
|
if (is_array($_POST['delete'])) {
|
|
|
|
$post_ids = $_POST['delete'];
|
|
|
|
} else {
|
|
|
|
$post_ids = array($_POST['delete']);
|
|
|
|
}
|
2014-06-24 19:51:22 +00:00
|
|
|
|
2021-04-18 08:10:52 +00:00
|
|
|
list($account, $loggedin, $isadmin) = manageCheckLogIn(false);
|
|
|
|
if (!empty($account)) {
|
|
|
|
// Redirect to post moderation page
|
|
|
|
echo '--> --> --><meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . implode(',', $post_ids) . '">';
|
|
|
|
die();
|
|
|
|
}
|
|