diff --git a/README.md b/README.md
index 2b08301..7720d86 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,8 @@ See [TinyIB Installations](https://gitlab.com/tslocum/tinyib/wikis/Home) for dem
- A simple, self-hosted implementation is included.
- [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported but [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/).
- Reference links. `>>###`
- - Delete post via password.
+ - Delete posts via password.
+ - Report posts.
- Management panel:
- Administrators and moderators use separate passwords.
- Moderators are only able to sticky threads, lock threads, delete posts, and approve posts when necessary. (See ``TINYIB_REQMOD``)
@@ -45,7 +46,7 @@ Please consider supporting the continued development of TinyIB.
## Install
1. Verify the following are installed:
- - [PHP 5.3+](https://php.net)
+ - [PHP 5.5+](https://php.net)
- [GD Image Processing Library](https://php.net/gd)
- This library is usually installed by default.
- If you plan on disabling image uploads to use TinyIB as a text board only, this library is not required.
@@ -54,7 +55,7 @@ Please consider supporting the continued development of TinyIB.
- `git clone https://gitlab.com/tslocum/tinyib.git ./`
4. Copy **settings.default.php** to **settings.php**
5. Configure **settings.php**
- - When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post and ban data are exposed as the database is composed of standard text files. Access to ./inc/database/flatfile/ should be denied.
+ - When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post, report and ban data are exposed as the database is composed of standard text files. Access to ./inc/database/flatfile/ should be denied.
- When setting ``TINYIB_DBMODE`` to ``pdo``, note that only the MySQL and PostgreSQL databases drivers have been tested. Theoretically it will work with any applicable driver, but this is not guaranteed. If you use an alternative driver, please report back.
- To require moderation before displaying posts:
- Set ``TINYIB_REQMOD`` to ``files`` to require moderation for posts with files attached.
@@ -99,7 +100,7 @@ Please consider supporting the continued development of TinyIB.
- Otherwise, [download](https://gitlab.com/tslocum/tinyib/-/archive/master/tinyib-master.zip) and extract a zipped archive.
2. Note which files were modified.
- If **settings.default.php** was updated, migrate the changes to **settings.php**
- - Take care to not change the value of **TINYIB_TRIPSEED**, as it would result in different secure tripcodes.
+ - Take care to not change the value of `TINYIB_TRIPSEED`, as it is used to generate secure tripcodes, hash passwords and hash IP addresses.
- If other files were updated, and you have made changes yourself:
- Visit [GitLab](https://gitlab.com/tslocum/tinyib) and review the changes made in the update.
- Ensure the update does not interfere with your changes.
diff --git a/imgboard.php b/imgboard.php
index 949effd..94e231b 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -40,20 +40,6 @@ if (function_exists('ob_get_level')) {
}
}
-if (version_compare(phpversion(), '5.3.0', '<')) {
- if (get_magic_quotes_gpc()) {
- foreach ($_GET as $key => $val) {
- $_GET[$key] = stripslashes($val);
- }
- foreach ($_POST as $key => $val) {
- $_POST[$key] = stripslashes($val);
- }
- }
- if (get_magic_quotes_runtime()) {
- set_magic_quotes_runtime(0);
- }
-}
-
function fancyDie($message) {
$back = 'Click here to go back';
if (function_exists('__')) {
@@ -91,7 +77,7 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
"parent" integer NOT NULL,
"timestamp" integer NOT NULL,
"bumped" integer NOT NULL,
- "ip" varchar(39) NOT NULL,
+ "ip" varchar(255) NOT NULL,
"name" varchar(75) NOT NULL,
"tripcode" varchar(10) NOT NULL,
"email" varchar(75) NOT NULL,
@@ -121,20 +107,27 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
"id" bigserial NOT NULL,
- "ip" varchar(39) NOT NULL,
+ "ip" varchar(255) NOT NULL,
"timestamp" integer NOT NULL,
"expire" integer NOT NULL,
"reason" text NOT NULL,
PRIMARY KEY ("id")
);
CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
+
+ $reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
+ "id" bigserial NOT NULL,
+ "ip" varchar(255) NOT NULL,
+ "post" integer NOT NULL,
+ PRIMARY KEY ("id")
+ );';
} else {
$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
`parent` mediumint(7) unsigned NOT NULL,
`timestamp` int(20) NOT NULL,
`bumped` int(20) NOT NULL,
- `ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
+ `ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`name` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`tripcode` varchar(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`email` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
@@ -163,13 +156,20 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
`id` mediumint(7) unsigned NOT NULL auto_increment,
- `ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
+ `ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`timestamp` int(20) NOT NULL,
`expire` int(20) NOT NULL,
`reason` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `ip` (`ip`)
)";
+
+ $reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
+ `id` mediumint(7) unsigned NOT NULL auto_increment,
+ `ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
+ `post` int(20) NOT NULL,
+ PRIMARY KEY (`id`)
+ )";
}
// Check directories are writable by the script
@@ -200,6 +200,8 @@ if (TINYIB_TIMEZONE != '') {
date_default_timezone_set(TINYIB_TIMEZONE);
}
+$bcrypt_salt = '$2y$12$' . str_replace('+', '.', str_pad(substr(base64_encode(TINYIB_TRIPSEED), 0, 22), 22, "="));
+
$redirect = true;
// Check if the request is to make a post
if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
@@ -256,7 +258,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
}
}
if ($rawpost || !in_array('password', $hide_fields)) {
- $post['password'] = ($_POST['password'] != '') ? md5(md5($_POST['password'])) : '';
+ $post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
}
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext);
@@ -389,6 +391,26 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
echo __('Updating index...') . '
';
rebuildIndexes();
}
+// Check if the request is to report a post
+} elseif (isset($_GET['report']) && !isset($_GET['manage'])) {
+ if (!TINYIB_REPORT) {
+ fancyDie(__('Reporting is disabled.'));
+ }
+
+ $post = postByID($_GET['report']);
+ if (!$post) {
+ fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
+ }
+
+ $report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
+ if (!empty($report)) {
+ fancyDie(__('You have already submitted a report for that post.'));
+ }
+
+ $report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
+ insertReport($report);
+
+ fancyDie(__('Post reported.'));
// Check if the request is to delete a post and/or its associated image
} elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
if (!isset($_POST['delete'])) {
@@ -406,8 +428,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
if ($loggedin && $_POST['password'] == '') {
// Redirect to post moderation page
echo '--> --> -->';
- } elseif ($post['password'] != '' && md5(md5($_POST['password'])) == $post['password']) {
- deletePostByID($post['id']);
+ } elseif ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
+ deletePost($post['id']);
if ($post['parent'] == TINYIB_NEWTHREAD) {
threadUpdated($post['id']);
} else {
@@ -528,10 +550,11 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
if (isset($_GET['delete'])) {
$post = postByID($_GET['delete']);
if ($post) {
- deletePostByID($post['id']);
- rebuildIndexes();
- if ($post['parent'] != TINYIB_NEWTHREAD) {
- rebuildThread($post['parent']);
+ deletePost($post['id']);
+ if ($post['parent'] == TINYIB_NEWTHREAD) {
+ threadUpdated($post['id']);
+ } else {
+ threadUpdated($post['parent']);
}
$text .= manageInfo(sprintf(__('Post No.%d deleted.'), $post['id']));
} else {
@@ -594,6 +617,17 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
} else {
fancyDie(__('Form data was lost. Please go back and try again.'));
}
+ } elseif (isset($_GET['clearreports'])) {
+ if ($_GET['clearreports'] > 0) {
+ $post = postByID($_GET['clearreports']);
+ if ($post) {
+ deleteReportsByPost($post['id']);
+
+ $text .= manageInfo(__('Reports cleared.'));
+ } else {
+ fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
+ }
+ }
} elseif (isset($_GET["rawpost"])) {
$onload = manageOnLoad("rawpost");
$text .= buildPostForm(0, true);
diff --git a/inc/database/flatfile.php b/inc/database/flatfile.php
index 7b3c579..ac30646 100644
--- a/inc/database/flatfile.php
+++ b/inc/database/flatfile.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
return 0; // Unsupported by this database option
}
@@ -22,31 +22,31 @@ function threadExistsByID($id) {
function insertPost($newpost) {
$post = array();
- $post[POST_ID] = '0';
- $post[POST_PARENT] = $newpost['parent'];
- $post[POST_TIMESTAMP] = time();
- $post[POST_BUMPED] = time();
- $post[POST_IP] = $newpost['ip'];
- $post[POST_NAME] = $newpost['name'];
- $post[POST_TRIPCODE] = $newpost['tripcode'];
- $post[POST_EMAIL] = $newpost['email'];
- $post[POST_NAMEBLOCK] = $newpost['nameblock'];
- $post[POST_SUBJECT] = $newpost['subject'];
- $post[POST_MESSAGE] = $newpost['message'];
- $post[POST_PASSWORD] = $newpost['password'];
- $post[POST_FILE] = $newpost['file'];
- $post[POST_FILE_HEX] = $newpost['file_hex'];
- $post[POST_FILE_ORIGINAL] = $newpost['file_original'];
- $post[POST_FILE_SIZE] = $newpost['file_size'];
+ $post[POST_ID] = '0';
+ $post[POST_PARENT] = $newpost['parent'];
+ $post[POST_TIMESTAMP] = time();
+ $post[POST_BUMPED] = time();
+ $post[POST_IP] = hashData($newpost['ip']);
+ $post[POST_NAME] = $newpost['name'];
+ $post[POST_TRIPCODE] = $newpost['tripcode'];
+ $post[POST_EMAIL] = $newpost['email'];
+ $post[POST_NAMEBLOCK] = $newpost['nameblock'];
+ $post[POST_SUBJECT] = $newpost['subject'];
+ $post[POST_MESSAGE] = $newpost['message'];
+ $post[POST_PASSWORD] = $newpost['password'];
+ $post[POST_FILE] = $newpost['file'];
+ $post[POST_FILE_HEX] = $newpost['file_hex'];
+ $post[POST_FILE_ORIGINAL] = $newpost['file_original'];
+ $post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_FILE_SIZE_FORMATTED] = $newpost['file_size_formatted'];
- $post[POST_IMAGE_WIDTH] = $newpost['image_width'];
- $post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
- $post[POST_THUMB] = $newpost['thumb'];
- $post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
- $post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
- $post[POST_STICKIED] = $newpost['stickied'];
- $post[POST_LOCKED] = $newpost['locked'];
- $post[POST_MODERATED] = $newpost['moderated'];
+ $post[POST_IMAGE_WIDTH] = $newpost['image_width'];
+ $post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
+ $post[POST_THUMB] = $newpost['thumb'];
+ $post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
+ $post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
+ $post[POST_STICKIED] = $newpost['stickied'];
+ $post[POST_LOCKED] = $newpost['locked'];
+ $post[POST_MODERATED] = $newpost['moderated'];
return $GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
}
@@ -100,30 +100,30 @@ function convertPostsToSQLStyle($posts, $singlepost = false) {
$newposts = array();
foreach ($posts as $oldpost) {
$post = newPost();
- $post['id'] = $oldpost[POST_ID];
- $post['parent'] = $oldpost[POST_PARENT];
- $post['timestamp'] = $oldpost[POST_TIMESTAMP];
- $post['bumped'] = $oldpost[POST_BUMPED];
- $post['ip'] = $oldpost[POST_IP];
- $post['name'] = $oldpost[POST_NAME];
- $post['tripcode'] = $oldpost[POST_TRIPCODE];
- $post['email'] = $oldpost[POST_EMAIL];
- $post['nameblock'] = $oldpost[POST_NAMEBLOCK];
- $post['subject'] = $oldpost[POST_SUBJECT];
- $post['message'] = $oldpost[POST_MESSAGE];
- $post['password'] = $oldpost[POST_PASSWORD];
- $post['file'] = $oldpost[POST_FILE];
- $post['file_hex'] = $oldpost[POST_FILE_HEX];
- $post['file_original'] = $oldpost[POST_FILE_ORIGINAL];
- $post['file_size'] = $oldpost[POST_FILE_SIZE];
+ $post['id'] = $oldpost[POST_ID];
+ $post['parent'] = $oldpost[POST_PARENT];
+ $post['timestamp'] = $oldpost[POST_TIMESTAMP];
+ $post['bumped'] = $oldpost[POST_BUMPED];
+ $post['ip'] = $oldpost[POST_IP];
+ $post['name'] = $oldpost[POST_NAME];
+ $post['tripcode'] = $oldpost[POST_TRIPCODE];
+ $post['email'] = $oldpost[POST_EMAIL];
+ $post['nameblock'] = $oldpost[POST_NAMEBLOCK];
+ $post['subject'] = $oldpost[POST_SUBJECT];
+ $post['message'] = $oldpost[POST_MESSAGE];
+ $post['password'] = $oldpost[POST_PASSWORD];
+ $post['file'] = $oldpost[POST_FILE];
+ $post['file_hex'] = $oldpost[POST_FILE_HEX];
+ $post['file_original'] = $oldpost[POST_FILE_ORIGINAL];
+ $post['file_size'] = $oldpost[POST_FILE_SIZE];
$post['file_size_formatted'] = $oldpost[POST_FILE_SIZE_FORMATTED];
- $post['image_width'] = $oldpost[POST_IMAGE_WIDTH];
- $post['image_height'] = $oldpost[POST_IMAGE_HEIGHT];
- $post['thumb'] = $oldpost[POST_THUMB];
- $post['thumb_width'] = $oldpost[POST_THUMB_WIDTH];
- $post['thumb_height'] = $oldpost[POST_THUMB_HEIGHT];
- $post['stickied'] = isset($oldpost[POST_STICKIED]) ? $oldpost[POST_STICKIED] : 0;
- $post['locked'] = isset($oldpost[POST_LOCKED]) ? $oldpost[POST_LOCKED] : 0;
+ $post['image_width'] = $oldpost[POST_IMAGE_WIDTH];
+ $post['image_height'] = $oldpost[POST_IMAGE_HEIGHT];
+ $post['thumb'] = $oldpost[POST_THUMB];
+ $post['thumb_width'] = $oldpost[POST_THUMB_WIDTH];
+ $post['thumb_height'] = $oldpost[POST_THUMB_HEIGHT];
+ $post['stickied'] = isset($oldpost[POST_STICKIED]) ? $oldpost[POST_STICKIED] : 0;
+ $post['locked'] = isset($oldpost[POST_LOCKED]) ? $oldpost[POST_LOCKED] : 0;
if ($post['parent'] == '') {
$post['parent'] = TINYIB_NEWTHREAD;
@@ -178,23 +178,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- $GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $post['id'], INTEGER_COMPARISON));
- } else {
- $thispost = $post;
- }
- }
-
- if (isset($thispost)) {
- if ($thispost['parent'] == 0) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- $GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $thispost['id'], INTEGER_COMPARISON));
- }
+ $GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON));
}
function trimThreads() {
@@ -203,24 +187,30 @@ function trimThreads() {
if ($numthreads > TINYIB_MAXTHREADS) {
$allthreads = allThreads();
for ($i = TINYIB_MAXTHREADS; $i < $numthreads; $i++) {
- deletePostByID($allthreads[$i]['id']);
+ deletePost($allthreads[$i]['id']);
}
}
}
}
function lastPostByIP() {
- $rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON), 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
+ $compClause = new OrWhereClause();
+ $compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
+ $compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
+ $rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
return convertPostsToSQLStyle($rows, true);
}
-// Ban Functions
+// Ban functions
function banByID($id) {
return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON), 1), true);
}
function banByIP($ip) {
- return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON), 1), true);
+ $compClause = new OrWhereClause();
+ $compClause->add(new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON));
+ $compClause->add(new SimpleWhereClause(BAN_IP, '=', hashData($ip), STRING_COMPARISON));
+ return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, $compClause, 1), true);
}
function allBans() {
@@ -249,7 +239,7 @@ function convertBansToSQLStyle($bans, $singleban = false) {
function insertBan($newban) {
$ban = array();
$ban[BAN_ID] = '0';
- $ban[BAN_IP] = $newban['ip'];
+ $ban[BAN_IP] = hashData($newban['ip']);
$ban[BAN_TIMESTAMP] = time();
$ban[BAN_EXPIRE] = $newban['expire'];
$ban[BAN_REASON] = $newban['reason'];
@@ -271,3 +261,62 @@ function clearExpiredBans() {
function deleteBanByID($id) {
$GLOBALS['db']->deleteWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON));
}
+
+// Report functions
+function reportByIP($post, $ip) {
+ $ipClause = new OrWhereClause();
+ $ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
+ $ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
+
+ $andClause = new AndWhereClause();
+ $andClause->add(new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
+ $andClause->add($ipClause);
+
+ return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, $andClause, 1), true);
+}
+
+function reportsByPost($post) {
+ return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON), 1), true);
+}
+
+function allReports() {
+ $rows = $GLOBALS['db']->selectWhere(REPORTS_FILE, NULL, -1, new OrderBy(REPORT_POST, ASCENDING, INTEGER_COMPARISON));
+ return convertReportsToSQLStyle($rows);
+}
+
+function convertReportsToSQLStyle($reports, $singlereport = false) {
+ $newreports = array();
+ foreach ($reports as $oldreport) {
+ $report = array();
+ $report['id'] = $oldreport[REPORT_ID];
+ $report['ip'] = $oldreport[REPORT_IP];
+ $report['post'] = $oldreport[REPORT_POST];
+
+ if ($singlereport) {
+ return $report;
+ }
+ $newreports[] = $report;
+ }
+ return $newreports;
+}
+
+function insertReport($newreport) {
+ $report = array();
+ $report[REPORT_ID] = '0';
+ $report[REPORT_IP] = hashData($newreport['ip']);
+ $report[REPORT_POST] = $newreport['post'];
+
+ $GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
+}
+
+function deleteReportsByPost($post) {
+ $GLOBALS['db']->deleteWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
+}
+
+function deleteReportsByIP($ip) {
+ $ipClause = new OrWhereClause();
+ $ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
+ $ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
+
+ $GLOBALS['db']->deleteWhere(REPORTS_FILE, $ipClause);
+}
diff --git a/inc/database/flatfile_link.php b/inc/database/flatfile_link.php
index 9a64022..7c696fd 100644
--- a/inc/database/flatfile_link.php
+++ b/inc/database/flatfile_link.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Structure
+// Posts table
define('POSTS_FILE', '.posts');
define('POST_ID', 0);
define('POST_PARENT', 1);
@@ -31,7 +31,7 @@ define('POST_STICKIED', 22);
define('POST_LOCKED', 23);
define('POST_MODERATED', 24);
-// Ban Structure
+// Bans table
define('BANS_FILE', '.bans');
define('BAN_ID', 0);
define('BAN_IP', 1);
@@ -39,6 +39,12 @@ define('BAN_TIMESTAMP', 2);
define('BAN_EXPIRE', 3);
define('BAN_REASON', 4);
+// Reports table
+define('REPORTS_FILE', '.reports');
+define('REPORT_ID', 0);
+define('REPORT_IP', 1);
+define('REPORT_POST', 2);
+
require_once 'flatfile/flatfile.php';
$db = new Flatfile();
$db->datadir = 'inc/database/flatfile/';
@@ -50,41 +56,49 @@ if (file_exists('inc/flatfile/' . POSTS_FILE)) {
if (function_exists('insertPost')) {
function migratePost($newpost) {
$post = array();
- $post[POST_ID] = $newpost['id'];
- $post[POST_PARENT] = $newpost['parent'];
- $post[POST_TIMESTAMP] = $newpost['timestamp'];
- $post[POST_BUMPED] = $newpost['bumped'];
- $post[POST_IP] = $newpost['ip'];
- $post[POST_NAME] = $newpost['name'];
- $post[POST_TRIPCODE] = $newpost['tripcode'];
- $post[POST_EMAIL] = $newpost['email'];
- $post[POST_NAMEBLOCK] = $newpost['nameblock'];
- $post[POST_SUBJECT] = $newpost['subject'];
- $post[POST_MESSAGE] = $newpost['message'];
- $post[POST_PASSWORD] = $newpost['password'];
- $post[POST_FILE] = $newpost['file'];
- $post[POST_FILE_HEX] = $newpost['file_hex'];
- $post[POST_FILE_ORIGINAL] = $newpost['file_original'];
- $post[POST_FILE_SIZE] = $newpost['file_size'];
+ $post[POST_ID] = $newpost['id'];
+ $post[POST_PARENT] = $newpost['parent'];
+ $post[POST_TIMESTAMP] = $newpost['timestamp'];
+ $post[POST_BUMPED] = $newpost['bumped'];
+ $post[POST_IP] = $newpost['ip'];
+ $post[POST_NAME] = $newpost['name'];
+ $post[POST_TRIPCODE] = $newpost['tripcode'];
+ $post[POST_EMAIL] = $newpost['email'];
+ $post[POST_NAMEBLOCK] = $newpost['nameblock'];
+ $post[POST_SUBJECT] = $newpost['subject'];
+ $post[POST_MESSAGE] = $newpost['message'];
+ $post[POST_PASSWORD] = $newpost['password'];
+ $post[POST_FILE] = $newpost['file'];
+ $post[POST_FILE_HEX] = $newpost['file_hex'];
+ $post[POST_FILE_ORIGINAL] = $newpost['file_original'];
+ $post[POST_FILE_SIZE] = $newpost['file_size'];
$post[POST_FILE_SIZE_FORMATTED] = $newpost['file_size_formatted'];
- $post[POST_IMAGE_WIDTH] = $newpost['image_width'];
- $post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
- $post[POST_THUMB] = $newpost['thumb'];
- $post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
- $post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
- $post[POST_MODERATED] = $newpost['moderated'];
- $post[POST_STICKIED] = $newpost['stickied'];
- $post[POST_LOCKED] = $newpost['locked'];
+ $post[POST_IMAGE_WIDTH] = $newpost['image_width'];
+ $post[POST_IMAGE_HEIGHT] = $newpost['image_height'];
+ $post[POST_THUMB] = $newpost['thumb'];
+ $post[POST_THUMB_WIDTH] = $newpost['thumb_width'];
+ $post[POST_THUMB_HEIGHT] = $newpost['thumb_height'];
+ $post[POST_MODERATED] = $newpost['moderated'];
+ $post[POST_STICKIED] = $newpost['stickied'];
+ $post[POST_LOCKED] = $newpost['locked'];
$GLOBALS['db']->insertWithAutoId(POSTS_FILE, POST_ID, $post);
}
function migrateBan($newban) {
$ban = array();
- $ban[BAN_ID] = $newban['id'];
- $ban[BAN_IP] = $newban['ip'];
+ $ban[BAN_ID] = $newban['id'];
+ $ban[BAN_IP] = $newban['ip'];
$ban[BAN_TIMESTAMP] = $newban['timestamp'];
- $ban[BAN_EXPIRE] = $newban['expire'];
- $ban[BAN_REASON] = $newban['reason'];
+ $ban[BAN_EXPIRE] = $newban['expire'];
+ $ban[BAN_REASON] = $newban['reason'];
$GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
}
+
+ function migrateReport($newreport) {
+ $report = array();
+ $report[REPORT_ID] = $newreport['id'];
+ $report[REPORT_IP] = $newreport['ip'];
+ $report[REPORT_POST] = $newreport['post'];
+ $GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
+ }
}
diff --git a/inc/database/mysql.php b/inc/database/mysql.php
index 636879b..38b81bc 100644
--- a/inc/database/mysql.php
+++ b/inc/database/mysql.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
$row = mysql_fetch_row(mysql_query("SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
return $row[0];
@@ -23,7 +23,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
- mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+ mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysql_insert_id();
}
@@ -107,22 +107,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
- } else {
- $thispost = $post;
- }
- }
- if (isset($thispost)) {
- if ($thispost['parent'] == TINYIB_NEWTHREAD) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
- }
+ mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
}
function trimThreads() {
@@ -130,14 +115,14 @@ function trimThreads() {
$result = mysql_query("SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysql_fetch_assoc($result)) {
- deletePostByID($post['id']);
+ deletePost($post['id']);
}
}
}
}
function lastPostByIP() {
- $replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
+ $replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysql_fetch_assoc($replies)) {
return $post;
@@ -145,7 +130,7 @@ function lastPostByIP() {
}
}
-// Ban Functions
+// Ban functions
function banByID($id) {
$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' LIMIT 1");
if ($result) {
@@ -156,7 +141,7 @@ function banByID($id) {
}
function banByIP($ip) {
- $result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' LIMIT 1");
+ $result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "' LIMIT 1");
if ($result) {
while ($ban = mysql_fetch_assoc($result)) {
return $ban;
@@ -176,7 +161,7 @@ function allBans() {
}
function insertBan($ban) {
- mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string($ban['ip']) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
+ mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
return mysql_insert_id();
}
@@ -192,3 +177,47 @@ function clearExpiredBans() {
function deleteBanByID($id) {
mysql_query("DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
}
+
+// Report functions
+function reportByIP($post, $ip) {
+ $result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "' AND (`ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "') LIMIT 1");
+ if ($result) {
+ while ($report = mysql_fetch_assoc($result)) {
+ return $report;
+ }
+ }
+}
+
+function reportsByPost($post) {
+ $reports = array();
+ $result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "'");
+ if ($result) {
+ while ($report = mysql_fetch_assoc($result)) {
+ $reports[] = $report;
+ }
+ }
+ return $reports;
+}
+
+function allReports() {
+ $reports = array();
+ $result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
+ if ($result) {
+ while ($report = mysql_fetch_assoc($result)) {
+ $reports[] = $report;
+ }
+ }
+ return $reports;
+}
+
+function insertReport($report) {
+ mysql_query("INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysql_real_escape_string(hashData($report['ip'])) . "', '" . mysql_real_escape_string($report['post']) . "')");
+}
+
+function deleteReportsByPost($post) {
+ mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = " . mysql_real_escape_string($post));
+}
+
+function deleteReportsByIP($ip) {
+ mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = " . mysql_real_escape_string($ip) . " OR `ip` = " . mysql_real_escape_string(hashData($ip)));
+}
diff --git a/inc/database/mysql_link.php b/inc/database/mysql_link.php
index 338efb2..68f3d28 100644
--- a/inc/database/mysql_link.php
+++ b/inc/database/mysql_link.php
@@ -35,12 +35,19 @@ if (mysql_num_rows(mysql_query("SHOW COLUMNS FROM `" . TINYIB_DBPOSTS . "` LIKE
mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
+mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+mysql_query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+
if (function_exists('insertPost')) {
function migratePost($post) {
mysql_query("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysql_real_escape_string($post['ip']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
}
function migrateBan($ban) {
- mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysql_real_escape_string($ban['reason']) . "')");
+ mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysql_real_escape_string($ban['id']) . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . mysql_real_escape_string($ban['timestamp']) . "', '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
+ }
+
+ function migrateReport($report) {
+ mysql_query("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysql_real_escape_string($report['id']) . "', '" . mysql_real_escape_string($report['ip']) . "', '" . mysql_real_escape_string($report['post']) . "')");
}
}
diff --git a/inc/database/mysqli.php b/inc/database/mysqli.php
index a5b105f..39348ae 100644
--- a/inc/database/mysqli.php
+++ b/inc/database/mysqli.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
global $link;
$row = mysqli_fetch_row(mysqli_query($link, "SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
@@ -27,7 +27,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $link;
- mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+ mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysqli_insert_id($link);
}
@@ -122,22 +122,7 @@ function latestPosts($moderated = true) {
function deletePostByID($id) {
global $link;
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
- } else {
- $thispost = $post;
- }
- }
- if (isset($thispost)) {
- if ($thispost['parent'] == TINYIB_NEWTHREAD) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
- }
+ mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
}
function trimThreads() {
@@ -146,7 +131,7 @@ function trimThreads() {
$result = mysqli_query($link, "SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
if ($result) {
while ($post = mysqli_fetch_assoc($result)) {
- deletePostByID($post['id']);
+ deletePost($post['id']);
}
}
}
@@ -154,7 +139,7 @@ function trimThreads() {
function lastPostByIP() {
global $link;
- $replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
+ $replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysqli_fetch_assoc($replies)) {
return $post;
@@ -162,7 +147,7 @@ function lastPostByIP() {
}
}
-// Ban Functions
+// Ban functions
function banByID($id) {
global $link;
$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' LIMIT 1");
@@ -175,7 +160,7 @@ function banByID($id) {
function banByIP($ip) {
global $link;
- $result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' LIMIT 1");
+ $result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "' LIMIT 1");
if ($result) {
while ($ban = mysqli_fetch_assoc($result)) {
return $ban;
@@ -197,7 +182,7 @@ function allBans() {
function insertBan($ban) {
global $link;
- mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
+ mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, hashData($ban['ip'])) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
return mysqli_insert_id($link);
}
@@ -216,6 +201,57 @@ function deleteBanByID($id) {
mysqli_query($link, "DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
}
+// Report functions
+function reportByIP($post, $ip) {
+ global $link;
+ $result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "' AND (`ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "') LIMIT 1");
+ if ($result) {
+ while ($report = mysqli_fetch_assoc($result)) {
+ return $report;
+ }
+ }
+}
+
+function reportsByPost($post) {
+ global $link;
+ $reports = array();
+ $result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
+ if ($result) {
+ while ($report = mysqli_fetch_assoc($result)) {
+ $reports[] = $report;
+ }
+ }
+ return $reports;
+}
+
+function allReports() {
+ global $link;
+ $reports = array();
+ $result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
+ if ($result) {
+ while ($report = mysqli_fetch_assoc($result)) {
+ $reports[] = $report;
+ }
+ }
+ return $reports;
+}
+
+function insertReport($report) {
+ global $link;
+ mysqli_query($link, "INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysqli_real_escape_string($link, hashData($report['ip'])) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
+}
+
+function deleteReportsByPost($post) {
+ global $link;
+ mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
+}
+
+function deleteReportsByIP($ip) {
+ global $link;
+ mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "'");
+}
+
+// Utility functions
function mysqli_result($res, $row, $field = 0) {
$res->data_seek($row);
$datarow = $res->fetch_array();
diff --git a/inc/database/mysqli_link.php b/inc/database/mysqli_link.php
index 8cd3a41..405fae0 100644
--- a/inc/database/mysqli_link.php
+++ b/inc/database/mysqli_link.php
@@ -35,6 +35,9 @@ if (mysqli_num_rows(mysqli_query($link, "SHOW COLUMNS FROM `" . TINYIB_DBPOSTS .
mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
+mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+mysqli_query($link, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+
if (function_exists('insertPost')) {
function migratePost($post) {
global $link;
@@ -43,6 +46,11 @@ if (function_exists('insertPost')) {
function migrateBan($ban) {
global $link;
- sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysqli_real_escape_string($link, $ban['id']) . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . mysqli_real_escape_string($link, $ban['timestamp']) . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
+ }
+
+ function migrateReport($report) {
+ global $link;
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysqli_real_escape_string($link, $report['id']) . "', '" . mysqli_real_escape_string($link, $report['ip']) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
}
}
diff --git a/inc/database/pdo.php b/inc/database/pdo.php
index 617dc21..8d41165 100644
--- a/inc/database/pdo.php
+++ b/inc/database/pdo.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
$result = pdoQuery("SELECT COUNT(DISTINCT(ip)) FROM " . TINYIB_DBPOSTS);
return (int)$result->fetchColumn();
@@ -26,7 +26,7 @@ function insertPost($post) {
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
- $stm->execute(array($post['parent'], $now, $now, $_SERVER['REMOTE_ADDR'], $post['name'], $post['tripcode'], $post['email'],
+ $stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@@ -108,22 +108,7 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($id));
- } else {
- $thispost = $post;
- }
- }
- if (isset($thispost)) {
- if ($thispost['parent'] == TINYIB_NEWTHREAD) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($thispost['id']));
- }
+ pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($id));
}
function trimThreads() {
@@ -137,7 +122,7 @@ function trimThreads() {
MSSQL: WITH ts AS (SELECT ROWNUMBER() OVER (ORDER BY bumped) AS 'rownum', * FROM $table) SELECT id FROM ts WHERE rownum >= $limit
*/
foreach ($results as $post) {
- deletePostByID($post['id']);
+ deletePost($post['id']);
}
}
}
@@ -147,14 +132,14 @@ function lastPostByIP() {
return $result->fetch(PDO::FETCH_ASSOC);
}
-// Ban Functions
+// Ban functions
function banByID($id) {
$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
return $result->fetch(PDO::FETCH_ASSOC);
}
function banByIP($ip) {
- $result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? LIMIT 1", array($ip));
+ $result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? OR ip = ? LIMIT 1", array($ip, hashData($ip)));
return $result->fetch(PDO::FETCH_ASSOC);
}
@@ -171,7 +156,7 @@ function insertBan($ban) {
global $dbh;
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES (?, ?, ?, ?)");
- $stm->execute(array($ban['ip'], $now, $ban['expire'], $ban['reason']));
+ $stm->execute(array(hashData($ban['ip']), $now, $ban['expire'], $ban['reason']));
return $dbh->lastInsertId();
}
@@ -183,3 +168,41 @@ function clearExpiredBans() {
function deleteBanByID($id) {
pdoQuery("DELETE FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
}
+
+// Report functions
+function reportByIP($post, $ip) {
+ $result = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ? AND (ip = ? OR ip = ?) LIMIT 1", array($post, $ip, hashData($ip)));
+ return $result->fetch(PDO::FETCH_ASSOC);
+}
+
+function reportsByPost($post) {
+ $reports = array();
+ $results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
+ while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
+ $reports[] = $row;
+ }
+ return $reports;
+}
+
+function allReports() {
+ $reports = array();
+ $results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
+ while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
+ $reports[] = $row;
+ }
+ return $reports;
+}
+
+function insertReport($report) {
+ global $dbh;
+ $stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES (?, ?)");
+ $stm->execute(array(hashData($report['ip']), $report['post']));
+}
+
+function deleteReportsByPost($post) {
+ pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
+}
+
+function deleteReportsByIP($ip) {
+ pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = ? OR ip = ?", array($ip, hashData($ip)));
+}
diff --git a/inc/database/pdo_link.php b/inc/database/pdo_link.php
index 8563a8f..2f018d9 100644
--- a/inc/database/pdo_link.php
+++ b/inc/database/pdo_link.php
@@ -89,6 +89,14 @@ if (!$locked_exists) {
$dbh->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
}
+if (TINYIB_DBDRIVER === 'pgsql') {
+ $dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
+ $dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
+} else {
+ $dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+ $dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+}
+
function pdoQuery($sql, $params = false) {
global $dbh;
@@ -118,4 +126,10 @@ if (function_exists('insertPost')) {
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (?, ?, ?, ?, ?)");
$stm->execute(array($ban['id'], $ban['ip'], $ban['timestamp'], $ban['expire'], $ban['reason']));
}
+
+ function migrateReport($report) {
+ global $dbh;
+ $stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES (?, ?, ?)");
+ $stm->execute(array($report['id'], $report['ip'], $report['post']));
+ }
}
diff --git a/inc/database/sqlite.php b/inc/database/sqlite.php
index 7702896..687d1d0 100644
--- a/inc/database/sqlite.php
+++ b/inc/database/sqlite.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
return sqlite_fetch_single(sqlite_query($GLOBALS["db"], "SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")"));
}
@@ -20,7 +20,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
- sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@@ -96,41 +96,26 @@ function latestPosts($moderated = true) {
}
function deletePostByID($id) {
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
- } else {
- $thispost = $post;
- }
- }
- if (isset($thispost)) {
- if ($thispost['parent'] == TINYIB_NEWTHREAD) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
- }
+ sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id));
}
function trimThreads() {
if (TINYIB_MAXTHREADS > 0) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10"), SQLITE_ASSOC);
foreach ($result as $post) {
- deletePostByID($post['id']);
+ deletePost($post['id']);
}
}
}
function lastPostByIP() {
- $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $post) {
return $post;
}
}
-// Ban Functions
+// Ban functions
function banByID($id) {
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "' LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $ban) {
@@ -139,7 +124,7 @@ function banByID($id) {
}
function banByIP($ip) {
- $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' LIMIT 1"), SQLITE_ASSOC);
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "' LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $ban) {
return $ban;
}
@@ -155,7 +140,7 @@ function allBans() {
}
function insertBan($ban) {
- sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string($ban['ip']) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@@ -169,3 +154,41 @@ function clearExpiredBans() {
function deleteBanByID($id) {
sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id));
}
+
+// Report functions
+function reportByIP($post, $ip) {
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "' AND (ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "') LIMIT 1"), SQLITE_ASSOC);
+ foreach ($result as $report) {
+ return $report;
+ }
+}
+
+function reportByPost($post) {
+ $reports = array();
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'"), SQLITE_ASSOC);
+ foreach ($result as $report) {
+ $reports[] = $report;
+ }
+ return $reports;
+}
+
+function allReports() {
+ $reports = array();
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC"), SQLITE_ASSOC);
+ foreach ($result as $report) {
+ $reports[] = $report;
+ }
+ return $reports;
+}
+
+function insertReport($report) {
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . sqlite_escape_string(hashData($report['ip'])) . "', '" . sqlite_escape_string($report['post']) . "')");
+}
+
+function deleteReportsByPost($post) {
+ sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post));
+}
+
+function deleteReportsByIP($ip) {
+ sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "'");
+}
diff --git a/inc/database/sqlite3.php b/inc/database/sqlite3.php
index c663958..8e57131 100644
--- a/inc/database/sqlite3.php
+++ b/inc/database/sqlite3.php
@@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
die('');
}
-// Post Functions
+// Post functions
function uniquePosts() {
global $db;
return $db->querySingle("SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")");
@@ -24,7 +24,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $db;
- $db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+ $db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return $db->lastInsertRowID();
}
@@ -111,22 +111,7 @@ function latestPosts($moderated = true) {
function deletePostByID($id) {
global $db;
- $posts = postsInThreadByID($id, false);
- foreach ($posts as $post) {
- if ($post['id'] != $id) {
- deletePostImages($post);
- $db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
- } else {
- $thispost = $post;
- }
- }
- if (isset($thispost)) {
- if ($thispost['parent'] == TINYIB_NEWTHREAD) {
- @unlink('res/' . $thispost['id'] . '.html');
- }
- deletePostImages($thispost);
- $db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
- }
+ $db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id));
}
function trimThreads() {
@@ -134,20 +119,20 @@ function trimThreads() {
if (TINYIB_MAXTHREADS > 0) {
$result = $db->query("SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
while ($post = $result->fetchArray()) {
- deletePostByID($post['id']);
+ deletePost($post['id']);
}
}
}
function lastPostByIP() {
global $db;
- $result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1");
+ $result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
while ($post = $result->fetchArray()) {
return $post;
}
}
-// Ban Functions
+// Ban functions
function banByID($id) {
global $db;
$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "' LIMIT 1");
@@ -158,7 +143,7 @@ function banByID($id) {
function banByIP($ip) {
global $db;
- $result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' LIMIT 1");
+ $result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "' LIMIT 1");
while ($ban = $result->fetchArray()) {
return $ban;
}
@@ -176,7 +161,7 @@ function allBans() {
function insertBan($ban) {
global $db;
- $db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString($ban['ip']) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
+ $db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString(hashData($ban['ip'])) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
return $db->lastInsertRowID();
}
@@ -192,3 +177,47 @@ function deleteBanByID($id) {
global $db;
$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id));
}
+
+// Report functions
+function reportByIP($post, $ip) {
+ global $db;
+ $result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "' AND (ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "') LIMIT 1");
+ while ($report = $result->fetchArray()) {
+ return $report;
+ }
+}
+
+function reportsByPost($post) {
+ global $db;
+ $reports = array();
+ $result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'");
+ while ($report = $result->fetchArray()) {
+ $reports[] = $report;
+ }
+ return $reports;
+}
+
+function allReports() {
+ global $db;
+ $reports = array();
+ $result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
+ while ($report = $result->fetchArray()) {
+ $reports[] = $report;
+ }
+ return $reports;
+}
+
+function insertReport($report) {
+ global $db;
+ $db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . $db->escapeString(hashData($report['ip'])) . "', '" . $db->escapeString($report['post']) . "')");
+}
+
+function deleteReportsByPost($post) {
+ global $db;
+ $db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post));
+}
+
+function deleteReportsByIP($ip) {
+ global $db;
+ $db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "'");
+}
diff --git a/inc/database/sqlite3_link.php b/inc/database/sqlite3_link.php
index 086b6ce..727f43a 100644
--- a/inc/database/sqlite3_link.php
+++ b/inc/database/sqlite3_link.php
@@ -65,6 +65,9 @@ if (!$result->fetchArray()) {
// Add locked column if it isn't present
@$db->exec("ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
+@$db->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+@$db->exec("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+
if (function_exists('insertPost')) {
function migratePost($post) {
global $db;
@@ -73,6 +76,11 @@ if (function_exists('insertPost')) {
function migrateBan($ban) {
global $db;
- $db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . ", '" . $db->escapeString($ban['ip']) . "', " . $ban['timestamp'] . ", " . $ban['expire'] . ", '" . $db->escapeString($ban['reason']) . "')");
+ $db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $db->escapeString($ban['id']) . ", '" . $db->escapeString($ban['ip']) . "', " . $db->escapeString($ban['timestamp']) . ", " . $db->escapeString($ban['expire']) . ", '" . $db->escapeString($ban['reason']) . "')");
+ }
+
+ function migrateReport($report) {
+ global $db;
+ $db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . $db->escapeString($report['id']) . "', '" . $db->escapeString($report['ip']) . "', '" . $db->escapeString($report['post']) . "')");
}
}
diff --git a/inc/database/sqlite_link.php b/inc/database/sqlite_link.php
index 88c5c7d..4730543 100644
--- a/inc/database/sqlite_link.php
+++ b/inc/database/sqlite_link.php
@@ -64,12 +64,19 @@ sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN stickied INTEGE
// Add locked column if it isn't present
sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
+sqlite_query($db, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+sqlite_query($db, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
+
if (function_exists('insertPost')) {
function migratePost($post) {
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . sqlite_escape_string($post['ip']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
}
function migrateBan($ban) {
- sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . sqlite_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . sqlite_escape_string($ban['reason']) . "')");
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . sqlite_escape_string($ban['id']) . "', '" . sqlite_escape_string($ban['ip']) . "', '" . sqlite_escape_string($ban['timestamp']) . "', '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
+ }
+
+ function migrateReport($report) {
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . sqlite_escape_string($report['id']) . "', '" . sqlite_escape_string($report['ip']) . "', '" . sqlite_escape_string($report['post']) . "')");
}
}
diff --git a/inc/defines.php b/inc/defines.php
index f29811d..264abbd 100644
--- a/inc/defines.php
+++ b/inc/defines.php
@@ -29,7 +29,7 @@ if (!defined('TINYIB_THUMBNAIL')) {
define('TINYIB_THUMBNAIL', 'gd');
}
if (!defined('TINYIB_UPLOADVIAURL')) {
- define('TINYIB_UPLOADVIAURL', false);
+ define('TINYIB_UPLOADVIAURL', false);
}
if (!defined('TINYIB_NOFILEOK')) {
define('TINYIB_NOFILEOK', false);
@@ -40,6 +40,9 @@ if (!defined('TINYIB_CAPTCHA')) {
if (!defined('TINYIB_MANAGECAPTCHA')) {
define('TINYIB_MANAGECAPTCHA', '');
}
+if (!defined('TINYIB_REPORT')) {
+ define('TINYIB_REPORT', '');
+}
if (!defined('TINYIB_REQMOD')) {
define('TINYIB_REQMOD', '');
}
@@ -64,6 +67,9 @@ if (!defined('TINYIB_DATEFMT')) {
if (!defined('TINYIB_DBMIGRATE')) {
define('TINYIB_DBMIGRATE', false);
}
+if (!defined('TINYIB_DBREPORTS')) {
+ define('TINYIB_DBREPORTS', TINYIB_BOARD . '_reports');
+}
if (!defined('TINYIB_DBPORT')) {
define('TINYIB_DBPORT', 3306);
}
diff --git a/inc/functions.php b/inc/functions.php
index 9ab2fa6..3924c01 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -11,6 +11,14 @@ if (!function_exists('array_column')) {
}
}
+function hashData($data) {
+ global $bcrypt_salt;
+ if (substr($data, 0, 4) == '$2y$') {
+ return $data;
+ }
+ return crypt($data, $bcrypt_salt);
+}
+
function cleanString($string) {
$search = array("&", "<", ">");
$replace = array("&", "<", ">");
@@ -196,6 +204,30 @@ function deletePostImages($post) {
}
}
+function deletePost($id) {
+ $id = intval($id);
+
+ $posts = postsInThreadByID($id, false);
+ $op = array();
+ foreach ($posts as $post) {
+ if ($post['parent'] == TINYIB_NEWTHREAD) {
+ $op = $post;
+ continue;
+ }
+
+ deletePostImages($post);
+ deleteReportsByPost($post['id']);
+ deletePostByID($post['id']);
+ }
+ if (!empty($op)) {
+ deletePostImages($op);
+ deleteReportsByPost($op['id']);
+ deletePostByID($op['id']);
+ }
+
+ @unlink('res/' . $id . '.html');
+}
+
function checkCAPTCHA($mode) {
if ($mode === 'recaptcha') {
require_once 'inc/recaptcha/autoload.php';
@@ -277,19 +309,19 @@ function manageCheckLogIn() {
checkCAPTCHA(TINYIB_MANAGECAPTCHA);
if ($_POST['managepassword'] === TINYIB_ADMINPASS) {
- $_SESSION['tinyib'] = TINYIB_ADMINPASS;
+ $_SESSION['tinyib'] = hashData(TINYIB_ADMINPASS);
} elseif (TINYIB_MODPASS != '' && $_POST['managepassword'] === TINYIB_MODPASS) {
- $_SESSION['tinyib'] = TINYIB_MODPASS;
+ $_SESSION['tinyib'] = hashData(TINYIB_MODPASS);
} else {
fancyDie(__('Invalid password.'));
}
}
if (isset($_SESSION['tinyib'])) {
- if ($_SESSION['tinyib'] === TINYIB_ADMINPASS) {
+ if ($_SESSION['tinyib'] === hashData(TINYIB_ADMINPASS)) {
$loggedin = true;
$isadmin = true;
- } elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === TINYIB_MODPASS) {
+ } elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === hashData(TINYIB_MODPASS)) {
$loggedin = true;
}
}
diff --git a/inc/html.php b/inc/html.php
index 36c4d6a..d51698c 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -466,6 +466,10 @@ EOF;
$return .= $filehtml;
}
+ if (TINYIB_REPORT) {
+ $return .= " [" . __("Report") . "]";
+ }
+
if ($post['parent'] == TINYIB_NEWTHREAD && $res == TINYIB_INDEXPAGE) {
$return .= " [" . __("Reply") . "]";
}
@@ -680,12 +684,16 @@ function rebuildIndexes() {
function rebuildThread($id) {
$id = intval($id);
- $htmlposts = "";
$posts = postsInThreadByID($id);
+ if (count($posts) == 0) {
+ @unlink('res/' . $id . '.html');
+ return;
+ }
+
+ $htmlposts = "";
foreach ($posts as $post) {
$htmlposts .= buildPost($post, TINYIB_RESPAGE);
}
-
$htmlposts .= "\n
TINYIB_DBMODE is currently mysql in settings.php, but MySQLi is installed. Please change it to mysqli. This will not affect your data.
+TINYIB_DBMODE is currently set to mysql in settings.php, but MySQLi is installed. Please change it to mysqli. This will not affect your data.
EOF; } @@ -1020,8 +1053,21 @@ EOF; } } + if (TINYIB_REPORT && !empty($reports)) { + $posts = array(); + foreach ($reports as $report) { + $post = postByID($report['post']); + if (empty($post)) { + continue; + } + $posts[] = $post; + } + $txt_recent_posts = __('Reported posts'); + } else { + $posts = latestPosts(true); + $txt_recent_posts = __('Recent posts'); + } $post_html = ''; - $posts = latestPosts(true); foreach ($posts as $post) { if ($post_html != '') { $post_html .= '