parent
392609cab8
commit
4ed5f2e125
10 changed files with 31 additions and 20 deletions
10
imgboard.php
10
imgboard.php
|
@ -271,7 +271,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
|
|||
checkCAPTCHA(TINYIB_CAPTCHA);
|
||||
checkFlood();
|
||||
}
|
||||
|
||||
|
||||
$rawpost = isRawPost();
|
||||
$rawposttext = '';
|
||||
if (!$rawpost) {
|
||||
|
@ -304,7 +304,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
|
|||
$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
|
||||
}
|
||||
|
||||
$post['ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
$post['ip'] = remoteAddress();
|
||||
|
||||
if ($rawpost || !in_array('name', $hide_fields)) {
|
||||
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
|
||||
|
@ -389,7 +389,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
|
|||
|
||||
$expire_txt = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
|
||||
$reason_txt = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
|
||||
fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
|
||||
fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -575,7 +575,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
|
|||
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
|
||||
}
|
||||
|
||||
$report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
|
||||
$report = reportByIP($post['id'], remoteAddress());
|
||||
if (!empty($report)) {
|
||||
fancyDie(__('You have already submitted a report for that post.'));
|
||||
}
|
||||
|
@ -634,7 +634,7 @@ EOF;
|
|||
}
|
||||
}
|
||||
|
||||
$report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
|
||||
$report = array('ip' => remoteAddress(), 'post' => $post['id']);
|
||||
insertReport($report);
|
||||
|
||||
fancyDie(__('Post reported.'));
|
||||
|
|
|
@ -403,8 +403,8 @@ function trimThreads() {
|
|||
|
||||
function lastPostByIP() {
|
||||
$compClause = new OrWhereClause();
|
||||
$compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
|
||||
$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
|
||||
$compClause->add(new SimpleWhereClause(POST_IP, '=', remoteAddress(), STRING_COMPARISON));
|
||||
$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData(remoteAddress()), STRING_COMPARISON));
|
||||
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
|
||||
return convertPostsToSQLStyle($rows, true);
|
||||
}
|
||||
|
|
|
@ -169,7 +169,7 @@ function threadExistsByID($id) {
|
|||
}
|
||||
|
||||
function insertPost($post) {
|
||||
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
|
||||
mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
|
||||
return mysql_insert_id();
|
||||
}
|
||||
|
||||
|
@ -268,7 +268,7 @@ function trimThreads() {
|
|||
}
|
||||
|
||||
function lastPostByIP() {
|
||||
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
|
||||
$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string(remoteAddress()) . "' OR `ip` = '" . mysql_real_escape_string(hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
|
||||
if ($replies) {
|
||||
while ($post = mysql_fetch_assoc($replies)) {
|
||||
return $post;
|
||||
|
|
|
@ -195,7 +195,7 @@ function threadExistsByID($id) {
|
|||
|
||||
function insertPost($post) {
|
||||
global $link;
|
||||
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
|
||||
mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
|
||||
return mysqli_insert_id($link);
|
||||
}
|
||||
|
||||
|
@ -307,7 +307,7 @@ function trimThreads() {
|
|||
|
||||
function lastPostByIP() {
|
||||
global $link;
|
||||
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
|
||||
$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, remoteAddress()) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
|
||||
if ($replies) {
|
||||
while ($post = mysqli_fetch_assoc($replies)) {
|
||||
return $post;
|
||||
|
|
|
@ -152,7 +152,7 @@ function insertPost($post) {
|
|||
$now = time();
|
||||
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
|
||||
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
||||
$stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
|
||||
$stm->execute(array($post['parent'], $now, $now, hashData(remoteAddress()), $post['name'], $post['tripcode'], $post['email'],
|
||||
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
|
||||
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
|
||||
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
|
||||
|
@ -254,7 +254,7 @@ function trimThreads() {
|
|||
}
|
||||
|
||||
function lastPostByIP() {
|
||||
$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array($_SERVER['REMOTE_ADDR'], hashData($_SERVER['REMOTE_ADDR'])));
|
||||
$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array(remoteAddress(), hashData(remoteAddress())));
|
||||
return $result->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
|
|
|
@ -147,7 +147,7 @@ function threadExistsByID($id) {
|
|||
}
|
||||
|
||||
function insertPost($post) {
|
||||
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
|
||||
sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
|
||||
return sqlite_last_insert_rowid($GLOBALS["db"]);
|
||||
}
|
||||
|
||||
|
@ -236,7 +236,7 @@ function trimThreads() {
|
|||
}
|
||||
|
||||
function lastPostByIP() {
|
||||
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
|
||||
$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string(remoteAddress()) . "' OR ip = '" . sqlite_escape_string(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
|
||||
foreach ($result as $post) {
|
||||
return $post;
|
||||
}
|
||||
|
|
|
@ -171,7 +171,7 @@ function threadExistsByID($id) {
|
|||
|
||||
function insertPost($post) {
|
||||
global $db;
|
||||
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
|
||||
$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
|
||||
return $db->lastInsertRowID();
|
||||
}
|
||||
|
||||
|
@ -273,7 +273,7 @@ function trimThreads() {
|
|||
|
||||
function lastPostByIP() {
|
||||
global $db;
|
||||
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
|
||||
$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString(remoteAddress()) . "' OR ip = '" . $db->escapeString(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1");
|
||||
while ($post = $result->fetchArray()) {
|
||||
return $post;
|
||||
}
|
||||
|
|
|
@ -76,6 +76,9 @@ if (!defined('TINYIB_REQMOD')) {
|
|||
if (!defined('TINYIB_AUTOREFRESH')) {
|
||||
define('TINYIB_AUTOREFRESH', 30);
|
||||
}
|
||||
if (!defined('TINYIB_CLOUDFLARE')) {
|
||||
define('TINYIB_CLOUDFLARE', false);
|
||||
}
|
||||
if (!defined('TINYIB_DISALLOWTHREADS')) {
|
||||
define('TINYIB_DISALLOWTHREADS', '');
|
||||
}
|
||||
|
|
|
@ -259,7 +259,7 @@ function checkCAPTCHA($mode) {
|
|||
$failed_captcha = true;
|
||||
|
||||
$recaptcha = new \ReCaptcha\ReCaptcha(TINYIB_RECAPTCHA_SECRET);
|
||||
$resp = $recaptcha->verify($captcha, $_SERVER['REMOTE_ADDR']);
|
||||
$resp = $recaptcha->verify($captcha, remoteAddress());
|
||||
if ($resp->isSuccess()) {
|
||||
$failed_captcha = false;
|
||||
}
|
||||
|
@ -296,12 +296,12 @@ function checkCAPTCHA($mode) {
|
|||
}
|
||||
|
||||
function checkBanned() {
|
||||
$ban = banByIP($_SERVER['REMOTE_ADDR']);
|
||||
$ban = banByIP(remoteAddress());
|
||||
if ($ban) {
|
||||
if ($ban['expire'] == 0 || $ban['expire'] > time()) {
|
||||
$expire = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
|
||||
$reason = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
|
||||
fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire . $reason);
|
||||
fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire . $reason);
|
||||
} else {
|
||||
clearExpiredBans();
|
||||
}
|
||||
|
@ -785,6 +785,13 @@ function attachFile($post, $filepath, $filename, $uploaded) {
|
|||
return $post;
|
||||
}
|
||||
|
||||
function remoteAddress() {
|
||||
if (TINYIB_CLOUDFLARE) {
|
||||
return $_SERVER['HTTP_CF_CONNECTING_IP'];
|
||||
}
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
function installedViaGit() {
|
||||
return is_dir('.git');
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to
|
|||
define('TINYIB_REPORT', false); // Allow users to report posts
|
||||
define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable]
|
||||
define('TINYIB_AUTOREFRESH', 30); // Delay (in seconds) between attempts to refresh a thread automatically [0 to disable]
|
||||
define('TINYIB_CLOUDFLARE', false); // Only enable when the site is served via Cloudflare to identify IP addresses correctly
|
||||
define('TINYIB_DISALLOWTHREADS', ''); // When set, users attempting to post a new thread are shown this message instead ['' to disable]
|
||||
define('TINYIB_DISALLOWREPLIES', ''); // When set, users attempting to post a reply are shown this message instead ['' to disable]
|
||||
|
||||
|
|
Loading…
Reference in a new issue