function ThornDBI($server = THdbserver, $user = THdbuser, $pass = THdbpass, $base = THdbbase)
{
if (isset($this->cxn) == false) {
$this->cxn = mysql_connect($server, $user, $pass) or THdie("DBcxn");
mysql_select_db($base, $this->cxn) or THdie("DBsel");
}
}
echo '<td style="text-align: right; width: 30%;"><a href="logviewer.php?log=' . $_GET['log'] . 'offset=' . $offsetfwd . '">>></a></td>';
} else {
echo '<td class="righthalf">>></td>';
}
echo '</tr></table>';
}
echo '<div style="text-align: left;"><pre>';
if (sizeof($logentries[$chunk_to_use]) == 0) {
echo "No log entries on record.";
} else {
// We could format this later.
foreach ($logentries[$chunk_to_use] as $logentry) {
echo $logentry;
}
}
echo '</pre></div>';
} else {
THdie("Log '" . $logname . " does not exist!");
}
}
?>
</div>
</div>
<?php
include "menu.php";
?>
</body>
</html>
<?php
/*
drydock imageboard script (http://code.573chan.org/)
File: recentpics.php (aka ThornLight)
Description: Show the most recent posted pictures for moderator use
Unless otherwise stated, this code is copyright 2008
by the drydock developers and is released under the
Artistic License 2.0:
http://www.opensource.org/licenses/artistic-license-2.0.php
*/
require_once "config.php";
require_once "common.php";
if (!$_SESSION['admin'] && !$_SESSION['moderator']) {
THdie("Sorry, you do not have the proper permissions set to be here, or you are not logged in.");
} else {
$db = new ThornToolsDBI();
// Init some stuff
if (isset($_GET['board'])) {
$board_folder = trim($_GET['board']);
//trim the board name from get
} else {
$board_folder = "";
}
$boardid = 0;
$boardlink = "";
$offset = 0;
$offsetback = 0;
$offsetfwd = 0;
$count = 0;
// Imglookup is the only one that actually uses a redirect, the rest uses the adminlookup template
// Init some things that MIGHT get set later if we're doing an IP lookup
$single_ip = "";
$posthistory = array();
$banhistory = array();
$banselect = array();
$reports = array();
$boards = array();
// Perform some IP lookup things if requested
if (isset($_GET['action']) && $_GET['action'] == "iplookup") {
$single_ip = trim($_GET['ip']);
if ($single_ip != "") {
$longip = ip2long($single_ip);
// Make sure it's valid
if ($longip === false) {
THdie("Invalid IP of '" . $single_ip . "' provided.");
}
// Get recent reports
$reports = $db->recentreportsfromip($longip);
// Get ban history
$banhistory = $db->getiphistory($longip);
// Get current ban information, if any
$banselect = $db->getban($longip, false);
// don't clear bans (hence the 2nd parameter)
// Get recent posts
$posthistory = $db->recentpostsfromip($longip);
// Set images for each post
foreach ($posthistory as $post) {
$post['images'] = $db->getimgs($post['imgidx']);
}
// Get the boards array to show folders
function putpost($name, $tpass, $link, $boardnumber, $thread, $body, $ip, $mod, $password = "", $tyme = false)
{
$q = "INSERT INTO " . THreplies_table . " (thread,board,body";
$v = " ) VALUES (" . $thread . ",'" . $boardnumber . "','";
$v .= $this->escape_string($body);
$bump = preg_match("/^(mailto:)?sage\$/", $link);
// sage check
//FIX THE REST OF THIS QUERY
$glob = $this->getglobalid($boardnumber);
$q .= ",ip,bump,globalid";
$v .= "'," . $ip . "," . (int) $bump . "," . $glob;
if ($name != null) {
$q .= ", name";
$v .= ",'" . $this->escape_string($name) . "'";
}
if ($tpass != null) {
$q .= ", trip";
$v .= ",'" . $tpass . "'";
}
if ($link != null) {
if (!preg_match("/^(http:|https:|ftp:|mailto:|aim:)/", $link)) {
$link = "mailto:" . $link;
}
$q .= ", link";
$v .= ",'" . $this->escape_string($link) . "'";
}
if ($tyme === false) {
$tyme = time() + THtimeoffset * 60;
}
//echo($q);
if ($password != "") {
$q .= ", password";
$v .= ",'" . $this->escape_string(md5(THsecret_salt . $password)) . "'";
}
$visible = 1;
$v .= "," . $tyme . "," . $visible . ");";
$q .= ", time, visible";
//die($q.$v);
$this->myquery($q . $v) or THdie("DBpost");
//if ($board == THnewsboard) { buildnews(); }
$pnum = sqlite_last_insert_rowid(THdblitefn);
//help
if (!$bump) {
$this->myquery("update " . THthreads_table . " set bump=" . $tyme . " where id=" . $thread . " and permasage = 0");
}
$this->myquery("update " . THboards_table . " set lasttime=" . $tyme . " where id='" . $boardnumber . "'") or THdie("DBpost");
smclearcache($boardnumber, -1, -1);
// clear cache for the board
smclearcache($boardnumber, -1, $thread);
// and for the thread
return $pnum;
}
}
$sm = sminit("popup.tpl");
$sm->assign("text", $message);
$sm->assign("timeout", 5);
// 5s
$sm->assign("title", "Moderation action");
$sm->display("popup.tpl");
die;
} elseif ($_GET['quicker'] == 1) {
// First check if we even have the params we need
if (!isset($_GET['board']) || !isset($_GET['post'])) {
$message = "No post and/or board parameter, nothing to do!";
} else {
$db = new ThornModDBI();
if ($db->checkban()) {
THdie("ADbanned");
}
// Get the board name.
$board_folder = trim($_GET['board']);
// Check for local mod access or global mod/admin access.
if (is_in_csl($board_folder, $_SESSION['mod_array']) != 1 && $_SESSION['admin'] != 1 && $_SESSION['mod_global'] != 1) {
$message = "You are not permitted to moderate posts on this board";
} else {
// Set some stuff up.
$board_id = $db->getboardnumber($board_folder);
// Make sure we retrieved a valid board folder
if ($board_folder == null) {
$message = "That board does not exist!";
} else {
$postid = intval($_GET['post']);
// SQL injection protection :]
/**
* Check if the current session has administrator status
*
* @return bool Is the user an admin?
*/
function checkadmin()
{
if ($_SESSION['admin'] != true) {
THdie("You are not logged in as an administrator!");
}
}
$threadtpl = "thread.tpl";
//oh boy let's split it up more
// Caching ID format: t<board>-<thread global id>-<template>
$cid = "t" . $boardid . "-" . (int) $_GET['i'] . "-" . $template;
$modvar = is_in_csl($boardid, $_SESSION['mod_array']);
// individual board moderator
$sm = sminit($threadtpl, $cid, $template, false, $modvar);
$sm->assign('modvar', $modvar);
$sm->assign('boardmode', $boardmode);
$sm->assign('template', $template);
//here we go with a bunch of retarded variables that later we can turn into an array
$sm->assign('username', $_SESSION['username']);
//Are we using reCAPTCHA?
if (THvc == 1) {
require_once 'recaptchalib.php';
$sm->assign('reCAPTCHAPublic', reCAPTCHAPublic);
}
$sm->assign('comingfrom', "thread");
//OOPS! This will let us pull the thread we WANT not the thread we ASKED FOR. -tyam
$db = new ThornThreadDBI(intval($_GET['i']), $boardid);
// The constructor initializes the $head member to be the assoc-array from the corresponding
// entry in the threads table, so if it's null that means that it wasn't found in the DB.
if ($db->head == null) {
THdie("Sorry, this thread does not exist.");
}
$sm->register_object("it", $db, array("getreplies", "getsthreads", "getindex", "binfo", "head", "blotterentries"));
//$sm->display($threadtpl,$cid);
$sm->display($threadtpl, $cid);
// display extra mod stuff if they have access
if ($_SESSION['admin'] == 1 || $_SESSION['moderator'] == 1 || $modvar) {
$sm->assign('modvar', 1);
function ThornDBI()
{
if (isset($this->cxn) == false) {
$this->cxn = THdblitefn or THdie($sqliteerror);
}
}
smclearcache($board_id, -1, $threadid);
// clear the associated cache for this thread
smclearcache($board_id, -1, -1);
// clear the associated cache for the original board
smclearcache($destboard, -1, -1);
// clear the associated cache for the target board
// Write to the log
$actionstring = "Move thread\t(t:" . $thread . ",ob:" . $postarray['board'] . ") => (tid:" . $newthreadspot . ",b:" . $destboard . ")";
writelog($actionstring, "moderator");
if (THuserewrite) {
THdie('Thread moved.<br /><a href="' . THurl . $destboard_name . '/thread/' . $newthreadspot . '">Return to thread</a>');
} else {
THdie('Thread moved.<br /><a href="' . THurl . 'drydock.php?b=' . $destboard_name . '&i=' . $newthreadspot . '">Return to thread</a>');
}
} else {
THdie("Invalid move thread attempt!");
}
}
// Some stuff might have changed after all that, so let's refetch the data
$postarray = $db->getsinglepost($postid, $board_id);
$postarray['images'] = $db->getimgs($postarray['imgidx']);
// Get the boards array, to possibly show a list for moving
$boards = array();
$boards = $db->getboard();
// No parameters means everything gets fetched
$sm = sminit("adminedit.tpl", null, "_admin", true);
// Admin mode means NO caching. (and we provided a null id anyway)
// $sm->debugging = true; // debug for now
// $sm->debug_tpl = THpath."_Smarty/debug.tpl";
// These can be pretty big, so we're going to assign by reference.
$sm->assign_by_ref("boards", $boards);
/**
* Rebuild the config file, and update options based on the incoming
* array, which contains various parameters
*
* @param array $configpost An array of values whose new values will
* take effect in the new config file
*/
function rebuild_config($configpost)
{
$config = fopen(THpath . "config.php", 'w');
fwrite($config, '<?php' . "\n");
//Stuff that doesn't change
fwrite($config, 'define("ddversion","' . THversion . '");' . "\n");
//we can check against this later, in the upgrade script
fwrite($config, 'define("THpath","' . THpath . '");' . "\n");
fwrite($config, 'define("THurl","' . THurl . '");' . "\n");
fwrite($config, 'define("THcookieid","' . THcookieid . '");' . "\n");
//cookie seed.
fwrite($config, 'define("THsecret_salt","' . THsecret_salt . '");' . "\n");
//Database stuff that doesn't change
fwrite($config, 'define("THdbserver","' . THdbserver . '");' . "\n");
fwrite($config, 'define("THdbuser","' . THdbuser . '");' . "\n");
fwrite($config, 'define("THdbpass","' . THdbpass . '");' . "\n");
fwrite($config, 'define("THdbbase","' . THdbbase . '");' . "\n");
fwrite($config, 'define("THdbtype","' . THdbtype . '");' . "\n");
fwrite($config, 'define("THdbprefix","' . THdbprefix . '");' . "\n");
//tables
fwrite($config, 'define("THbans_table","' . THbans_table . '");' . "\n");
fwrite($config, 'define("THbanhistory_table","' . THbanhistory_table . '");' . "\n");
fwrite($config, 'define("THblotter_table","' . THblotter_table . '");' . "\n");
fwrite($config, 'define("THboards_table","' . THboards_table . '");' . "\n");
fwrite($config, 'define("THcapcodes_table","' . THcapcodes_table . '");' . "\n");
fwrite($config, 'define("THextrainfo_table","' . THextrainfo_table . '");' . "\n");
fwrite($config, 'define("THfilters_table","' . THfilters_table . '");' . "\n");
fwrite($config, 'define("THimages_table","' . THimages_table . '");' . "\n");
fwrite($config, 'define("THpages_table","' . THpages_table . '");' . "\n");
fwrite($config, 'define("THreplies_table","' . THreplies_table . '");' . "\n");
fwrite($config, 'define("THreports_table","' . THreports_table . '");' . "\n");
fwrite($config, 'define("THthreads_table","' . THthreads_table . '");' . "\n");
fwrite($config, 'define("THusers_table","' . THusers_table . '");' . "\n");
fwrite($config, "\n");
//Stuff that might have changed
$ppp = (int) abs($configpost['THjpegqual']);
if ($ppp > 100) {
$ppp = 100;
}
//yeah, let's upsample the jpegs >:[
fwrite($config, 'define("THjpegqual",' . $ppp . ');' . "\n");
if (!isset($configpost['THdupecheck'])) {
$configpost['THdupecheck'] = NULL;
}
fprintf($config, "define(\"THdupecheck\", %d);\n", $configpost['THdupecheck'] == "on");
fwrite($config, "\n");
//Template settings
if (!isset($configpost['THuserewrite'])) {
$configpost['THuserewrite'] = NULL;
}
fprintf($config, "define(\"THuserewrite\", %d);\n", $configpost['THuserewrite'] == "on");
//Default template set
$newtplset = str_replace('"', "", $configpost['THtplset']);
fwrite($config, 'define("THtplset","' . $newtplset . '");' . "\n");
if (!isset($configpost['THtpltest'])) {
$configpost['THtpltest'] = NULL;
}
fprintf($config, "define(\"THtpltest\", %d);\n", $configpost['THtpltest'] == "on");
// I think this code is for when we were restricted to only one template set for the boards.
// Ah, the bad old days.
//if ($tpltest || $newtplset!=THtplset)
//{
//Frag cache for template testing mode and if template set was changed
//$sm->clear_all_cache();
//$sm->clear_compiled_tpl();
//}
//We need to handle this differently now. If they turn on reCAPTCHA without the lib, the pages just won't load and won't produce an error. So let's fix that by causing an error.
if ((int) $configpost['THvc'] == 1 && !file_exists($path . "recaptchalib.php")) {
fwrite($config, 'define("THvc",' . THvc . ');' . "\n");
//NO CHANGE ALLOWED!
$recaptchaerror = "You need to get recaptchalib.php from <a href='http://google.com/recaptcha/'>Google</a>!<br />" . "All settings were saved except anti-spam.<br /><br />" . '<a href="' . $path . 'admin.php?a=g">continue</a>';
} else {
//Allow the change... unless the keys aren't set!
if ($configpost['reCAPTCHAPublic'] == NULL || $configpost['reCAPTCHAPrivate'] == NULL) {
fwrite($config, 'define("reCAPTCHAPublic","' . reCAPTCHAPublic . '");' . "\n");
fwrite($config, 'define("reCAPTCHAPrivate","' . reCAPTCHAPrivate . '");' . "\n");
$recaptchaerror = "reCAPTCHA keys must be set to use it. You can get keys from <a href='http://google.com/recaptcha/'>Google</a>!<br />" . "All settings were saved except anti-spam.<br /><br />" . '<a href="' . $path . 'admin.php?a=g">continue</a>';
} else {
//Sounds good, chief.
fwrite($config, 'define("THvc",' . (int) $configpost['THvc'] . ');' . "\n");
fwrite($config, 'define("reCAPTCHAPublic","' . $configpost['reCAPTCHAPublic'] . '");' . "\n");
fwrite($config, 'define("reCAPTCHAPrivate","' . $configpost['reCAPTCHAPrivate'] . '");' . "\n");
}
}
fwrite($config, "\n");
//Time settings
fwrite($config, 'define("THtimeoffset",' . (int) $configpost['THtimeoffset'] . ');' . "\n");
fwrite($config, 'define("THdatetimestring","' . str_replace('"', "", $configpost['THdatetimestring']) . '");' . "\n");
fwrite($config, "\n");
//Site settings
fwrite($config, 'define("THname","' . str_replace('"', "", $configpost['THname']) . '");' . "\n");
fwrite($config, 'define("THnewsboard",' . (int) $configpost['THnewsboard'] . ');' . "\n");
fwrite($config, 'define("THmodboard",' . (int) $configpost['THmodboard'] . ');' . "\n");
fwrite($config, 'define("THdefaulttext","' . str_replace('"', "", $configpost['THdefaulttext']) . '");' . "\n");
fwrite($config, 'define("THdefaultname","' . str_replace('"', "", $configpost['THdefaultname']) . '");' . "\n");
fwrite($config, "\n");
//Utility settings
fwrite($config, 'define("THpearpath","' . str_replace('"', "", $configpost['THpearpath']) . '");' . "\n");
if (!isset($configpost['THuseSVG'])) {
$configpost['THuseSVG'] = NULL;
}
fprintf($config, "define(\"THuseSVG\", %d);\n", $configpost['THuseSVG'] == "on");
fwrite($config, 'define("THSVGthumbnailer",' . (int) $configpost['THSVGthumbnailer'] . ');' . "\n");
if (!isset($configpost['THusePDF'])) {
$configpost['THusePDF'] = NULL;
}
fprintf($config, "define(\"THusePDF\", %d);\n", $configpost['THusePDF'] == "on");
if (!isset($configpost['THuseSWFmeta'])) {
$configpost['THuseSWFmeta'] = NULL;
}
fprintf($config, "define(\"THuseSWFmeta\", %d);\n", $configpost['THuseSWFmeta'] == "on");
if (!isset($configpost['THusecURL'])) {
$configpost['THusecURL'] = NULL;
}
fprintf($config, "define(\"THusecURL\", %d);\n", $configpost['THusecURL'] == "on");
if (!isset($configpost['DDDEBUG'])) {
$configpost['DDDEBUG'] = NULL;
}
fprintf($config, "define(\"DDDEBUG\", %d);\n", $configpost['DDDEBUG'] == "on");
fwrite($config, "\n");
//Profile settings
fwrite($config, 'define("THprofile_adminlevel",' . THprofile_adminlevel . ');' . "\n");
//should not need to be changed
fwrite($config, 'define("THprofile_userlevel",' . THprofile_userlevel . ');' . "\n");
//ditto
fwrite($config, 'define("THprofile_emailname","' . $configpost['THprofile_emailname'] . '");' . "\n");
fwrite($config, 'define("THprofile_emailaddr","' . $configpost['THprofile_emailaddr'] . '");' . "\n");
fwrite($config, 'define("THprofile_regpolicy",' . (int) $configpost['THprofile_regpolicy'] . ');' . "\n");
//1=manual, !=1 = auto approve
fwrite($config, 'define("THprofile_viewuserpolicy",' . (int) $configpost['THprofile_viewuserpolicy'] . ');' . "\n");
//1=logged in only, 2=anyone, 0=mods only
fwrite($config, 'define("THprofile_cookietime",' . (int) $configpost['THprofile_cookietime'] * 3600 . ');' . "\n");
fwrite($config, 'define("THprofile_cookiepath","' . $configpost['THprofile_cookiepath'] . '");' . "\n");
//should be "/" probably
if (!isset($configpost['THprofile_emailwelcome'])) {
$configpost['THprofile_emailwelcome'] = NULL;
}
fprintf($config, "define(\"THprofile_emailwelcome\", %d);\n", $configpost['THprofile_emailwelcome'] == "on");
//1=send
if (!isset($configpost['THprofile_lcnames'])) {
$configpost['THprofile_lcnames'] = NULL;
}
fprintf($config, "define(\"THprofile_lcnames\", %d);\n", $configpost['THprofile_lcnames'] == "on");
//1 = names are converted to lowercase
fwrite($config, 'define("THprofile_maxpicsize",' . $configpost['THprofile_maxpicsize'] . ');' . "\n");
//in bytes
fwrite($config, '?>');
//some editors break colors here so <?
fclose($config);
//file's closed, fwrites, etc
//Let's take care of that error.
if ($recaptchaerror) {
THdie($recaptchaerror);
}
}
THdie("POnonewth");
}
//File checking and processing here, I suppose.
$filemessages = array();
// Array of strings regarding "bad" files
$goodfiles = checkfiles($binfo, $filemessages);
//echo(count($goodfiles));
if ($binfo['tpix'] == 0 && count($goodfiles) > 0 && $mod == false) {
THdie("POthnopix");
}
if ($binfo['tpix'] == 2 && count($goodfiles) == 0 && $mod == false) {
THdie("POthmustpix");
}
if (count($goodfiles) == 0 && !$_POST['body'] && $mod == false) {
//oops, tyam moment
THdie("You must post images or leave a comment.");
}
$pin = (int) ($_POST['pin'] == "on" && $mod);
$lock = (int) ($_POST['lock'] == "on" && $mod);
$permasage = (int) ($_POST['permasage'] == "on" && $mod);
$usethese = preptrip($_POST['nombre']);
if (preg_match("/^(mailto:)?noko\$/", $_POST['link'])) {
//hide noko
$datlink = "";
} else {
$datlink = $_POST['link'];
}
$tnum = $db->putthread($usethese['nombre'], $usethese['trip'], $binfo['id'], $_POST['subj'], $_POST['body'], $datlink, ip2long($_SERVER['REMOTE_ADDR']), $mod, $pin, $lock, $permasage, $_POST['password']);
movefiles($goodfiles, $tnum, true, $binfo, $db);
$sm = smsimple();
$sm->clear_cache(null, $board);
function putpost($name, $tpass, $link, $boardnumber, $thread, $body, $ip, $mod, $password = "", $tyme = false)
{
$q = "insert into " . THreplies_table . " set thread=" . $thread . ", board=" . $boardnumber . ", body='";
if ($boardnumber == THmodboard) {
$q .= $this->escape_string($body);
} else {
$q .= $this->clean($body);
}
$bump = preg_match("/^(mailto:)?sage\$/", $link);
// sage check
$q .= "', ip=" . $ip . ", bump=" . (int) $bump;
$globalid = $this->getglobalid($boardnumber);
$q .= ", globalid=" . $globalid;
if ($name != null) {
$q .= ", name='" . $this->clean($name) . "'";
}
if ($tpass != null) {
$q .= ", trip='" . $tpass . "'";
}
$bump = preg_match("/^(mailto:)?sage\$/", $link);
if ($link != null) {
if (!preg_match("/^(http:|https:|ftp:|mailto:|aim:)/", $link)) {
$link = "mailto:" . $link;
}
$q .= ", link='" . $this->clean($link) . "'";
}
if ($tyme === false) {
$tyme = time() + THtimeoffset * 60;
}
if ($password != "") {
$q .= ", password='******'";
}
//echo($q);
$this->myquery($q . ", time=" . $tyme) or THdie("DBpost");
//if ($board == THnewsboard) { buildnews(); }
$pnum = mysql_insert_id();
if (!$bump) {
$this->myquery("update " . THthreads_table . " set bump=" . $tyme . " where id=" . $thread . " and permasage = 0");
}
$this->myquery("update " . THboards_table . " set lasttime=" . $tyme . " where id='" . $boardnumber . "'") or THdie("DBpost");
smclearcache($boardnumber, -1, -1);
// clear cache for the board
smclearcache($boardnumber, -1, $thread);
// and for the thread
return $pnum;
}
// Don't bother checking if the id actually
// refers to something that exists - the way our SQL
// queries work, it won't make a difference because in
// that case there will be nothing matching the "WHERE ID=___"
// clause.
// Clean up the incoming parameters
$id = intval($_POST['id']);
$name = trim($_POST['name']);
$title = trim($_POST['title']);
$content = $_POST['content'];
$publish = intval($_POST['publish']);
// Check name/title aren't empty
if ($name == "" || $title == "") {
THdie("Invalid name and/or title parameter provided.");
}
// Now we check if it exists (we check with ID because we don't
// want to match the current page we're editing)
if ($db->checkstaticpagename($name, $id) == true) {
THdie("Another static page already has name '" . $name . "'.");
}
// Check publish parameter
if ($publish < 0 || $publish > 3) {
THdie("Invalid publish option specified!");
}
// Everything checked out, so let's clear the cache and update
// the info
smclearpagecache($id);
$db->editstaticpage($id, $name, $title, $content, $publish);
// Redirect!
header("Location: " . THurl . "admin.php?a=spe&id=" . $id);
}
