function mod_login($redirect = false)
{
global $config;
$args = array();
if (isset($_POST['login'])) {
// Check if inputs are set and not empty
if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
$args['error'] = $config['error']['invalid'];
} elseif (!login($_POST['username'], $_POST['password'])) {
if ($config['syslog']) {
_syslog(LOG_WARNING, 'Unauthorized login attempt!');
}
$args['error'] = $config['error']['invalid'];
} else {
modLog('Logged in');
// Login successful
// Set cookies
setCookies();
if ($redirect) {
header('Location: ?' . $redirect, true, $config['redirect_http']);
} else {
header('Location: ?/', true, $config['redirect_http']);
}
}
}
if (isset($_POST['username'])) {
$args['username'] = $_POST['username'];
}
mod_page(_('Login'), 'mod/login.html', $args);
}
function error($message, $priority = true)
{
global $board, $mod, $config;
if ($config['syslog'] && $priority !== false) {
// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
}
if (defined('STDIN')) {
// Running from CLI
die('Error: ' . $message . "\n");
}
die(Element('page.html', array('config' => $config, 'title' => 'Error', 'subtitle' => 'An error has occured.', 'body' => '<center>' . '<h2>' . _($message) . '</h2>' . (isset($board) ? "<p><a href=\"" . $config['root'] . ($mod ? $config['file_mod'] . '?/' : '') . $board['dir'] . $config['file_index'] . "\">Go back</a>.</p>" : '') . '</center>')));
}
function error($message, $priority = true, $debug_stuff = false)
{
global $board, $mod, $config, $db_error;
if (isset($debug_stuff['file'])) {
$message .= " {$debug_stuff['file']}";
}
if ($config['syslog'] && $priority !== false) {
// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
}
if (defined('STDIN')) {
// Running from CLI
echo 'Error: ' . $message . "\n";
debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
die;
}
if ($config['debug'] && isset($db_error)) {
$debug_stuff = array_combine(array('SQLSTATE', 'Error code', 'Error message'), $db_error);
}
if ($config['debug']) {
$debug_stuff['backtrace'] = debug_backtrace();
}
// Return the bad request header, necessary for AJAX posts
// czaks: is it really so? the ajax errors only work when this is commented out
// better yet use it when ajax is disabled
if (!isset($_POST['json_response'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
}
// Is there a reason to disable this?
if (isset($_POST['json_response'])) {
header('Content-Type: text/json; charset=utf-8');
die(json_encode(array('error' => $message)));
}
$pw = $config['db']['password'];
$debug_callback = function (&$item) use(&$debug_callback, $pw) {
if (is_array($item)) {
$item = array_filter($item, $debug_callback);
}
return $item !== $pw || !$pw;
};
if ($debug_stuff) {
$debug_stuff = array_filter($debug_stuff, $debug_callback);
}
die(Element('page.html', array('config' => $config, 'title' => _('Error'), 'subtitle' => _('An error has occured.'), 'body' => Element('error.html', array('config' => $config, 'message' => $message, 'mod' => $mod, 'board' => isset($board) ? $board : false, 'debug' => is_array($debug_stuff) ? str_replace("\n", ' ', utf8tohtml(print_r($debug_stuff, true))) : utf8tohtml($debug_stuff))))));
}
function modLog($action, $_board = null)
{
global $mod, $board, $config;
$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':text', $action);
if (isset($_board)) {
$query->bindValue(':board', $_board);
} elseif (isset($board)) {
$query->bindValue(':board', $board['uri']);
} else {
$query->bindValue(':board', null, PDO::PARAM_NULL);
}
$query->execute() or error(db_error($query));
if ($config['syslog']) {
_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
}
}
function error($message, $priority = true, $debug_stuff = false)
{
global $board, $mod, $config, $db_error;
if ($config['syslog'] && $priority !== false) {
// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
}
if (defined('STDIN')) {
// Running from CLI
die('Error: ' . $message . "\n");
}
if ($config['debug'] && isset($db_error)) {
$debug_stuff = array_combine(array('SQLSTATE', 'Error code', 'Error message'), $db_error);
}
// Is there a reason to disable this?
if (isset($_POST['json_response'])) {
header('Content-Type: text/json; charset=utf-8');
die(json_encode(array('error' => $message)));
}
die(Element('page.html', array('config' => $config, 'title' => _('Error'), 'subtitle' => _('An error has occured.'), 'body' => Element('error.html', array('config' => $config, 'message' => $message, 'mod' => $mod, 'board' => isset($board) ? $board : false, 'debug' => is_array($debug_stuff) ? str_replace("\n", ' ', utf8tohtml(print_r($debug_stuff, true))) : utf8tohtml($debug_stuff))))));
}
$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards, :email)');
$query->bindValue(':username', $username);
$query->bindValue(':password', $password);
$query->bindValue(':salt', $salt);
$query->bindValue(':type', 20);
$query->bindValue(':boards', $uri);
$query->bindValue(':email', $email);
$query->execute() or error(db_error($query));
$query = prepare('INSERT INTO ``boards`` (`uri`, `title`, `subtitle`) VALUES (:uri, :title, :subtitle)');
$query->bindValue(':uri', $_POST['uri']);
$query->bindValue(':title', $_POST['title']);
$query->bindValue(':subtitle', $_POST['subtitle']);
$query->execute() or error(db_error($query));
$query = Element('posts.sql', array('board' => $uri));
query($query) or error(db_error());
if (!openBoard($_POST['uri'])) {
error(_("Couldn't open board after creation."));
}
if ($config['cache']['enabled']) {
cache::delete('all_boards');
}
// Build the board
buildIndex();
rebuildThemes('boards');
$query = prepare("INSERT INTO ``board_create``(uri) VALUES(:uri)");
$query->bindValue(':uri', $uri);
$query->execute() or error(db_error());
_syslog(LOG_NOTICE, "New board: {$uri}");
$body = Element("8chan/create_success.html", array("config" => $config, "password" => $_POST['password'], "uri" => $uri));
echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Success"), "subtitle" => _("This was a triumph")));
}
function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true)
{
global $config;
if ($config['syslog'] && $priority !== false) {
// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
}
// Yes, this is horrible.
die('<!DOCTYPE html><html><head><title>Error</title>' . '<style type="text/css">' . 'body{text-align:center;font-family:arial, helvetica, sans-serif;font-size:10pt;}' . 'p{padding:0;margin:20px 0;}' . 'p.c{font-size:11px;}' . '</style></head>' . '<body><h2>Error</h2>' . $message . '<hr/>' . '<p class="c">This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.</p></body></html>');
}
}
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
}
foreach ($filters as $name => $value) {
if (!empty($like)) {
$like .= ' AND ';
}
$like .= '`' . $name . '` = ' . $pdo->quote($value);
}
$like = str_replace('%', '%%', $like);
$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
$query->bindValue(':limit', $search_limit, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if ($query->rowCount() == $search_limit) {
_syslog(LOG_WARNING, 'Query too broad.');
$body .= '<p class="unimportant" style="text-align:center">(' . _('Query too broad.') . ')</p>';
echo Element('page.html', array('config' => $config, 'title' => 'Search', 'body' => $body));
exit;
}
$temp = '';
while ($post = $query->fetch()) {
if (!$post['thread']) {
$po = new Thread($post);
} else {
$po = new Post($post);
}
$temp .= $po->build(true) . '<hr/>';
}
if (!empty($temp)) {
$_body .= '<fieldset><legend>' . sprintf(ngettext('%d result in', '%d results in', $query->rowCount()), $query->rowCount()) . ' <a href="/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . '</a></legend>' . $temp . '</fieldset>';
function _error($data)
{
// we also print out the error message to the debug log, if activated
_syslog(LOG_ERR, $data);
}
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
// If not logged in
if (!$mod) {
if (isset($_POST['login'])) {
// Check if inputs are set and not empty
if (!isset($_POST['username']) || !isset($_POST['password']) || empty($_POST['username']) || empty($_POST['password'])) {
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
}
if (!login($_POST['username'], $_POST['password'])) {
if ($config['syslog']) {
_syslog(LOG_WARNING, 'Unauthorized login attempt!');
}
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
}
modLog("Logged in.");
// Login successful
// Set cookies
setCookies();
// Redirect
if (isset($_POST['redirect'])) {
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
} else {
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
}
} else {
loginForm(false, false, '?' . $query);
}
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if ($noko) {
$redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : '');
if (!$post['op'] && isset($_SERVER['HTTP_REFERER'])) {
$regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'page50' => str_replace('%d', '(\\d+)', preg_quote($config['file_page50'], '/')), 'res' => preg_quote($config['dir']['res'], '/'));
if (preg_match('/\\/' . $regex['board'] . $regex['res'] . $regex['page50'] . '([?&].*)?$/', $_SERVER['HTTP_REFERER'])) {
$redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page50'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : '');
}
}
} else {
$redirect = $root . $board['dir'] . $config['file_index'];
}
buildThread($post['op'] ? $id : $post['thread']);
if ($config['syslog']) {
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : ''));
}
if (!$post['mod']) {
header('X-Associated-Content: "' . $redirect . '"');
}
if (!isset($_POST['json_response'])) {
header('Location: ' . $redirect, true, $config['redirect_http']);
} else {
header('Content-Type: text/json; charset=utf-8');
echo json_encode(array('redirect' => $redirect, 'noko' => $noko, 'id' => $id));
}
if ($config['try_smarter'] && $post['op']) {
$build_pages = range(1, $config['max_pages']);
}
if ($post['op']) {
clean();
}
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if ($noko) {
$redirect = $root . $board['dir'] . $config['dir']['res'] . link_for($post, false, false, $thread) . (!$post['op'] ? '#' . $id : '');
if (!$post['op'] && isset($_SERVER['HTTP_REFERER'])) {
$regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'page50' => '(' . str_replace('%d', '(\\d+)', preg_quote($config['file_page50'], '/')) . '|' . str_replace(array('%d', '%s'), array('(\\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '/')) . ')', 'res' => preg_quote($config['dir']['res'], '/'));
if (preg_match('/\\/' . $regex['board'] . $regex['res'] . $regex['page50'] . '([?&].*)?$/', $_SERVER['HTTP_REFERER'])) {
$redirect = $root . $board['dir'] . $config['dir']['res'] . link_for($post, true, false, $thread) . (!$post['op'] ? '#' . $id : '');
}
}
} else {
$redirect = $root . $board['dir'] . $config['file_index'];
}
buildThread($post['op'] ? $id : $post['thread']);
if ($config['syslog']) {
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : ''));
}
if (!$post['mod']) {
header('X-Associated-Content: "' . $redirect . '"');
}
if (!isset($_POST['json_response'])) {
header('Location: ' . $redirect, true, $config['redirect_http']);
} else {
header('Content-Type: text/json; charset=utf-8');
echo json_encode(array('redirect' => $redirect, 'noko' => $noko, 'id' => $id));
}
if ($config['try_smarter'] && $post['op']) {
$build_pages = range(1, $config['max_pages']);
}
if ($post['op']) {
clean();
unset($user_boards[array_search($board['uri'], $user_boards)]);
$_query = prepare('UPDATE ``mods`` SET `boards` = :boards WHERE `id` = :id');
$_query->bindValue(':boards', implode(',', $user_boards));
$_query->bindValue(':id', $user['id']);
$_query->execute() or error(db_error($_query));
}
}
// Delete entire board directory
exec('rm -rf ' . $board['uri'] . '/');
rrmdir('static/banners/' . $board['uri']);
file_unlink("stylesheets/board/{$board['uri']}.css");
// HAAAAAX
if ($config['dir']['img_root'] != '') {
rrmdir($config['dir']['img_root'] . $board['uri']);
}
if ($config['cache']['enabled']) {
cache::delete('board_' . $board['uri']);
}
_syslog(LOG_NOTICE, "Board deleted: {$board['uri']}");
if ($d['mod']) {
$query = prepare('DELETE FROM ``mods`` WHERE `username` = BINARY :id');
$query->bindValue(':id', $d['mod']);
$query->execute() or error(db_error($query));
}
}
fclose($f);
}
cache::delete('all_boards_uri');
cache::delete('all_boards');
rebuildThemes('boards');
$query = query('DELETE FROM board_create WHERE uri NOT IN (SELECT uri FROM boards);') or error(db_error());
