}
$post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
if (isset($_POST['no-bump'])) {
if (!empty($post['email'])) {
$post['email'] .= '+sage';
} else {
$post['email'] = 'sage';
}
}
$post['body'] = $_POST['body'];
$post['password'] = $_POST['password'];
$post['has_file'] = !isset($post['embed']) && ($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op'] || !empty($_FILES['file']['name']));
// Handle our Tor users
$tor = checkDNSBL();
if ($tor && !(isset($_SERVER['HTTP_X_TOR'], $_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] == '127.0.0.2' && ($_SERVER['HTTP_X_TOR'] = 'true'))) {
error('To post on 8chan over Tor, you must use the hidden service for security reasons. You can find it at <a href="http://fullchan4jtta4sx.onion">http://fullchan4jtta4sx.onion</a>.');
}
if ($tor && $post['has_file'] && !$config['tor_image_posting']) {
error('Sorry. Tor users can\'t upload files on this board.');
}
if ($tor && !$config['tor_posting']) {
error('Sorry. The owner of this board has decided not to allow Tor posters for some reason...');
}
if ($post['has_file'] && $config['disable_images']) {
error($config['error']['images_disabled']);
}
if (!($post['has_file'] || isset($post['embed'])) || ($post['op'] && $config['force_body_op'] || !$post['op'] && $config['force_body'])) {
// http://stackoverflow.com/a/4167053
$stripped_whitespace = preg_replace('/^[\\pZ\\pC]+|[\\pZ\\pC]+$/u', '', $post['body']);
function mod_ban_post($board, $delete, $post, $token = false)
{
global $config, $mod;
if (!openBoard($board)) {
error($config['error']['noboard']);
}
if (!hasPermission($config['mod']['delete'], $board)) {
error($config['error']['noaccess']);
}
$security_token = make_secure_link_token($board . '/ban/' . $post);
$query = prepare(sprintf('SELECT ' . ($config['ban_show_post'] ? '*' : '`ip`, `thread`') . ' FROM ``posts_%s`` WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if (!($_post = $query->fetch(PDO::FETCH_ASSOC))) {
error($config['error']['404']);
}
$thread = $_post['thread'];
$ip = $_post['ip'];
$tor = checkDNSBL($ip);
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
require_once 'inc/mod/ban.php';
if (isset($_POST['ip'])) {
$ip = $_POST['ip'];
}
if (isset($_POST['range'])) {
$ip = $ip . $_POST['range'];
}
Bans::new_ban($ip, $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board'], false, $config['ban_show_post'] ? $_post : false);
if (isset($_POST['public_message'], $_POST['message'])) {
// public ban message
$length_english = Bans::parse_time($_POST['length']) ? 'for ' . until(Bans::parse_time($_POST['length'])) : 'permanently';
$_POST['message'] = preg_replace('/[\\r\\n]/', '', $_POST['message']);
$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($_POST['message'])));
$query->execute() or error(db_error($query));
rebuildPost($post);
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message']));
buildThread($thread ? $thread : $post);
buildIndex();
} elseif (isset($_POST['delete']) && (int) $_POST['delete']) {
// Delete post
deletePost($post);
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
// Rebuild themes
rebuildThemes('post-delete', $board);
}
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
$args = array('ip' => $ip, 'hide_ip' => !hasPermission($config['mod']['show_ip'], $board), 'post' => $post, 'board' => $board, 'tor' => $tor, 'delete' => (bool) $delete, 'boards' => listBoards(), 'token' => $security_token);
mod_page(_('New ban'), 'mod/ban_form.html', $args);
}
error($config['error']['bot']);
}
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer($config['recaptcha_private'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if (!$resp->is_valid) {
error($config['error']['captcha']);
}
}
if (!($post['op'] && $_POST['post'] == $config['button_newtopic'] || !$post['op'] && $_POST['post'] == $config['button_reply'])) {
error($config['error']['bot']);
}
// Check the referrer
if ($config['referer_match'] !== false && (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
error($config['error']['referer']);
}
checkDNSBL();
// Check if banned
checkBan($board['uri']);
if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
require 'inc/mod/auth.php';
if (!$mod) {
// Liar. You're not a mod.
error($config['error']['notamod']);
}
$post['sticky'] = $post['op'] && isset($_POST['sticky']);
$post['locked'] = $post['op'] && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) {
<?php
include 'inc/functions.php';
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$captcha = generate_captcha($config['captcha']['extra']);
$html = "{$captcha['html']}<br/>\n\t\t<input class='captcha_text' name='captcha_text' size='25' maxlength='6' autocomplete='off' type='text'>\n\t\t<input class='captcha_cookie' name='captcha_cookie' type='hidden' autocomplete='off' value='{$captcha['cookie']}'><br/>";
$body = Element("8chan/dnsbls.html", array("config" => $config, "ayah_html" => $html));
echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Bypass DNSBL"), "subtitle" => _("Post even if blocked")));
} else {
$resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query(['mode' => 'check', 'text' => $_POST['captcha_text'], 'extra' => $config['captcha']['extra'], 'cookie' => $_POST['captcha_cookie']]));
if ($resp === '1') {
$tor = checkDNSBL($_SERVER['REMOTE_ADDR']);
if (!$tor) {
$query = prepare('INSERT INTO ``dnsbl_bypass`` VALUES(:ip, NOW(), 0) ON DUPLICATE KEY UPDATE `created`=NOW(),`uses`=0');
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->execute() or error(db_error($query));
}
$cookie = bin2hex(openssl_random_pseudo_bytes(16));
$query = prepare('INSERT INTO ``tor_cookies`` VALUES(:cookie, NOW(), 0)');
$query->bindValue(':cookie', $cookie);
$query->execute() or error(db_error($query));
setcookie("tor", $cookie, time() + 60 * 60 * 3);
echo Element("page.html", array("config" => $config, "body" => '', "title" => _("Success!"), "subtitle" => _("You may now go back and make your post.")));
} else {
error(_('You failed the CAPTCHA') . _('. <a href="https://8ch.net/dnsbls_bypass.php">Try again.</a> If it\'s not working, email admin@8chan.co for support.'));
}
}
