function nel_settings_control($dataforce, $authorize, $dbh) { $mode = $dataforce['mode_action']; if (!$authorize->get_user_perm($_SESSION['username'], 'perm_config')) { nel_derp(102, array('origin' => 'ADMIN')); } require_once INCLUDE_PATH . 'output/admin-panel-generation.php'; $update = FALSE; if ($mode === 'update') { // Apply settings from admin panel $dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting=""'); while ($item = each($_POST)) { if ($item[0] !== 'mode' && $item[0] !== 'username' && $item[0] !== 'super_sekrit') { if ($item[0] === 'jpeg_quality' && $item[1] > 100) { $item[0] = 100; } if ($item[0] === 'page_limit') { $dataforce['max_pages'] = (int) $item[1]; } $dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting="' . $item[1] . '" WHERE config_name="' . $item[0] . '"'); } } nel_cache_rules($dbh); nel_cache_settings($dbh); nel_regen($dataforce, NULL, 'full', FALSE, $dbh); } nel_render_admin_panel($dataforce, $dbh); }
function nel_ban_control($dataforce, $authorize, $dbh) { $mode = $dataforce['mode_action']; if (!$authorize->get_user_perm($_SESSION['username'], 'perm_ban_panel')) { nel_derp(101, array('origin' => 'ADMIN')); } require_once INCLUDE_PATH . 'output/ban-panel-generation.php'; if ($mode === 'modify') { nel_render_ban_panel_modify($dataforce, $dbh); } else { if ($mode === 'new') { nel_render_ban_panel_add($dataforce); } else { if ($mode === 'add') { nel_ban_hammer($dataforce, $dbh); nel_render_ban_panel_list($dataforce, $dbh); } else { if ($mode === 'remove') { $dbh->query('DELETE FROM ' . BANTABLE . ' WHERE id=' . $dataforce['banid'] . ''); nel_update_ban($dataforce, $authorize, $dbh); } else { if ($mode === 'update') { nel_update_ban($dataforce, $authorize, $dbh); } else { if ($mode === 'panel') { nel_render_ban_panel_list($dataforce, $dbh); } else { // error here } } } } } } }
function nel_banned_text($text, $file) { $cancer = array('samefag', ''); $total_cancer = count($cancer); for ($i = 0; $i < $total_cancer; ++$i) { if ($cancer[$i] !== '') { $test = utf8_strpos($text, $cancer[$i]); if ($test !== FALSE) { nel_derp(17, array('origin' => 'SNACKS', 'cancer' => $cancer[$i])); } } } }
function nel_initialize_session($dataforce, $plugins, $authorize) { session_start(); require_once INCLUDE_PATH . 'admin/login.php'; if (!empty($_SESSION)) { if (isset($dataforce['get_mode'])) { if ($dataforce['get_mode'] === 'log_out') { nel_terminate_session(); echo '<meta http-equiv="refresh" content="1;URL=' . PHP_SELF2 . PHP_EXT . '">'; die; } else { if ($dataforce['get_mode'] === 'admin') { nel_regen_session(); nel_login($dataforce, $authorize); die; } } } else { if (isset($dataforce['admin_mode'])) { nel_regen_session(); } else { } } } else { if (isset($dataforce['admin_mode']) && $dataforce['admin_mode'] === 'login') { if ($dataforce['username'] !== '' && nel_hash($dataforce['admin_pass'], $plugins) === $authorize->get_user_setting($dataforce['username'], 'staff_password')) { // We set up the session here $_SESSION['ignore_login'] = FALSE; $_SESSION['username'] = $dataforce['username']; $_SESSION['login_time'] = time(); $_SESSION['last_activity'] = time(); $user_auth = $authorize->get_user_auth($dataforce['username']); $_SESSION['perms'] = $user_auth['perms']; $_SESSION['settings'] = $user_auth['settings']; } else { nel_terminate_session(); nel_derp(107, array('origin' => 'SESSION_INIT')); } nel_set_session_cookie(); nel_login($dataforce, $authorize); die; } else { nel_terminate_session(); } } }
function nel_thread_panel($dataforce, $authorize, $plugins, $dbh) { $mode = $dataforce['mode_action']; if (!$authorize->get_user_perm($_SESSION['username'], 'perm_thread_panel')) { nel_derp(103, array('origin' => 'ADMIN')); } require_once INCLUDE_PATH . 'output/thread-panel-generation.php'; if (isset($dataforce['expand_thread'])) { $expand = TRUE; } else { $expand = FALSE; } if ($mode === 'update') { $updates = nel_thread_updates($dataforce, $plugins, $dbh); nel_regen($dataforce, $updates, 'thread', FALSE, $dbh); nel_regen($dataforce, NULL, 'main', FALSE, $dbh); } nel_render_thread_panel($dataforce, $expand, $dbh); }
function nel_delete_content($dataforce, $sub, $type, $plugins, $dbh) { $id = $sub[1]; if (!is_numeric($id)) { nel_derp(13, array('origin' => 'DELETE')); } $flag = FALSE; $hashed_pass = nel_hash($dataforce['pass'], $plugins); $hashed_pass = utf8_substr($hashed_pass, 0, 16); $result = $dbh->query('SELECT post_number,password,response_to,mod_post FROM ' . POSTTABLE . ' WHERE post_number=' . $id . ''); $post_data = $result->fetch(PDO::FETCH_ASSOC); unset($result); if (!empty($_SESSION) && !$_SESSION['ignore_login']) { $temp = $_SESSION['ignore_login']; if ($_SESSION['perms']['perm_delete']) { if ($post_data['mod_post'] === '0') { $flag = TRUE; } else { $staff_type = $_SESSION['settings']['staff_type']; if ($post_data['mod_post'] === '3' && $staff_type === 'admin') { $flag = TRUE; } else { if ($post_data['mod_post'] === '2' && $staff_type === 'admin' || $staff_type === 'moderator') { $flag = TRUE; } else { if ($flag = $post_data['mod_post'] === '1' && $staff_type === 'admin' || $staff_type === 'moderator' || $staff_type === 'janitor') { $flag = TRUE; } } } } } $_SESSION['ignore_login'] = $flag ? TRUE : $temp; } else { $flag = $hashed_pass === $post_data['password'] ? TRUE : FALSE; $temp = TRUE; } if ($flag) { if ($type === 'THREAD') { $result = $dbh->query('SELECT post_number FROM ' . POSTTABLE . ' WHERE response_to=' . $id . ' OR post_number=' . $id . ''); $content_refs = $result->fetchALL(PDO::FETCH_COLUMN, 0); unset($result); foreach ($content_refs as $ref) { $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $ref . ''); $dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $ref . ''); preg_replace('#p([0-9]+)t' . $ref . '#', '', $dataforce['post_links']); } nel_eraser_gun(PAGE_PATH . $id, NULL, TRUE); nel_eraser_gun(SRC_PATH . $id, NULL, TRUE); nel_eraser_gun(THUMB_PATH . $id, NULL, TRUE); nel_update_archive_status($dataforce, $dbh); } else { if ($type === 'POST') { $result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ''); $file_data = $result->fetchAll(PDO::FETCH_ASSOC); unset($result); $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ''); foreach ($file_data as $refs) { nel_eraser_gun(SRC_PATH . $post_data['response_to'], $refs['filename'] . $refs['extension'], FALSE); if ($refs['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $refs['preview_name'], FALSE); } } if ($dataforce['only_delete_file']) { $dbh->query('UPDATE ' . POSTTABLE . ' SET has_file=0 WHERE post_number=' . $id . ''); } else { $dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $id . ''); $result = $dbh->query('SELECT post_count FROM ' . POSTTABLE . ' WHERE post_number=' . $post_data['response_to'] . ''); $pcount = $result->fetch(PDO::FETCH_ASSOC); unset($result); $result = $dbh->query('SELECT post_number,post_time FROM ' . POSTTABLE . ' WHERE response_to=' . $post_data['response_to'] . ' ORDER BY post_number desc'); $ptimes = $result->fetchAll(PDO::FETCH_ASSOC); unset($result); $dbh->query('UPDATE ' . POSTTABLE . ' SET post_count=' . ($pcount['post_count'] - 1) . ', last_update=' . $ptimes[0]['post_time'] . ', last_response=' . $ptimes[0]['post_number'] . ' WHERE post_number=' . $post_data['response_to'] . ''); preg_replace('#p' . $id . 't([0-9]+)#', '', $dataforce['post_links']); } } else { if ($type === 'FILE') { // add check for updating post as no files if they're all gone $fnum = $sub[2]; $result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . ''); $file_data = $result->fetch(PDO::FETCH_ASSOC); unset($result); if ($file_data !== FALSE) { $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . ''); if ($post_data['response_to'] == 0) { nel_eraser_gun(SRC_PATH . $post_data['post_number'], $file_data['filename'] . $file_data['extension'], FALSE); if ($file_data['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['post_number'], $file_data['preview_name'], FALSE); } } else { nel_eraser_gun(SRC_PATH . $post_data['response_to'], $file_data['filename'] . $file_data['extension'], FALSE); if ($file_data['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $file_data['preview_name'], FALSE); } } } } } } nel_cache_links(); } else { nel_derp(20, array('origin' => 'DELETE')); } if (!empty($_SESSION)) { $_SESSION['ignore_login'] = $temp; } }
function nel_process_file_info() { global $enabled_types; $files = array(); $i = 0; $filetypes_loaded = FALSE; foreach ($_FILES as $file) { if ($file['error'] === UPLOAD_ERR_OK) { if (!empty($file['name'])) { if (!$filetypes_loaded) { include INCLUDE_PATH . 'filetype.php'; $filetypes_loaded = TRUE; } // Grab/strip the file extension $files[$i]['ext'] = ltrim(strrchr($file['name'], '.'), '.'); $files[$i]['basic_filename'] = utf8_str_replace('.' . $files[$i]['ext'], "", $file['name']); $max_upload = ini_get('upload_max_filesize'); $size_unit = utf8_strtolower(utf8_substr($max_upload, -1, 1)); $max_upload = utf8_strtolower(utf8_substr($max_upload, 0, -1)); if ($size_unit === 'g') { $max_upload = $max_upload * 1024 * 1024 * 1024; } else { if ($size_unit === 'm') { $max_upload = $max_upload * 1024 * 1024; } else { if ($size_unit === 'k') { $max_upload = $max_upload * 1024; } else { // Already in bytes } } } if ($file['size'] > BS_MAX_FILESIZE * 1024) { nel_derp(19, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i]))); } $files[$i]['dest'] = SRC_PATH . $file['name'] . '.tmp'; move_uploaded_file($file['tmp_name'], $files[$i]['dest']); chmod($files[$i]['dest'], 0644); $files[$i]['fsize'] = filesize($files[$i]['dest']); $test_ext = utf8_strtolower($files[$i]['ext']); $file_test = file_get_contents($files[$i]['dest'], NULL, NULL, 0, 65535); $file_good = FALSE; $file_allowed = FALSE; // Graphics if (array_key_exists($test_ext, $filetypes)) { if ($enabled_types['enable_' . utf8_strtolower($filetypes[$test_ext]['subtype'])] && $enabled_types['enable_' . utf8_strtolower($filetypes[$test_ext]['supertype'])]) { $file_allowed = TRUE; if (preg_match('#' . $filetypes[$test_ext]['id_regex'] . '#', $file_test)) { $files[$i]['supertype'] = $filetypes[$test_ext]['supertype']; $files[$i]['subtype'] = $filetypes[$test_ext]['subtype']; $files[$i]['mime'] = $filetypes[$test_ext]['mime']; $file_good = TRUE; } } } if (!$file_allowed) { nel_derp(6, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i]))); } if (!$file_good) { nel_derp(18, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i]))); } ++$i; } if ($files_count == BS_MAX_POST_FILES) { break; } } else { if ($file['error'] === UPLOAD_ERR_INI_SIZE) { nel_derp(19, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i]))); } } } return $files; }
function nel_get_derp($which_data) { return nel_derp('retrieve', $which_data); }
function nel_gen_new_staff($new_name, $new_type, $authorize) { $new_auth = $authorize->get_blank_settings(); if ($new_type === 'admin') { $authorize->update_user_setting($new_name, 'perm_config', TRUE); $authorize->update_user_setting($new_name, 'perm_staff_panel', TRUE); $authorize->update_user_setting($new_name, 'perm_ban_panel', TRUE); $authorize->update_user_setting($new_name, 'perm_thread_panel', TRUE); $authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE); $authorize->update_user_setting($new_name, 'perm_ban', TRUE); $authorize->update_user_setting($new_name, 'perm_delete', TRUE); $authorize->update_user_setting($new_name, 'perm_post', TRUE); $authorize->update_user_setting($new_name, 'perm_post_anon', TRUE); $authorize->update_user_setting($new_name, 'perm_sticky', TRUE); $authorize->update_user_setting($new_name, 'perm_update_pages', TRUE); $authorize->update_user_setting($new_name, 'perm_update_cache', TRUE); } else { if ($new_type === 'moderator') { $authorize->update_user_setting($new_name, 'perm_config', FALSE); $authorize->update_user_setting($new_name, 'perm_staff_panel', FALSE); $authorize->update_user_setting($new_name, 'perm_ban_panel', TRUE); $authorize->update_user_setting($new_name, 'perm_thread_panel', TRUE); $authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE); $authorize->update_user_setting($new_name, 'perm_ban', TRUE); $authorize->update_user_setting($new_name, 'perm_delete', TRUE); $authorize->update_user_setting($new_name, 'perm_post', TRUE); $authorize->update_user_setting($new_name, 'perm_post_anon', TRUE); $authorize->update_user_setting($new_name, 'perm_sticky', TRUE); $authorize->update_user_setting($new_name, 'perm_update_pages', FALSE); $authorize->update_user_setting($new_name, 'perm_update_cache', FALSE); } else { if ($new_type === 'janitor') { $authorize->update_user_setting($new_name, 'perm_config', FALSE); $authorize->update_user_setting($new_name, 'perm_staff_panel', FALSE); $authorize->update_user_setting($new_name, 'perm_ban_panel', FALSE); $authorize->update_user_setting($new_name, 'perm_thread_panel', FALSE); $authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE); $authorize->update_user_setting($new_name, 'perm_ban', FALSE); $authorize->update_user_setting($new_name, 'perm_delete', TRUE); $authorize->update_user_setting($new_name, 'perm_post', FALSE); $authorize->update_user_setting($new_name, 'perm_post_anon', FALSE); $authorize->update_user_setting($new_name, 'perm_sticky', FALSE); $authorize->update_user_setting($new_name, 'perm_update_pages', FALSE); $authorize->update_user_setting($new_name, 'perm_update_cache', FALSE); } else { nel_derp(151, array('origin' => 'ADMIN')); } } } $authorize->write_auth_file(); }
function nel_ban_hammer($dataforce, $dbh) { if (!$authorize->get_user_setting($_SESSION['username'], 'perm_ban')) { nel_derp(104, array('origin' => 'ADMIN')); } if ($dataforce['snacks'] === 'addban') { $prepared = $dbh->prepare('INSERT INTO ' . BANTABLE . ' (board,type,host,name,reason,length,ban_time) VALUES ("' . POSTTABLE . '",NULL,NULL,NULL,:reason,:length,' . time() . ')'); $prepared->bindParam(':host', @inet_pton($dataforce['banip']), PDO::PARAM_STR); $prepared->bindParam(':reason', $dataforce['banreason'], PDO::PARAM_STR); $prepared->bindParam(':length', $dataforce['timedays'] * 86400 + $dataforce['timehours'] * 3600, PDO::PARAM_INT); $prepared->execute(); unset($prepared); return; } reset($_POST); $manual = FALSE; $manual_host = ''; $i = 0; $current_num = ''; $ban_input = array(); while ($item = each($_POST)) { if ($item[0] === 'mode' && $item[1] === 'admin->ban->add') { $manual = TRUE; if ($i !== 0) { ++$i; } } if ($item[0] === 'postban' . $item[1]) { if ($i !== 0) { ++$i; } $current_num = $item[1]; $ban_input[$i] = array('num' => $item[1], 'days' => 0, 'hours' => 0, 'message' => '', 'reason' => '', 'name' => '', 'host' => ''); } if ($item[0] === 'timedays' . $current_num) { $ban_input[$i]['days'] = $item[1] * 86400; } if ($item[0] === 'timehours' . $current_num) { $ban_input[$i]['hours'] = $item[1] * 3600; } if ($item[0] === 'banmessage' . $current_num) { $ban_input[$i]['message'] = $item[1]; } if ($item[0] === 'banreason' . $current_num) { $ban_input[$i]['reason'] = $item[1]; } if ($item[0] === 'banname' . $current_num) { $ban_input[$i]['name'] = $item[1]; } if ($item[0] === 'banhost' . $current_num) { $ban_input[$i]['host'] = $item[1]; } } $count_posts = count($ban_input); $i = 0; while ($i < $count_posts) { if (!$manual) { $prepared = $dbh->prepare('SELECT host,mod_comment FROM ' . POSTTABLE . ' WHERE post_number=:bannum'); $prepared->bindParam(':bannum', $ban_input[$i]['num'], PDO::PARAM_INT); $prepared->execute(); $baninfo1 = $prepared->fetch(PDO::FETCH_ASSOC); unset($prepared); if (!empty($baninfo1)) { $prepared = $dbh->prepare('SELECT * FROM ' . BANTABLE . ' WHERE host=:host'); $prepared->bindParam(':host', @inet_ntop($ban_input[$i]['host']), PDO::PARAM_STR); $result = $prepared->execute(); if ($result != FALSE) { $baninfo2 = $prepared->fetch(PDO::FETCH_ASSOC); if ($baninfo2['id'] && $baninfo2['board'] === TABLEPREFIX) { $dbh->query('DELETE FROM ' . BANTABLE . ' WHERE id=' . $baninfo2['id'] . ''); } } unset($prepared); } // Append mod ban message to post if it was given if ($ban_input[$i]['message'] !== '') { $mod_comment = $baninfo1['mod_comment'] . '<br>(' . $ban_input[$i]['message'] . ')'; $prepared = $dbh->prepare('UPDATE ' . POSTTABLE . ' SET mod_comment=:mcomment WHERE post_number=:bannum'); $prepared->bindParam(':mcomment', $mod_comment, PDO::PARAM_STR); $prepared->bindParam(':bannum', $ban_input[$i]['num'], PDO::PARAM_INT); $prepared->execute(); unset($prepared); } } $banlength = $ban_input[$i]['days'] + $ban_input[$i]['hours']; $prepared = $dbh->prepare('INSERT INTO ' . BANTABLE . ' (type,host,name,reason,length,ban_time) //same VALUES (NULL,:host,:name,:reason,:length,:time)'); $prepared->bindParam(':host', @inet_pton($ban_input[$i]['host']), PDO::PARAM_STR); if ($manual) { $prepared->bindParam(':name', NULL, PDO::PARAM_NULL); } else { $prepared->bindParam(':name', $ban_input[$i]['name'], PDO::PARAM_STR); } $prepared->bindParam(':reason', $ban_input[$i]['reason'], PDO::PARAM_STR); $prepared->bindParam(':length', $banlength, PDO::PARAM_INT); $prepared->bindParam(':time', time(), PDO::PARAM_INT); $prepared->execute(); unset($prepared); ++$i; } }