function nel_settings_control($dataforce, $authorize, $dbh)
{
$mode = $dataforce['mode_action'];
if (!$authorize->get_user_perm($_SESSION['username'], 'perm_config')) {
nel_derp(102, array('origin' => 'ADMIN'));
}
require_once INCLUDE_PATH . 'output/admin-panel-generation.php';
$update = FALSE;
if ($mode === 'update') {
// Apply settings from admin panel
$dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting=""');
while ($item = each($_POST)) {
if ($item[0] !== 'mode' && $item[0] !== 'username' && $item[0] !== 'super_sekrit') {
if ($item[0] === 'jpeg_quality' && $item[1] > 100) {
$item[0] = 100;
}
if ($item[0] === 'page_limit') {
$dataforce['max_pages'] = (int) $item[1];
}
$dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting="' . $item[1] . '" WHERE config_name="' . $item[0] . '"');
}
}
nel_cache_rules($dbh);
nel_cache_settings($dbh);
nel_regen($dataforce, NULL, 'full', FALSE, $dbh);
}
nel_render_admin_panel($dataforce, $dbh);
}
function nel_ban_control($dataforce, $authorize, $dbh)
{
$mode = $dataforce['mode_action'];
if (!$authorize->get_user_perm($_SESSION['username'], 'perm_ban_panel')) {
nel_derp(101, array('origin' => 'ADMIN'));
}
require_once INCLUDE_PATH . 'output/ban-panel-generation.php';
if ($mode === 'modify') {
nel_render_ban_panel_modify($dataforce, $dbh);
} else {
if ($mode === 'new') {
nel_render_ban_panel_add($dataforce);
} else {
if ($mode === 'add') {
nel_ban_hammer($dataforce, $dbh);
nel_render_ban_panel_list($dataforce, $dbh);
} else {
if ($mode === 'remove') {
$dbh->query('DELETE FROM ' . BANTABLE . ' WHERE id=' . $dataforce['banid'] . '');
nel_update_ban($dataforce, $authorize, $dbh);
} else {
if ($mode === 'update') {
nel_update_ban($dataforce, $authorize, $dbh);
} else {
if ($mode === 'panel') {
nel_render_ban_panel_list($dataforce, $dbh);
} else {
// error here
}
}
}
}
}
}
}
function nel_banned_text($text, $file)
{
$cancer = array('samefag', '');
$total_cancer = count($cancer);
for ($i = 0; $i < $total_cancer; ++$i) {
if ($cancer[$i] !== '') {
$test = utf8_strpos($text, $cancer[$i]);
if ($test !== FALSE) {
nel_derp(17, array('origin' => 'SNACKS', 'cancer' => $cancer[$i]));
}
}
}
}
function nel_initialize_session($dataforce, $plugins, $authorize)
{
session_start();
require_once INCLUDE_PATH . 'admin/login.php';
if (!empty($_SESSION)) {
if (isset($dataforce['get_mode'])) {
if ($dataforce['get_mode'] === 'log_out') {
nel_terminate_session();
echo '<meta http-equiv="refresh" content="1;URL=' . PHP_SELF2 . PHP_EXT . '">';
die;
} else {
if ($dataforce['get_mode'] === 'admin') {
nel_regen_session();
nel_login($dataforce, $authorize);
die;
}
}
} else {
if (isset($dataforce['admin_mode'])) {
nel_regen_session();
} else {
}
}
} else {
if (isset($dataforce['admin_mode']) && $dataforce['admin_mode'] === 'login') {
if ($dataforce['username'] !== '' && nel_hash($dataforce['admin_pass'], $plugins) === $authorize->get_user_setting($dataforce['username'], 'staff_password')) {
// We set up the session here
$_SESSION['ignore_login'] = FALSE;
$_SESSION['username'] = $dataforce['username'];
$_SESSION['login_time'] = time();
$_SESSION['last_activity'] = time();
$user_auth = $authorize->get_user_auth($dataforce['username']);
$_SESSION['perms'] = $user_auth['perms'];
$_SESSION['settings'] = $user_auth['settings'];
} else {
nel_terminate_session();
nel_derp(107, array('origin' => 'SESSION_INIT'));
}
nel_set_session_cookie();
nel_login($dataforce, $authorize);
die;
} else {
nel_terminate_session();
}
}
}
function nel_thread_panel($dataforce, $authorize, $plugins, $dbh)
{
$mode = $dataforce['mode_action'];
if (!$authorize->get_user_perm($_SESSION['username'], 'perm_thread_panel')) {
nel_derp(103, array('origin' => 'ADMIN'));
}
require_once INCLUDE_PATH . 'output/thread-panel-generation.php';
if (isset($dataforce['expand_thread'])) {
$expand = TRUE;
} else {
$expand = FALSE;
}
if ($mode === 'update') {
$updates = nel_thread_updates($dataforce, $plugins, $dbh);
nel_regen($dataforce, $updates, 'thread', FALSE, $dbh);
nel_regen($dataforce, NULL, 'main', FALSE, $dbh);
}
nel_render_thread_panel($dataforce, $expand, $dbh);
}
function nel_delete_content($dataforce, $sub, $type, $plugins, $dbh)
{
$id = $sub[1];
if (!is_numeric($id)) {
nel_derp(13, array('origin' => 'DELETE'));
}
$flag = FALSE;
$hashed_pass = nel_hash($dataforce['pass'], $plugins);
$hashed_pass = utf8_substr($hashed_pass, 0, 16);
$result = $dbh->query('SELECT post_number,password,response_to,mod_post FROM ' . POSTTABLE . ' WHERE post_number=' . $id . '');
$post_data = $result->fetch(PDO::FETCH_ASSOC);
unset($result);
if (!empty($_SESSION) && !$_SESSION['ignore_login']) {
$temp = $_SESSION['ignore_login'];
if ($_SESSION['perms']['perm_delete']) {
if ($post_data['mod_post'] === '0') {
$flag = TRUE;
} else {
$staff_type = $_SESSION['settings']['staff_type'];
if ($post_data['mod_post'] === '3' && $staff_type === 'admin') {
$flag = TRUE;
} else {
if ($post_data['mod_post'] === '2' && $staff_type === 'admin' || $staff_type === 'moderator') {
$flag = TRUE;
} else {
if ($flag = $post_data['mod_post'] === '1' && $staff_type === 'admin' || $staff_type === 'moderator' || $staff_type === 'janitor') {
$flag = TRUE;
}
}
}
}
}
$_SESSION['ignore_login'] = $flag ? TRUE : $temp;
} else {
$flag = $hashed_pass === $post_data['password'] ? TRUE : FALSE;
$temp = TRUE;
}
if ($flag) {
if ($type === 'THREAD') {
$result = $dbh->query('SELECT post_number FROM ' . POSTTABLE . ' WHERE response_to=' . $id . ' OR post_number=' . $id . '');
$content_refs = $result->fetchALL(PDO::FETCH_COLUMN, 0);
unset($result);
foreach ($content_refs as $ref) {
$dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $ref . '');
$dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $ref . '');
preg_replace('#p([0-9]+)t' . $ref . '#', '', $dataforce['post_links']);
}
nel_eraser_gun(PAGE_PATH . $id, NULL, TRUE);
nel_eraser_gun(SRC_PATH . $id, NULL, TRUE);
nel_eraser_gun(THUMB_PATH . $id, NULL, TRUE);
nel_update_archive_status($dataforce, $dbh);
} else {
if ($type === 'POST') {
$result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . '');
$file_data = $result->fetchAll(PDO::FETCH_ASSOC);
unset($result);
$dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . '');
foreach ($file_data as $refs) {
nel_eraser_gun(SRC_PATH . $post_data['response_to'], $refs['filename'] . $refs['extension'], FALSE);
if ($refs['preview_name']) {
nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $refs['preview_name'], FALSE);
}
}
if ($dataforce['only_delete_file']) {
$dbh->query('UPDATE ' . POSTTABLE . ' SET has_file=0 WHERE post_number=' . $id . '');
} else {
$dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $id . '');
$result = $dbh->query('SELECT post_count FROM ' . POSTTABLE . ' WHERE post_number=' . $post_data['response_to'] . '');
$pcount = $result->fetch(PDO::FETCH_ASSOC);
unset($result);
$result = $dbh->query('SELECT post_number,post_time FROM ' . POSTTABLE . ' WHERE response_to=' . $post_data['response_to'] . ' ORDER BY post_number desc');
$ptimes = $result->fetchAll(PDO::FETCH_ASSOC);
unset($result);
$dbh->query('UPDATE ' . POSTTABLE . ' SET post_count=' . ($pcount['post_count'] - 1) . ', last_update=' . $ptimes[0]['post_time'] . ', last_response=' . $ptimes[0]['post_number'] . ' WHERE post_number=' . $post_data['response_to'] . '');
preg_replace('#p' . $id . 't([0-9]+)#', '', $dataforce['post_links']);
}
} else {
if ($type === 'FILE') {
// add check for updating post as no files if they're all gone
$fnum = $sub[2];
$result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . '');
$file_data = $result->fetch(PDO::FETCH_ASSOC);
unset($result);
if ($file_data !== FALSE) {
$dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . '');
if ($post_data['response_to'] == 0) {
nel_eraser_gun(SRC_PATH . $post_data['post_number'], $file_data['filename'] . $file_data['extension'], FALSE);
if ($file_data['preview_name']) {
nel_eraser_gun(THUMB_PATH . $post_data['post_number'], $file_data['preview_name'], FALSE);
}
} else {
nel_eraser_gun(SRC_PATH . $post_data['response_to'], $file_data['filename'] . $file_data['extension'], FALSE);
if ($file_data['preview_name']) {
nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $file_data['preview_name'], FALSE);
}
}
}
}
}
}
nel_cache_links();
} else {
nel_derp(20, array('origin' => 'DELETE'));
}
if (!empty($_SESSION)) {
$_SESSION['ignore_login'] = $temp;
}
}
function nel_process_file_info()
{
global $enabled_types;
$files = array();
$i = 0;
$filetypes_loaded = FALSE;
foreach ($_FILES as $file) {
if ($file['error'] === UPLOAD_ERR_OK) {
if (!empty($file['name'])) {
if (!$filetypes_loaded) {
include INCLUDE_PATH . 'filetype.php';
$filetypes_loaded = TRUE;
}
// Grab/strip the file extension
$files[$i]['ext'] = ltrim(strrchr($file['name'], '.'), '.');
$files[$i]['basic_filename'] = utf8_str_replace('.' . $files[$i]['ext'], "", $file['name']);
$max_upload = ini_get('upload_max_filesize');
$size_unit = utf8_strtolower(utf8_substr($max_upload, -1, 1));
$max_upload = utf8_strtolower(utf8_substr($max_upload, 0, -1));
if ($size_unit === 'g') {
$max_upload = $max_upload * 1024 * 1024 * 1024;
} else {
if ($size_unit === 'm') {
$max_upload = $max_upload * 1024 * 1024;
} else {
if ($size_unit === 'k') {
$max_upload = $max_upload * 1024;
} else {
// Already in bytes
}
}
}
if ($file['size'] > BS_MAX_FILESIZE * 1024) {
nel_derp(19, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i])));
}
$files[$i]['dest'] = SRC_PATH . $file['name'] . '.tmp';
move_uploaded_file($file['tmp_name'], $files[$i]['dest']);
chmod($files[$i]['dest'], 0644);
$files[$i]['fsize'] = filesize($files[$i]['dest']);
$test_ext = utf8_strtolower($files[$i]['ext']);
$file_test = file_get_contents($files[$i]['dest'], NULL, NULL, 0, 65535);
$file_good = FALSE;
$file_allowed = FALSE;
// Graphics
if (array_key_exists($test_ext, $filetypes)) {
if ($enabled_types['enable_' . utf8_strtolower($filetypes[$test_ext]['subtype'])] && $enabled_types['enable_' . utf8_strtolower($filetypes[$test_ext]['supertype'])]) {
$file_allowed = TRUE;
if (preg_match('#' . $filetypes[$test_ext]['id_regex'] . '#', $file_test)) {
$files[$i]['supertype'] = $filetypes[$test_ext]['supertype'];
$files[$i]['subtype'] = $filetypes[$test_ext]['subtype'];
$files[$i]['mime'] = $filetypes[$test_ext]['mime'];
$file_good = TRUE;
}
}
}
if (!$file_allowed) {
nel_derp(6, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i])));
}
if (!$file_good) {
nel_derp(18, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i])));
}
++$i;
}
if ($files_count == BS_MAX_POST_FILES) {
break;
}
} else {
if ($file['error'] === UPLOAD_ERR_INI_SIZE) {
nel_derp(19, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => array($files[$i])));
}
}
}
return $files;
}
function nel_get_derp($which_data)
{
return nel_derp('retrieve', $which_data);
}
function nel_gen_new_staff($new_name, $new_type, $authorize)
{
$new_auth = $authorize->get_blank_settings();
if ($new_type === 'admin') {
$authorize->update_user_setting($new_name, 'perm_config', TRUE);
$authorize->update_user_setting($new_name, 'perm_staff_panel', TRUE);
$authorize->update_user_setting($new_name, 'perm_ban_panel', TRUE);
$authorize->update_user_setting($new_name, 'perm_thread_panel', TRUE);
$authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE);
$authorize->update_user_setting($new_name, 'perm_ban', TRUE);
$authorize->update_user_setting($new_name, 'perm_delete', TRUE);
$authorize->update_user_setting($new_name, 'perm_post', TRUE);
$authorize->update_user_setting($new_name, 'perm_post_anon', TRUE);
$authorize->update_user_setting($new_name, 'perm_sticky', TRUE);
$authorize->update_user_setting($new_name, 'perm_update_pages', TRUE);
$authorize->update_user_setting($new_name, 'perm_update_cache', TRUE);
} else {
if ($new_type === 'moderator') {
$authorize->update_user_setting($new_name, 'perm_config', FALSE);
$authorize->update_user_setting($new_name, 'perm_staff_panel', FALSE);
$authorize->update_user_setting($new_name, 'perm_ban_panel', TRUE);
$authorize->update_user_setting($new_name, 'perm_thread_panel', TRUE);
$authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE);
$authorize->update_user_setting($new_name, 'perm_ban', TRUE);
$authorize->update_user_setting($new_name, 'perm_delete', TRUE);
$authorize->update_user_setting($new_name, 'perm_post', TRUE);
$authorize->update_user_setting($new_name, 'perm_post_anon', TRUE);
$authorize->update_user_setting($new_name, 'perm_sticky', TRUE);
$authorize->update_user_setting($new_name, 'perm_update_pages', FALSE);
$authorize->update_user_setting($new_name, 'perm_update_cache', FALSE);
} else {
if ($new_type === 'janitor') {
$authorize->update_user_setting($new_name, 'perm_config', FALSE);
$authorize->update_user_setting($new_name, 'perm_staff_panel', FALSE);
$authorize->update_user_setting($new_name, 'perm_ban_panel', FALSE);
$authorize->update_user_setting($new_name, 'perm_thread_panel', FALSE);
$authorize->update_user_setting($new_name, 'perm_mod_mode', TRUE);
$authorize->update_user_setting($new_name, 'perm_ban', FALSE);
$authorize->update_user_setting($new_name, 'perm_delete', TRUE);
$authorize->update_user_setting($new_name, 'perm_post', FALSE);
$authorize->update_user_setting($new_name, 'perm_post_anon', FALSE);
$authorize->update_user_setting($new_name, 'perm_sticky', FALSE);
$authorize->update_user_setting($new_name, 'perm_update_pages', FALSE);
$authorize->update_user_setting($new_name, 'perm_update_cache', FALSE);
} else {
nel_derp(151, array('origin' => 'ADMIN'));
}
}
}
$authorize->write_auth_file();
}
function nel_ban_hammer($dataforce, $dbh)
{
if (!$authorize->get_user_setting($_SESSION['username'], 'perm_ban')) {
nel_derp(104, array('origin' => 'ADMIN'));
}
if ($dataforce['snacks'] === 'addban') {
$prepared = $dbh->prepare('INSERT INTO ' . BANTABLE . ' (board,type,host,name,reason,length,ban_time)
VALUES ("' . POSTTABLE . '",NULL,NULL,NULL,:reason,:length,' . time() . ')');
$prepared->bindParam(':host', @inet_pton($dataforce['banip']), PDO::PARAM_STR);
$prepared->bindParam(':reason', $dataforce['banreason'], PDO::PARAM_STR);
$prepared->bindParam(':length', $dataforce['timedays'] * 86400 + $dataforce['timehours'] * 3600, PDO::PARAM_INT);
$prepared->execute();
unset($prepared);
return;
}
reset($_POST);
$manual = FALSE;
$manual_host = '';
$i = 0;
$current_num = '';
$ban_input = array();
while ($item = each($_POST)) {
if ($item[0] === 'mode' && $item[1] === 'admin->ban->add') {
$manual = TRUE;
if ($i !== 0) {
++$i;
}
}
if ($item[0] === 'postban' . $item[1]) {
if ($i !== 0) {
++$i;
}
$current_num = $item[1];
$ban_input[$i] = array('num' => $item[1], 'days' => 0, 'hours' => 0, 'message' => '', 'reason' => '', 'name' => '', 'host' => '');
}
if ($item[0] === 'timedays' . $current_num) {
$ban_input[$i]['days'] = $item[1] * 86400;
}
if ($item[0] === 'timehours' . $current_num) {
$ban_input[$i]['hours'] = $item[1] * 3600;
}
if ($item[0] === 'banmessage' . $current_num) {
$ban_input[$i]['message'] = $item[1];
}
if ($item[0] === 'banreason' . $current_num) {
$ban_input[$i]['reason'] = $item[1];
}
if ($item[0] === 'banname' . $current_num) {
$ban_input[$i]['name'] = $item[1];
}
if ($item[0] === 'banhost' . $current_num) {
$ban_input[$i]['host'] = $item[1];
}
}
$count_posts = count($ban_input);
$i = 0;
while ($i < $count_posts) {
if (!$manual) {
$prepared = $dbh->prepare('SELECT host,mod_comment FROM ' . POSTTABLE . ' WHERE post_number=:bannum');
$prepared->bindParam(':bannum', $ban_input[$i]['num'], PDO::PARAM_INT);
$prepared->execute();
$baninfo1 = $prepared->fetch(PDO::FETCH_ASSOC);
unset($prepared);
if (!empty($baninfo1)) {
$prepared = $dbh->prepare('SELECT * FROM ' . BANTABLE . ' WHERE host=:host');
$prepared->bindParam(':host', @inet_ntop($ban_input[$i]['host']), PDO::PARAM_STR);
$result = $prepared->execute();
if ($result != FALSE) {
$baninfo2 = $prepared->fetch(PDO::FETCH_ASSOC);
if ($baninfo2['id'] && $baninfo2['board'] === TABLEPREFIX) {
$dbh->query('DELETE FROM ' . BANTABLE . ' WHERE id=' . $baninfo2['id'] . '');
}
}
unset($prepared);
}
// Append mod ban message to post if it was given
if ($ban_input[$i]['message'] !== '') {
$mod_comment = $baninfo1['mod_comment'] . '<br>(' . $ban_input[$i]['message'] . ')';
$prepared = $dbh->prepare('UPDATE ' . POSTTABLE . ' SET mod_comment=:mcomment WHERE post_number=:bannum');
$prepared->bindParam(':mcomment', $mod_comment, PDO::PARAM_STR);
$prepared->bindParam(':bannum', $ban_input[$i]['num'], PDO::PARAM_INT);
$prepared->execute();
unset($prepared);
}
}
$banlength = $ban_input[$i]['days'] + $ban_input[$i]['hours'];
$prepared = $dbh->prepare('INSERT INTO ' . BANTABLE . ' (type,host,name,reason,length,ban_time) //same
VALUES (NULL,:host,:name,:reason,:length,:time)');
$prepared->bindParam(':host', @inet_pton($ban_input[$i]['host']), PDO::PARAM_STR);
if ($manual) {
$prepared->bindParam(':name', NULL, PDO::PARAM_NULL);
} else {
$prepared->bindParam(':name', $ban_input[$i]['name'], PDO::PARAM_STR);
}
$prepared->bindParam(':reason', $ban_input[$i]['reason'], PDO::PARAM_STR);
$prepared->bindParam(':length', $banlength, PDO::PARAM_INT);
$prepared->bindParam(':time', time(), PDO::PARAM_INT);
$prepared->execute();
unset($prepared);
++$i;
}
}
