function nel_initialize_session($dataforce, $plugins, $authorize) { session_start(); require_once INCLUDE_PATH . 'admin/login.php'; if (!empty($_SESSION)) { if (isset($dataforce['get_mode'])) { if ($dataforce['get_mode'] === 'log_out') { nel_terminate_session(); echo '<meta http-equiv="refresh" content="1;URL=' . PHP_SELF2 . PHP_EXT . '">'; die; } else { if ($dataforce['get_mode'] === 'admin') { nel_regen_session(); nel_login($dataforce, $authorize); die; } } } else { if (isset($dataforce['admin_mode'])) { nel_regen_session(); } else { } } } else { if (isset($dataforce['admin_mode']) && $dataforce['admin_mode'] === 'login') { if ($dataforce['username'] !== '' && nel_hash($dataforce['admin_pass'], $plugins) === $authorize->get_user_setting($dataforce['username'], 'staff_password')) { // We set up the session here $_SESSION['ignore_login'] = FALSE; $_SESSION['username'] = $dataforce['username']; $_SESSION['login_time'] = time(); $_SESSION['last_activity'] = time(); $user_auth = $authorize->get_user_auth($dataforce['username']); $_SESSION['perms'] = $user_auth['perms']; $_SESSION['settings'] = $user_auth['settings']; } else { nel_terminate_session(); nel_derp(107, array('origin' => 'SESSION_INIT')); } nel_set_session_cookie(); nel_login($dataforce, $authorize); die; } else { nel_terminate_session(); } } }
function nel_delete_content($dataforce, $sub, $type, $plugins, $dbh) { $id = $sub[1]; if (!is_numeric($id)) { nel_derp(13, array('origin' => 'DELETE')); } $flag = FALSE; $hashed_pass = nel_hash($dataforce['pass'], $plugins); $hashed_pass = utf8_substr($hashed_pass, 0, 16); $result = $dbh->query('SELECT post_number,password,response_to,mod_post FROM ' . POSTTABLE . ' WHERE post_number=' . $id . ''); $post_data = $result->fetch(PDO::FETCH_ASSOC); unset($result); if (!empty($_SESSION) && !$_SESSION['ignore_login']) { $temp = $_SESSION['ignore_login']; if ($_SESSION['perms']['perm_delete']) { if ($post_data['mod_post'] === '0') { $flag = TRUE; } else { $staff_type = $_SESSION['settings']['staff_type']; if ($post_data['mod_post'] === '3' && $staff_type === 'admin') { $flag = TRUE; } else { if ($post_data['mod_post'] === '2' && $staff_type === 'admin' || $staff_type === 'moderator') { $flag = TRUE; } else { if ($flag = $post_data['mod_post'] === '1' && $staff_type === 'admin' || $staff_type === 'moderator' || $staff_type === 'janitor') { $flag = TRUE; } } } } } $_SESSION['ignore_login'] = $flag ? TRUE : $temp; } else { $flag = $hashed_pass === $post_data['password'] ? TRUE : FALSE; $temp = TRUE; } if ($flag) { if ($type === 'THREAD') { $result = $dbh->query('SELECT post_number FROM ' . POSTTABLE . ' WHERE response_to=' . $id . ' OR post_number=' . $id . ''); $content_refs = $result->fetchALL(PDO::FETCH_COLUMN, 0); unset($result); foreach ($content_refs as $ref) { $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $ref . ''); $dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $ref . ''); preg_replace('#p([0-9]+)t' . $ref . '#', '', $dataforce['post_links']); } nel_eraser_gun(PAGE_PATH . $id, NULL, TRUE); nel_eraser_gun(SRC_PATH . $id, NULL, TRUE); nel_eraser_gun(THUMB_PATH . $id, NULL, TRUE); nel_update_archive_status($dataforce, $dbh); } else { if ($type === 'POST') { $result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ''); $file_data = $result->fetchAll(PDO::FETCH_ASSOC); unset($result); $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ''); foreach ($file_data as $refs) { nel_eraser_gun(SRC_PATH . $post_data['response_to'], $refs['filename'] . $refs['extension'], FALSE); if ($refs['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $refs['preview_name'], FALSE); } } if ($dataforce['only_delete_file']) { $dbh->query('UPDATE ' . POSTTABLE . ' SET has_file=0 WHERE post_number=' . $id . ''); } else { $dbh->query('DELETE FROM ' . POSTTABLE . ' WHERE post_number=' . $id . ''); $result = $dbh->query('SELECT post_count FROM ' . POSTTABLE . ' WHERE post_number=' . $post_data['response_to'] . ''); $pcount = $result->fetch(PDO::FETCH_ASSOC); unset($result); $result = $dbh->query('SELECT post_number,post_time FROM ' . POSTTABLE . ' WHERE response_to=' . $post_data['response_to'] . ' ORDER BY post_number desc'); $ptimes = $result->fetchAll(PDO::FETCH_ASSOC); unset($result); $dbh->query('UPDATE ' . POSTTABLE . ' SET post_count=' . ($pcount['post_count'] - 1) . ', last_update=' . $ptimes[0]['post_time'] . ', last_response=' . $ptimes[0]['post_number'] . ' WHERE post_number=' . $post_data['response_to'] . ''); preg_replace('#p' . $id . 't([0-9]+)#', '', $dataforce['post_links']); } } else { if ($type === 'FILE') { // add check for updating post as no files if they're all gone $fnum = $sub[2]; $result = $dbh->query('SELECT filename,extension,preview_name FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . ''); $file_data = $result->fetch(PDO::FETCH_ASSOC); unset($result); if ($file_data !== FALSE) { $dbh->query('DELETE FROM ' . FILETABLE . ' WHERE post_ref=' . $id . ' AND file_order=' . $fnum . ''); if ($post_data['response_to'] == 0) { nel_eraser_gun(SRC_PATH . $post_data['post_number'], $file_data['filename'] . $file_data['extension'], FALSE); if ($file_data['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['post_number'], $file_data['preview_name'], FALSE); } } else { nel_eraser_gun(SRC_PATH . $post_data['response_to'], $file_data['filename'] . $file_data['extension'], FALSE); if ($file_data['preview_name']) { nel_eraser_gun(THUMB_PATH . $post_data['response_to'], $file_data['preview_name'], FALSE); } } } } } } nel_cache_links(); } else { nel_derp(20, array('origin' => 'DELETE')); } if (!empty($_SESSION)) { $_SESSION['ignore_login'] = $temp; } }
function nel_process_new_post($dataforce, $plugins, $dbh) { global $enabled_types, $fgsfds, $plugins; $new_thread_dir = ''; // Get time $time = get_millisecond_time(); $reply_delay = $time - BS_REPLY_DELAY * 1000; // Check if post is ok $post_count = nel_is_post_ok($dataforce, $time, $dbh); // Process FGSFDS if (!is_null($dataforce['fgsfds'])) { if (utf8_strripos($dataforce['fgsfds'], 'noko') !== FALSE) { $fgsfds['noko'] = TRUE; } if (utf8_strripos($dataforce['fgsfds'], 'sage') !== FALSE) { $fgsfds['sage'] = TRUE; } $fgsfds = $plugins->plugin_hook('fgsfds_field', FALSE, array($fgsfds)); } // Start collecting file info $files = nel_process_file_info(); $there_is_no_spoon = TRUE; $poster_info = array('name' => $dataforce['name'], 'email' => $dataforce['email'], 'subject' => $dataforce['subject'], 'comment' => $dataforce['comment'], 'tripcode' => '', 'secure_tripcode' => ''); if (!empty($files)) { $files_count = count($files); $there_is_no_spoon = FALSE; } else { $files = array(); $files_count = 0; if (!$poster_info['comment']) { nel_derp(10, array('origin' => 'POST')); } if (BS1_REQUIRE_IMAGE_ALWAYS) { nel_derp(8, array('origin' => 'POST')); } if (BS1_REQUIRE_IMAGE_START && $dataforce['response_to'] === 0) { nel_derp(9, array('origin' => 'POST')); } } // Cancer-fighting tools and lulz if (utf8_strlen($poster_info['comment']) > BS_MAX_COMMENT_LENGTH || utf8_strlen($poster_info['name']) > BS_MAX_NAME_LENGTH || utf8_strlen($poster_info['email']) > BS_MAX_EMAIL_LENGTH || utf8_strlen($poster_info['subject']) > BS_MAX_SUBJECT_LENGTH || utf8_strlen($dataforce['file_source']) > BS_MAX_SOURCE_LENGTH || utf8_strlen($dataforce['file_license']) > BS_MAX_LICENSE_LENGTH) { nel_derp(11, array('origin' => 'POST')); } if (isset($dataforce['pass'])) { $cpass = $dataforce['pass']; $hashed_pass = nel_hash($dataforce['pass'], $plugins); $dataforce['pass'] = utf8_substr($hashed_pass, 0, 16); } else { $cpass = utf8_substr(rand(), 0, 8); } nel_banned_text($poster_info['comment'], $files); // Name and tripcodes $modpostc = 0; $cookie_name = $poster_info['name']; if ($poster_info['name'] !== '' && !BS1_FORCE_ANONYMOUS) { nel_banned_name($poster_info['name'], $files); $faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_MODPOST')); if ($faggotry) { $poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT'); } $faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_ADMINPOST')); if ($faggotry) { $poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT'); } $faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_JANPOST')); if ($faggotry) { $poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT'); } preg_match('/^([^#]*)(#(?!#))?([^#]*)(##)?(.*)$/', $poster_info['name'], $name_pieces); $poster_info['name'] = $name_pieces[1]; if ($name_pieces[5] !== '') { if ($name_pieces[5] === $_SESSION['settings']['staff_trip']) { if ($_SESSION['perms']['perm_post']) { if ($_SESSION['settings']['staff_type'] === 'admin') { $modpostc = 3; } else { if ($_SESSION['settings']['staff_type'] === 'moderator') { $modpostc = 2; } else { if ($_SESSION['settings']['staff_type'] === 'janitor') { $modpostc = 1; } } } } if ($_SESSION['perms']['perm_sticky'] && utf8_strripos($dataforce['fgsfds'], 'sticky') !== FALSE) { $fgsfds['sticky'] = TRUE; } if ($modpostc > 0) { break; } } } if ($name_pieces[3] !== '' && BS1_ALLOW_TRIPKEYS) { $cap = utf8_strtr($name_pieces[3], '&', '&'); $cap = utf8_strtr($cap, ',', ','); $salt = utf8_substr($cap . 'H.', 1, 2); $salt = preg_replace('#[^\\.-z]#', '.#', $salt); $salt = utf8_strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef'); $poster_info['tripcode'] = utf8_substr(crypt($cap, $salt), -10); } $poster_info = $plugins->plugin_hook('tripcode-processing', TRUE, array($poster_info, $name_pieces)); if ($name_pieces[5] !== '' || $modpostc > 0) { $trip = nel_hash($name_pieces[5], $plugins); $poster_info['secure_tripcode'] = utf8_substr(crypt($trip, '42'), -12); } $poster_info = $plugins->plugin_hook('secure-tripcode-processing', TRUE, array($poster_info, $name_pieces, $modpostc)); if ($name_pieces[1] === '' || !empty($_SESSION) && $_SESSION['perms']['perm_post_anon']) { $poster_info['name'] = nel_stext('THREAD_NONAME'); $poster_info['email'] = ''; } } else { $poster_info['name'] = nel_stext('THREAD_NONAME'); $poster_info['email'] = ''; } // Cookies OM NOM NOM NOM setcookie('pwd-' . CONF_BOARD_DIR, $cpass, time() + 30 * 24 * 3600, '/'); // 1 month cookie expiration setcookie('name-' . CONF_BOARD_DIR, $cookie_name, time() + 30 * 24 * 3600, '/'); // 1 month cookie expiration $poster_info = $plugins->plugin_hook('after-post-info-processing', TRUE, array($poster_info)); $i = 0; while ($i < $files_count) { if (file_exists($files[$i]['dest'])) { $files[$i]['md5'] = md5_file($files[$i]['dest']); nel_banned_md5($files[$i]['md5'], $files[$i]); $prepared = $dbh->prepare('SELECT post_ref FROM ' . FILETABLE . ' WHERE md5=:md5 LIMIT 1'); $prepared->bindParam(':md5', $files[$i]['md5'], PDO::PARAM_STR); if ($prepared->execute()) { $post_ref = $prepared->fetchColumn(); unset($prepared); if ($dataforce['response_to'] === 0) { $prepared = $dbh->prepare('SELECT COUNT(*) FROM ' . POSTTABLE . ' WHERE post_number=:postref AND response_to=0'); $prepared->bindParam(':postref', $post_ref, PDO::PARAM_INT); } else { $prepared = $dbh->prepare('SELECT COUNT(*) FROM ' . POSTTABLE . ' WHERE post_number=:postref AND response_to=:respto'); $prepared->bindParam(':postref', $post_ref, PDO::PARAM_INT); $prepared->bindParam(':respto', $dataforce['response_to'], PDO::PARAM_INT); } if ($prepared->execute()) { $same_thread = $prepared->fetchColumn(); if ($same_thread > 0) { nel_derp(12, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => $files)); } } unset($prepared); } } ++$i; } // // Go ahead and put post into database // $prepared = $dbh->prepare('INSERT INTO ' . POSTTABLE . ' (name, tripcode, secure_tripcode, email, subject, comment, host, password, post_time, last_update, response_to, last_response, post_count, sticky, mod_post, mod_comment, archive_status, locked) VALUES (:name, :tripcode, :secure_tripcode, :email, :subject, :comment, :host, :password, :time, :last_update, :respto, 0, 1, :sticky, :modpost, :mcomment, 0, 0)'); $prepared->bindValue(':name', $poster_info['name'], PDO::PARAM_STR); if ($poster_info['tripcode'] === '') { $prepared->bindValue(':tripcode', NULL, PDO::PARAM_NULL); } else { $prepared->bindValue(':tripcode', $poster_info['tripcode'], PDO::PARAM_STR); } if ($poster_info['secure_tripcode'] === '') { $prepared->bindValue(':secure_tripcode', NULL, PDO::PARAM_NULL); } else { $prepared->bindValue(':secure_tripcode', $poster_info['secure_tripcode'], PDO::PARAM_STR); } $prepared->bindValue(':email', $poster_info['email'], PDO::PARAM_STR); $prepared->bindValue(':subject', $poster_info['subject'], PDO::PARAM_STR); $prepared->bindValue(':comment', $poster_info['comment'], PDO::PARAM_STR); $prepared->bindValue(':host', @inet_pton($_SERVER["REMOTE_ADDR"]), PDO::PARAM_STR); $prepared->bindValue(':password', $dataforce['pass'], PDO::PARAM_STR); $prepared->bindValue(':time', $time, PDO::PARAM_STR); $prepared->bindValue(':last_update', $time, PDO::PARAM_STR); $prepared->bindValue(':respto', $dataforce['response_to'], PDO::PARAM_INT); if ($fgsfds['sticky']) { $prepared->bindValue(':sticky', 1, PDO::PARAM_INT); } else { $prepared->bindValue(':sticky', 0, PDO::PARAM_INT); } $prepared->bindValue(':modpost', $modpostc, PDO::PARAM_INT); $prepared->bindValue(':mcomment', NULL, PDO::PARAM_NULL); $prepared->execute(); unset($prepared); $result = $dbh->query('SELECT post_number FROM ' . POSTTABLE . ' WHERE post_time=' . $time . ' AND response_to=' . $dataforce['response_to'] . ''); $row = $result->fetch(); $post_number = $row[0]; unset($result); if ($dataforce['response_to'] === 0) { $fgsfds['noko_topic'] = $post_number; $new_thread_dir = $post_number; nel_create_thread_directories($new_thread_dir); } else { $fgsfds['noko_topic'] = $dataforce['response_to']; $new_thread_dir = $dataforce['response_to']; } $srcpath = SRC_PATH . $new_thread_dir . '/'; $thumbpath = THUMB_PATH . $new_thread_dir . '/'; // // Make thumbnails and do final file processing // $i = 0; while ($i < $files_count) { $files[$i]['im_x'] = 0; $files[$i]['im_y'] = 0; $files[$i]['pre_x'] = 0; $files[$i]['pre_y'] = 0; if ($files[$i]['subtype'] === 'SWF' || $files[$i]['supertype'] === 'GRAPHICS' && !BS1_USE_MAGICK) { $dim = getimagesize($files[$i]['dest']); $files[$i]['im_x'] = $dim[0]; $files[$i]['im_y'] = $dim[1]; $ratio = min(BS_MAX_HEIGHT / $files[$i]['im_y'], BS_MAX_WIDTH / $files[$i]['im_x']); $files[$i]['pre_x'] = $files[$i]['im_x'] > BS_MAX_WIDTH ? intval($ratio * $files[$i]['im_x']) : $files[$i]['im_x']; $files[$i]['pre_y'] = $files[$i]['im_y'] > BS_MAX_HEIGHT ? intval($ratio * $files[$i]['im_y']) : $files[$i]['im_y']; } if (BS1_USE_THUMB && $files[$i]['supertype'] === 'GRAPHICS') { exec("convert -version", $out, $rescode); if ($rescode === 0 && BS1_USE_MAGICK) { $cmd_getinfo = 'identify -format "%wx%h" ' . escapeshellarg($files[$i]['dest'] . '[0]'); exec($cmd_getinfo, $res); $dims = explode('x', $res[0]); $files[$i]['im_x'] = $dims[0]; $files[$i]['im_y'] = $dims[1]; $ratio = min(BS_MAX_HEIGHT / $files[$i]['im_y'], BS_MAX_WIDTH / $files[$i]['im_x']); $files[$i]['pre_x'] = $files[$i]['im_x'] > BS_MAX_WIDTH ? intval($ratio * $files[$i]['im_x']) : $files[$i]['im_x']; $files[$i]['pre_y'] = $files[$i]['im_y'] > BS_MAX_HEIGHT ? intval($ratio * $files[$i]['im_y']) : $files[$i]['im_y']; if ($files[$i]['subtype'] === 'GIF') { $files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.gif'; $cmd_coalesce = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -coalesce ' . escapeshellarg($thumbpath . 'tmp' . $files[$i]['thumbfile']); $cmd_resize = 'convert ' . escapeshellarg($thumbpath . 'tmp' . $files[$i]['thumbfile']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -layers optimize ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']); exec($cmd_coalesce); exec($cmd_resize); unlink($thumbpath . 'tmp' . $files[$i]['thumbfile']); chmod($thumbpath . $files[$i]['thumbfile'], 0644); } else { if (BS1_USE_PNG_THUMB) { $files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.png'; $cmd_resize = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -quality 00 -sharpen 0x0.5 ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']); } else { $files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.jpg'; $cmd_resize = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -quality ' . BS_JPEG_QUALITY . ' -sharpen 0x0.5 ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']); } exec($cmd_resize); chmod($thumbpath . $files[$i]['thumbfile'], 0644); } } else { // Test is really only for GIF support, which had a long absence // If your GD is somehow so old (or dumb) it can't do JPEG or PNG get a new host. Srsly. $gd_test = gd_info(); switch ($files[$i]['subtype']) { case 'JPEG': $image = imagecreatefromjpeg($files[$i]['dest']); break; case 'GIF': if ($gd_test['GIF Read Support']) { $image = imagecreatefromgif($files[$i]['dest']); } break; case 'PNG': $image = imagecreatefrompng($files[$i]['dest']); break; } $files[$i]['thumbnail'] = imagecreatetruecolor($files[$i]['pre_x'], $files[$i]['pre_y']); $files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.jpg'; imagecopyresampled($files[$i]['thumbnail'], $image, 0, 0, 0, 0, $files[$i]['pre_x'], $files[$i]['pre_y'], $files[$i]['im_x'], $files[$i]['im_y']); if (BS1_USE_PNG_THUMB) { imagepng($files[$i]['thumbnail'], $thumbpath . $files[$i]['thumbfile'], -1); // Quality } else { imagejpeg($files[$i]['thumbnail'], $thumbpath . $files[$i]['thumbfile'], BS_JPEG_QUALITY); } } } clearstatcache(); if (!file_exists($srcpath . $files[$i]['basic_filename'] . $files[$i]['ext'])) { rename($files[$i]['dest'], $srcpath . $files[$i]['basic_filename'] . '.' . $files[$i]['ext']); } else { $files[$i]['basic_filename'] = "cc" . utf8_substr($time, -4) . "--" . $files[$i]['basic_filename']; rename($files[$i]['dest'], $srcpath . $files[$i]['basic_filename'] . '.' . $files[$i]['ext']); } ++$i; } // // Update post info and add file data if applicable // if ($dataforce['response_to'] === 0) { $parent_id = $post_number; } else { $parent_id = $dataforce['response_to']; } if ($dataforce['response_to'] !== 0 && !$fgsfds['sage'] && $post_count < BS_MAX_BUMPS) { ++$post_count; $dbh->query('UPDATE ' . POSTTABLE . ' SET last_update=' . $time . ', last_response=' . $post_number . ', post_count=' . $post_count . ' WHERE post_number=' . $dataforce['response_to'] . ''); $dbh->query('UPDATE ' . POSTTABLE . ' SET last_update=0 WHERE post_number=' . $post_number . ''); $parent_id = $dataforce['response_to']; } if (!$there_is_no_spoon) { $i = 0; while ($i < $files_count) { $dbh->query('UPDATE ' . POSTTABLE . ' SET has_file=1 WHERE post_number=' . $post_number . ''); $prepared = $dbh->prepare('INSERT INTO ' . FILETABLE . ' (parent_thread,post_ref,file_order,supertype,subtype,mime,filename,extension,filesize,md5,source,license) VALUES (' . '' . $parent_id . ',' . '' . $post_number . ',' . '"' . ($i + 1) . '",' . '"' . $files[$i]['supertype'] . '",' . '"' . $files[$i]['subtype'] . '",' . '"' . $files[$i]['mime'] . '",' . '"' . $files[$i]['basic_filename'] . '",' . '"' . $files[$i]['ext'] . '",' . '"' . $files[$i]['fsize'] . '",' . '"' . $files[$i]['md5'] . '",' . '"' . $files[$i]['file_source'] . '",' . '"' . $files[$i]['file_license'] . '")'); $prepared->execute(); unset($prepared); if ($files[$i]['supertype'] === 'GRAPHICS') { $dbh->query('UPDATE ' . FILETABLE . ' SET image_width=' . $files[$i]['im_x'] . ', image_height=' . $files[$i]['im_y'] . ', preview_name="' . $files[$i]['thumbfile'] . '", preview_width=' . $files[$i]['pre_x'] . ', preview_height=' . $files[$i]['pre_y'] . ', md5="' . $files[$i]['md5'] . '" WHERE post_ref=' . $post_number . ' AND file_order=' . ($i + 1) . ''); } else { if ($files[$i]['subtype'] === 'SWF') { $dbh->query('UPDATE ' . FILETABLE . ' SET image_width=' . $files[$i]['im_x'] . ', image_height=' . $files[$i]['im_y'] . ', md5="' . $files[$i]['md5'] . '" WHERE post_ref=' . $post_number . ' AND file_order=' . ($i + 1) . ''); } } ++$i; } } // // Run the archiving routine if this is a new thread or deleted/expired thread // nel_update_archive_status($dataforce, $dbh); // // Generate response page if it doesn't exist, otherwise update // if (!empty($_SESSION)) { $temp = $_SESSION['ignore_login']; } $return_res = $dataforce['response_to'] === 0 ? $new_thread_dir : $dataforce['response_to']; nel_regen($dataforce, $return_res, 'thread', FALSE, $dbh); $dataforce['archive_update'] = TRUE; nel_regen($dataforce, NULL, 'main', FALSE, $dbh); if (!empty($_SESSION)) { $_SESSION['ignore_login'] = $temp; } return $return_res; }
function nel_staff_panel($dataforce, $authorize, $plugins, $dbh) { $temp_auth = array(); $mode = $dataforce['mode_action']; if (!$authorize->get_user_perm($_SESSION['username'], 'perm_staff_panel')) { nel_derp(102, array('origin' => 'ADMIN')); } require_once INCLUDE_PATH . 'output/staff-panel-generation.php'; if (isset($_POST['staff_name'])) { $staff_name = $_POST['staff_name']; } if ($mode === 'edit' || $mode === 'add') { if (isset($_POST['staff_type'])) { $staff_type = $_POST['staff_type']; } if ($mode === 'add') { if ($authorize->get_user_auth($_POST['staff_name'])) { nel_derp(154, array('origin' => 'ADMIN')); } nel_gen_new_staff($staff_name, $staff_type, $authorize); } else { if ($mode === 'edit') { if (!$authorize->get_user_auth($staff_name)) { nel_derp(150, array('origin' => 'ADMIN')); } } } $temp_auth = $authorize->get_user_auth($staff_name); nel_render_staff_panel_edit($dataforce, $temp_auth); } else { if ($mode === 'update') { $old_pass = $authorize->get_user_setting($staff_name, 'staff_password'); $new_pass = ''; $new_auth = $authorize->get_blank_settings(); foreach ($_POST as $key => $val) { if ($key === 'staff_password') { $new_pass = nel_hash($val, $plugins); } if ($key === 'change_pass' && $new_pass != '') { $new_auth['staff_password'] = $new_pass; } if ($key !== 'mode' && $key !== 'staff_name' && $key !== 'username' && $key !== 'super_sekrit' && $key !== 'staff_password' && $key !== 'change_pass') { if ($val === '1') { $new_auth[$key] = TRUE; } else { $new_auth[$key] = $val; } } $authorize->update_user_auth($staff_name, $new_auth, $authorize); $temp_auth = $new_auth; } $authorize->write_auth_file(); nel_render_staff_panel_add($dataforce, $temp_auth); } else { if ($mode === 'delete') { $authorize->remove_user_auth($staff_name); $authorize->write_auth_file(); nel_render_staff_panel_add($dataforce, $temp_auth); } else { if ($mode == 'panel') { nel_render_staff_panel_add($dataforce, $temp_auth); } else { // error here } } } } }
function generate_auth_file($plugins) { if (!file_exists(FILES_PATH . '/auth_data.nel.php')) { if (DEFAULTADMIN !== '' && DEFAULTADMIN_PASS !== '') { echo 'Creating auth file...'; $new_auth = '<?php $authorized = array( \'' . DEFAULTADMIN . '\' => array( \'settings\' => array( \'staff_password\' => \'' . nel_hash(DEFAULTADMIN_PASS, $plugins) . '\', \'staff_type\' => \'admin\', \'staff_trip\' => \'\'), \'perms\' => array( \'perm_config\' => TRUE, \'perm_staff_panel\' => TRUE, \'perm_ban_panel\' => TRUE, \'perm_thread_panel\' => TRUE, \'perm_mod_mode\' => TRUE, \'perm_ban\' => TRUE, \'perm_delete\' => TRUE, \'perm_post\' => TRUE, \'perm_post_anon\' => TRUE, \'perm_sticky\' => TRUE, \'perm_update_pages\' => TRUE, \'perm_update_cache\' => TRUE )), ); ?>'; if (nel_write_file(FILES_PATH . 'auth_data.nel.php', $new_auth, 0644)) { $stuff_done = TRUE; } else { die('Could not create auth file. Check permissions and config.php then retry installation.'); } } else { $stuff_done = TRUE; echo 'ERROR: Could not create auth file due to invalid or missing admin info. The board will probably work but you will have no administrative abilities. Check your config.php then retry installation.'; } } }