public function loginValidate() { // Remove old login attempts $this->db->delete("loginattempts")->condition("attempt_time", time() - 1200, "<")->execute(); // Are we locked out still? $results = $this->db->select("loginattempts")->fields("loginattempts", array("attempt_ip"))->condition("attempt_ip", $_SERVER['REMOTE_ADDR'])->execute()->fetchAll(); if (count($results) > 5) { kxFunc::showError(_gettext('System lockout'), _gettext('Sorry, because of your numerous failed logins, you have been locked out from logging in for 20 minutes. Please wait and then try again.')); } else { // Find users with the username supplied to us $results = $this->db->select("staff")->fields("staff", array("user_id", "user_name", "user_password", "user_salt"))->condition("user_name", $this->request['username'])->execute()->fetchAll(); if (count($results) > 0) { if (md5($this->request['password'] . $results[0]->user_salt) == $results[0]->user_password) { // Let's make our session $session_id = md5(uniqid(microtime())); $this->request['sid'] = $session_id; // Delete any sessions that already exist for this user $this->db->delete("manage_sessions")->condition("session_staff_id", $results[0]->user_id)->execute(); // Insert our new values $this->db->insert("manage_sessions")->fields(array('session_id' => $session_id, 'session_ip' => $_SERVER['REMOTE_ADDR'], 'session_staff_id' => $results[0]->user_id, 'session_location' => "index", 'session_log_in_time' => time(), 'session_last_action' => time(), 'session_url' => ""))->execute(); // Set the cookies so ajax functions will load $this->SetModerationCookies(); //$this->environment->get('kx:classes:core:logging:id')->manageLog(_gettext('Logged in'), 1); // Let's figure out where we need to go $whereto = ""; // Unfiltered on purpose if ($_POST['qstring']) { $whereto = stripslashes($_POST['qstring']); $whereto = str_replace(kxEnv::Get('kx:paths:script:path'), "", $whereto); $whereto = str_ireplace("?manage.php", "", $whereto); $whereto = ltrim($whereto, '?'); $whereto = preg_replace("/sid=(\\w){32}/", "", $whereto); $whereto = str_replace(array('old_&', 'old_&'), "", $whereto); $whereto = str_replace("module=login", "", $whereto); $whereto = str_replace("do=login-validate", "", $whereto); $whereto = str_replace('&', '&', $whereto); $whereto = preg_replace("/&{1,}/", "&", $whereto); } $url = kxEnv::Get('kx:paths:script:path') . kxEnv::Get('kx:paths:script:folder') . '/manage.php?sid=' . $session_id . '&' . $whereto; if (!empty($_COOKIE['use_frames'])) { $twigData['url'] = $url; kxTemplate::output("manage/frames", $twigData); } else { kxFunc::doRedirect($url, true); } exit; } else { $this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute(); $this->showForm(_gettext('Incorrect username/password.')); } } else { $this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute(); $this->showForm(_gettext('Incorrect username/password.')); } } }
public function checkFields($postData) { if (!$postData['is_reply']) { if (empty($postData['files'][0])) { kxFunc::showError(_gettext('A file is required for a new thread.')); } } else { if (!$this->postClass->checkEmpty($postData)) { kxFunc::showError(_gettext('An image, or message, is required for a reply.')); } } }
public function checkFields($postData) { if ($postData['is_reply']) { if (!$postClass->checkEmpty($postData)) { kxFunc::showError(_gettext('A message is required for a reply.')); } } else { $result = $this->db->select("posts")->countQuery()->condition("post_board", $this->board->board_id)->condition("post_deleted", 0)->condition("post_subject", substr($postData['subject'], 0, 74))->condition("post_parent", 0)->execute()->fetchField(); if ($result > 0) { kxFunc::showError(_gettext('Duplicate thread subject'), _gettext('Text boards may have only one thread with a unique subject. Please pick another.')); } } }
public function checkFields($postData) { if (!$postData['is_reply']) { if (empty($postData['files'][0]) && !$postData['is_oekaki'] && (!isset($this->request['nofile']) && $this->board->board_enable_no_file == 1 || $this->board->board_enable_no_file)) { kxFunc::showError(_gettext('A file is required for a new thread.')); } } else { if (!$postData['is_oekaki'] && !$this->postClass->checkEmpty($postData)) { kxFunc::showError(_gettext('An image, or message, is required for a reply.')); } } if (isset($this->request['nofile']) && $this->board->board_enable_no_file == 1) { if (!$this->postClass->checkNoFile) { kxFunc::showError('A message is required to post without a file.'); } } }
public function checkFields($postData) { if (!$postData['is_reply']) { if (($this->board->board_upload_type == 1 || $this->board->board_upload_type == 2) && !empty($this->board->board_embeds_allowed)) { if ($this->postClass->checkEmbed($postData)) { kxFunc::showError(_gettext('Please enter an embed ID.')); } } if (empty($postData['files'][0]) && (!isset($this->request['nofile']) && $this->board->board_enable_no_file == 1 || $this->board->board_enable_no_file == 0)) { if ($this->board->board_upload_type != 0 && empty($this->request['embed']) || $this->board->board_upload_type == 0) { kxFunc::showError(_gettext('A file is required for a new thread. If embedding is allowed, either a file or embed ID is required.')); } } } else { if (!$this->postClass->checkEmpty($postData)) { kxFunc::showError(_gettext('An image, or message, is required for a reply.')); } } if (isset($this->request['nofile']) && $this->board->board_enable_no_file == 1) { if (!$this->postClass->checkNoFile) { kxFunc::showError('A message is required to post without a file.'); } } }
public function exec(kxEnv $environment) { // Before we do anything, let's check if we even have any board info if (!$this->request['board']) { die; kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath')); } // Grabing essential data about the board $boardType = $this->db->select("boards")->fields("boards", array("board_type"))->condition("board_name", $this->request['board'])->execute()->fetchField(); // Uh oh! Someone's being naughty! Silently redirect them to the mainpage if they supply us with a non-existing board. if ($boardType === false) { kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath')); } //Check against our built-in board types. if (in_array($boardType, array(0, 1, 2, 3))) { $types = array('image', 'text', 'oekaki', 'upload'); $module_to_load = $types[$boardType]; } else { $result = $this->db->select("modules")->fields("modules", array("module_variables", "module_directory"))->condition("module_application", 1)->execute()->fetchAll(); foreach ($result as $line) { $varibles = unserialize($line->module_variables); if (isset($variables['board_type_id']) && $variables['board_type_id'] == $boardType) { $module_to_load = $line->module_directory; } } } // Module loading time! $moduledir = kxFunc::getAppDir("board") . '/modules/public/' . $module_to_load . '/'; if (file_exists($moduledir . $module_to_load . '.php')) { require_once $moduledir . $module_to_load . '.php'; } else { kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath')); } // Some routine checks... $className = "public_board_" . $module_to_load . "_" . $module_to_load; if (class_exists($className)) { $module_class = new ReflectionClass($className); if ($module_class->isSubClassOf(new ReflectionClass('kxCmd'))) { $this->_boardClass = $module_class->newInstance($this->environment); $this->_boardClass->execute($this->environment); } else { kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath')); } } else { kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath')); } // Include our posting class require_once kxFunc::getAppDir('core') . '/classes/posting.php'; $this->_postingClass = new posting($this->environment); $this->environment->set('kx:classes:board:posting:id', $this->_postingClass); // Phew, that's over with. Let's now prepare our post for generation. //Are we UTF-8? $this->_postingClass->checkUTF8(); // Is post valid according to our board's spec? if ($this->_boardClass->validPost()) { $this->db->startTransaction(); // Do we have files? $this->postData['files'] = isset($_FILES['imagefile']) ? $_FILES['imagefile']['name'] : ''; // Backwards compatability hack for dumpers that don't support multifile uploading if ($this->postData['files'] && !is_array($this->postData['files'])) { foreach ($_FILES['imagefile'] as $key => $value) { $_FILES['imagefile'][$key] = array($value); } $this->postData['files'] = array($_FILES['imagefile']['name'][0]); } $this->postData['is_reply'] = $this->_postingClass->isReply($this->_boardClass->board->board_id); $this->_postingClass->checkPostingTime($this->postData['is_reply'], $this->_boardClass->board->board_id); $this->_postingClass->checkMessageLength($this->_boardClass->board->max_message_length); $this->_postingClass->checkBlacklistedText($this->_boardClass->board->board_id); $this->_postingClass->checkCaptcha($this->_boardClass->board, $this->postData); $this->_postingClass->checkBannedHash($this->_boardClass->board); //How many replies, is the thread locked, etc if ($this->postData['is_reply']) { $this->postData['thread_info'] = $this->_postingClass->threadInfo($this->_boardClass->board_id, $this->request['replythread']); } else { $this->postData['thread_info'] = array('replies' => 0, 'locked' => 0, 'parent' => 0); } // Subject, email, etc fields need special processing $this->postData['post_fields'] = $this->_postingClass->parseFields(); $this->postData['post_fields']['postpassword'] = isset($this->request['postpassword']) ? $this->request['postpassword'] : ''; $nextid = $this->db->select("posts")->fields("posts", array("post_id"))->condition("post_board", $this->_boardClass->board->board_id)->execute()->fetchField(); if ($nextid) { $this->postData['next_id'] = $nextid + 1; } else { $this->postData['next_id'] = 1; } // Are we modposting? $this->postData['user_authority'] = $this->_postingClass->userAuthority(); if (isset($this->request['displaystaffstatus'])) { $this->postData['flags'] .= 'D'; } if (isset($this->request['lockonpost'])) { $this->postData['flags'] .= 'L'; } if (isset($this->request['stickyonpost'])) { $this->postData['flags'] .= 'S'; } if (isset($this->request['rawhtml'])) { $this->postData['flags'] .= 'RH'; } if (isset($this->request['usestaffname'])) { $this->postData['flags'] .= 'N'; } $this->postData['display_status'] = 0; $this->postData['lock_on_post'] = 0; $this->postData['sticky_on_post'] = 0; // If they are just a normal user, or vip... if ($this->postData['user_authority'] == 0 || $this->postData['user_authority'] > 2) { // If the thread is locked if ($this->postData['thread_info']['locked'] == 1) { // Don't let the user post kxFunc::showError(_gettext('Sorry, this thread is locked and can not be replied to.')); } $this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']); // Or, if they are a moderator/administrator... } else { // If they checked the D checkbox, set the variable to tell the script to display their staff status (Admin/Mod) on the post during insertion if (isset($this->request['displaystaffstatus'])) { $this->postData['display_status'] = true; } // If they checked the RH checkbox, set the variable to tell the script to insert the post as-is... if (isset($this->request['rawhtml'])) { $this->postData['thread_info']['message'] = $this->request['message']; // Otherwise, parse it as usual... } else { $this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']); } // If they checked the L checkbox, set the variable to tell the script to lock the post after insertion if (isset($this->request['lockonpost'])) { $this->postData['lock_on_post'] = true; } // If they checked the S checkbox, set the variable to tell the script to sticky the post after insertion if (isset($this->request['stickyonpost'])) { $this->postData['sticky_on_post'] = true; } if (isset($this->request['usestaffname'])) { $_POST['name'] = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed')); $post_name = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed')); } } //kxFunc::checkBadUnicode($this->postData['post_fields']); $this->_boardClass->processPost($this->postData); $url = kxEnv::Get("kx:paths:boards:path") . '/' . $this->_boardClass->board->board_name; if (!$this->postData['is_reply']) { $url .= '/' . kxEnv::Get('kx:pages:first'); } else { $url .= '/res/' . intval($this->request['replythread']) . '.html'; } @header('Location: ' . $url); } }
/** * Calls checkRules for each ruleset * * @access public */ public static function check() { try { foreach (self::$rules as $key => $value) { self::_checkRules($key, $value); } } catch (kxException $kxE) { kxFunc::showError($kxE->getMessage()); } self::$values = array(); self::$rules = array(); }
public function processPost($postData) { if (empty($this->postClass)) { $this->postClass = $this->environment->get('kx:classes:board:posting:id'); } $this->checkFields($postData); if ($this->board->board_locked == 1 && ($postData['user_authority'] != 1 && $postData['user_authority'] != 2)) { kxFunc::showError(_gettext('Sorry, this board is locked and can not be posted in.')); } else { $files = $this->doUpload($postData); $this->postClass->forcedAnon($postData, $this->board); $nameAndTrip = $this->postClass->handleTripcode($postData); $post_passwordmd5 = $postData['post_fields']['postpassword'] == '' ? '' : md5($postData['post_fields']['postpassword']); $commands = $this->postClass->checkPostCommands($postData); $this->postClass->checkEmptyReply($postData); $post = array(); $post['board'] = $this->board->board_name; $post['name'] = substr($nameAndTrip[0], 0, 74); $post['name_save'] = true; $post['tripcode'] = $nameAndTrip[1]; $post['email'] = substr($postData['post_fields']['email'], 0, 74); // First array is the converted form of the japanese characters meaning sage, second meaning age // Needs converting //$ords_email = unistr_to_ords($post_email); $ords_email = array(); if (strtolower($this->request['em']) != 'sage' && $ords_email != array(19979, 12370) && strtolower($this->request['em']) != 'age' && $ords_email != array(19978, 12370) && $this->request['em'] != 'return' && $this->request['em'] != 'noko') { $post['email_save'] = true; } else { $post['email_save'] = false; } $post['subject'] = substr($postData['post_fields']['subject'], 0, 74); $post['message'] = $postData['thread_info']['message']; if (isset($postData['thread_info']['tag'])) { $post['tag'] = $postData['thread_info']['tag']; } //Needs 1.0 equivalent // $post = hook_process('posting', $post); $post['post_id'] = $this->postClass->makePost($postData, $post, $files, $_SERVER['REMOTE_ADDR'], $commands['sticky'], $commands['lock'], $this->board); $this->postClass->modPost(array_merge($postData, $post), $this->board); $this->postClass->setCookies($post); $this->postClass->checkSage($postData, $this->board); $this->postClass->updateThreadWatch($postData, $this->board); // Trim any threads which have been pushed past the limit, or exceed the maximum age limit //kxExec:TrimToPageLimit($board_class->board); // Regenerate board pages $this->regeneratePages(); if ($postData['thread_info']['parent'] == 0) { // Regenerate the thread $this->regenerateThreads($post['post_id']); } else { // Regenerate the thread $this->regenerateThreads($postData['thread_info']['parent']); } } }
public function checkBlacklistedText($boardId) { $filters = kxEnv::Get("cache:filters:spamfilters"); /*$filters = $this->db->select("filter") ->fields("filter") ->condition("filter_type", 2, ">=") ->orderBy("filter_type", "DESC") ->execute() ->fetchAll();*/ $reported = 0; if (isset($filters)) { foreach ($filters as $filter) { if ((!$filter->filter_boards || in_array($boardId, unserialize($filter->filter_boards))) && (!$filter->filter_regex && stripos($this->request['message'], $filter->filter_word) !== false) || $filter->filter_regex && preg_match($filter->filter_word, $this->request['message'])) { // They included blacklisted text in their post. What do we do? if ($filter->filter_type & 8) { // Ban them if they have the ban flag set on this filter $punishment = unserialize($filter->filter_punishment); kxBans::banUser($_SERVER['REMOTE_ADDR'], 'board.php', 1, $punishment['banlength'], $filter->filter_boards, _gettext('Posting blacklisted text.') . ' (' . $filter . ')', $this->request['message']); } if ($filter->filter_type & 4) { // Stop the post from happening if the delete flag is set kxFunc::showError(sprintf(_gettext('Blacklisted text ( %s ) detected.'), $filter)); } if ($filter->filter_type & 2 && !$reported) { // Report flag is set, report the post $reported = 1; // TODO add this later } } } } }