public function loginValidate()
{
// Remove old login attempts
$this->db->delete("loginattempts")->condition("attempt_time", time() - 1200, "<")->execute();
// Are we locked out still?
$results = $this->db->select("loginattempts")->fields("loginattempts", array("attempt_ip"))->condition("attempt_ip", $_SERVER['REMOTE_ADDR'])->execute()->fetchAll();
if (count($results) > 5) {
kxFunc::showError(_gettext('System lockout'), _gettext('Sorry, because of your numerous failed logins, you have been locked out from logging in for 20 minutes. Please wait and then try again.'));
} else {
// Find users with the username supplied to us
$results = $this->db->select("staff")->fields("staff", array("user_id", "user_name", "user_password", "user_salt"))->condition("user_name", $this->request['username'])->execute()->fetchAll();
if (count($results) > 0) {
if (md5($this->request['password'] . $results[0]->user_salt) == $results[0]->user_password) {
// Let's make our session
$session_id = md5(uniqid(microtime()));
$this->request['sid'] = $session_id;
// Delete any sessions that already exist for this user
$this->db->delete("manage_sessions")->condition("session_staff_id", $results[0]->user_id)->execute();
// Insert our new values
$this->db->insert("manage_sessions")->fields(array('session_id' => $session_id, 'session_ip' => $_SERVER['REMOTE_ADDR'], 'session_staff_id' => $results[0]->user_id, 'session_location' => "index", 'session_log_in_time' => time(), 'session_last_action' => time(), 'session_url' => ""))->execute();
// Set the cookies so ajax functions will load
$this->SetModerationCookies();
//$this->environment->get('kx:classes:core:logging:id')->manageLog(_gettext('Logged in'), 1);
// Let's figure out where we need to go
$whereto = "";
// Unfiltered on purpose
if ($_POST['qstring']) {
$whereto = stripslashes($_POST['qstring']);
$whereto = str_replace(kxEnv::Get('kx:paths:script:path'), "", $whereto);
$whereto = str_ireplace("?manage.php", "", $whereto);
$whereto = ltrim($whereto, '?');
$whereto = preg_replace("/sid=(\\w){32}/", "", $whereto);
$whereto = str_replace(array('old_&', 'old_&'), "", $whereto);
$whereto = str_replace("module=login", "", $whereto);
$whereto = str_replace("do=login-validate", "", $whereto);
$whereto = str_replace('&', '&', $whereto);
$whereto = preg_replace("/&{1,}/", "&", $whereto);
}
$url = kxEnv::Get('kx:paths:script:path') . kxEnv::Get('kx:paths:script:folder') . '/manage.php?sid=' . $session_id . '&' . $whereto;
if (!empty($_COOKIE['use_frames'])) {
$twigData['url'] = $url;
kxTemplate::output("manage/frames", $twigData);
} else {
kxFunc::doRedirect($url, true);
}
exit;
} else {
$this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute();
$this->showForm(_gettext('Incorrect username/password.'));
}
} else {
$this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute();
$this->showForm(_gettext('Incorrect username/password.'));
}
}
}
public function checkFields($postData)
{
if (!$postData['is_reply']) {
if (empty($postData['files'][0])) {
kxFunc::showError(_gettext('A file is required for a new thread.'));
}
} else {
if (!$this->postClass->checkEmpty($postData)) {
kxFunc::showError(_gettext('An image, or message, is required for a reply.'));
}
}
}
public function checkFields($postData)
{
if ($postData['is_reply']) {
if (!$postClass->checkEmpty($postData)) {
kxFunc::showError(_gettext('A message is required for a reply.'));
}
} else {
$result = $this->db->select("posts")->countQuery()->condition("post_board", $this->board->board_id)->condition("post_deleted", 0)->condition("post_subject", substr($postData['subject'], 0, 74))->condition("post_parent", 0)->execute()->fetchField();
if ($result > 0) {
kxFunc::showError(_gettext('Duplicate thread subject'), _gettext('Text boards may have only one thread with a unique subject. Please pick another.'));
}
}
}
public function checkFields($postData)
{
if (!$postData['is_reply']) {
if (empty($postData['files'][0]) && !$postData['is_oekaki'] && (!isset($this->request['nofile']) && $this->board->board_enable_no_file == 1 || $this->board->board_enable_no_file)) {
kxFunc::showError(_gettext('A file is required for a new thread.'));
}
} else {
if (!$postData['is_oekaki'] && !$this->postClass->checkEmpty($postData)) {
kxFunc::showError(_gettext('An image, or message, is required for a reply.'));
}
}
if (isset($this->request['nofile']) && $this->board->board_enable_no_file == 1) {
if (!$this->postClass->checkNoFile) {
kxFunc::showError('A message is required to post without a file.');
}
}
}
public function checkFields($postData)
{
if (!$postData['is_reply']) {
if (($this->board->board_upload_type == 1 || $this->board->board_upload_type == 2) && !empty($this->board->board_embeds_allowed)) {
if ($this->postClass->checkEmbed($postData)) {
kxFunc::showError(_gettext('Please enter an embed ID.'));
}
}
if (empty($postData['files'][0]) && (!isset($this->request['nofile']) && $this->board->board_enable_no_file == 1 || $this->board->board_enable_no_file == 0)) {
if ($this->board->board_upload_type != 0 && empty($this->request['embed']) || $this->board->board_upload_type == 0) {
kxFunc::showError(_gettext('A file is required for a new thread. If embedding is allowed, either a file or embed ID is required.'));
}
}
} else {
if (!$this->postClass->checkEmpty($postData)) {
kxFunc::showError(_gettext('An image, or message, is required for a reply.'));
}
}
if (isset($this->request['nofile']) && $this->board->board_enable_no_file == 1) {
if (!$this->postClass->checkNoFile) {
kxFunc::showError('A message is required to post without a file.');
}
}
}
public function exec(kxEnv $environment)
{
// Before we do anything, let's check if we even have any board info
if (!$this->request['board']) {
die;
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Grabing essential data about the board
$boardType = $this->db->select("boards")->fields("boards", array("board_type"))->condition("board_name", $this->request['board'])->execute()->fetchField();
// Uh oh! Someone's being naughty! Silently redirect them to the mainpage if they supply us with a non-existing board.
if ($boardType === false) {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
//Check against our built-in board types.
if (in_array($boardType, array(0, 1, 2, 3))) {
$types = array('image', 'text', 'oekaki', 'upload');
$module_to_load = $types[$boardType];
} else {
$result = $this->db->select("modules")->fields("modules", array("module_variables", "module_directory"))->condition("module_application", 1)->execute()->fetchAll();
foreach ($result as $line) {
$varibles = unserialize($line->module_variables);
if (isset($variables['board_type_id']) && $variables['board_type_id'] == $boardType) {
$module_to_load = $line->module_directory;
}
}
}
// Module loading time!
$moduledir = kxFunc::getAppDir("board") . '/modules/public/' . $module_to_load . '/';
if (file_exists($moduledir . $module_to_load . '.php')) {
require_once $moduledir . $module_to_load . '.php';
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Some routine checks...
$className = "public_board_" . $module_to_load . "_" . $module_to_load;
if (class_exists($className)) {
$module_class = new ReflectionClass($className);
if ($module_class->isSubClassOf(new ReflectionClass('kxCmd'))) {
$this->_boardClass = $module_class->newInstance($this->environment);
$this->_boardClass->execute($this->environment);
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Include our posting class
require_once kxFunc::getAppDir('core') . '/classes/posting.php';
$this->_postingClass = new posting($this->environment);
$this->environment->set('kx:classes:board:posting:id', $this->_postingClass);
// Phew, that's over with. Let's now prepare our post for generation.
//Are we UTF-8?
$this->_postingClass->checkUTF8();
// Is post valid according to our board's spec?
if ($this->_boardClass->validPost()) {
$this->db->startTransaction();
// Do we have files?
$this->postData['files'] = isset($_FILES['imagefile']) ? $_FILES['imagefile']['name'] : '';
// Backwards compatability hack for dumpers that don't support multifile uploading
if ($this->postData['files'] && !is_array($this->postData['files'])) {
foreach ($_FILES['imagefile'] as $key => $value) {
$_FILES['imagefile'][$key] = array($value);
}
$this->postData['files'] = array($_FILES['imagefile']['name'][0]);
}
$this->postData['is_reply'] = $this->_postingClass->isReply($this->_boardClass->board->board_id);
$this->_postingClass->checkPostingTime($this->postData['is_reply'], $this->_boardClass->board->board_id);
$this->_postingClass->checkMessageLength($this->_boardClass->board->max_message_length);
$this->_postingClass->checkBlacklistedText($this->_boardClass->board->board_id);
$this->_postingClass->checkCaptcha($this->_boardClass->board, $this->postData);
$this->_postingClass->checkBannedHash($this->_boardClass->board);
//How many replies, is the thread locked, etc
if ($this->postData['is_reply']) {
$this->postData['thread_info'] = $this->_postingClass->threadInfo($this->_boardClass->board_id, $this->request['replythread']);
} else {
$this->postData['thread_info'] = array('replies' => 0, 'locked' => 0, 'parent' => 0);
}
// Subject, email, etc fields need special processing
$this->postData['post_fields'] = $this->_postingClass->parseFields();
$this->postData['post_fields']['postpassword'] = isset($this->request['postpassword']) ? $this->request['postpassword'] : '';
$nextid = $this->db->select("posts")->fields("posts", array("post_id"))->condition("post_board", $this->_boardClass->board->board_id)->execute()->fetchField();
if ($nextid) {
$this->postData['next_id'] = $nextid + 1;
} else {
$this->postData['next_id'] = 1;
}
// Are we modposting?
$this->postData['user_authority'] = $this->_postingClass->userAuthority();
if (isset($this->request['displaystaffstatus'])) {
$this->postData['flags'] .= 'D';
}
if (isset($this->request['lockonpost'])) {
$this->postData['flags'] .= 'L';
}
if (isset($this->request['stickyonpost'])) {
$this->postData['flags'] .= 'S';
}
if (isset($this->request['rawhtml'])) {
$this->postData['flags'] .= 'RH';
}
if (isset($this->request['usestaffname'])) {
$this->postData['flags'] .= 'N';
}
$this->postData['display_status'] = 0;
$this->postData['lock_on_post'] = 0;
$this->postData['sticky_on_post'] = 0;
// If they are just a normal user, or vip...
if ($this->postData['user_authority'] == 0 || $this->postData['user_authority'] > 2) {
// If the thread is locked
if ($this->postData['thread_info']['locked'] == 1) {
// Don't let the user post
kxFunc::showError(_gettext('Sorry, this thread is locked and can not be replied to.'));
}
$this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']);
// Or, if they are a moderator/administrator...
} else {
// If they checked the D checkbox, set the variable to tell the script to display their staff status (Admin/Mod) on the post during insertion
if (isset($this->request['displaystaffstatus'])) {
$this->postData['display_status'] = true;
}
// If they checked the RH checkbox, set the variable to tell the script to insert the post as-is...
if (isset($this->request['rawhtml'])) {
$this->postData['thread_info']['message'] = $this->request['message'];
// Otherwise, parse it as usual...
} else {
$this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']);
}
// If they checked the L checkbox, set the variable to tell the script to lock the post after insertion
if (isset($this->request['lockonpost'])) {
$this->postData['lock_on_post'] = true;
}
// If they checked the S checkbox, set the variable to tell the script to sticky the post after insertion
if (isset($this->request['stickyonpost'])) {
$this->postData['sticky_on_post'] = true;
}
if (isset($this->request['usestaffname'])) {
$_POST['name'] = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed'));
$post_name = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed'));
}
}
//kxFunc::checkBadUnicode($this->postData['post_fields']);
$this->_boardClass->processPost($this->postData);
$url = kxEnv::Get("kx:paths:boards:path") . '/' . $this->_boardClass->board->board_name;
if (!$this->postData['is_reply']) {
$url .= '/' . kxEnv::Get('kx:pages:first');
} else {
$url .= '/res/' . intval($this->request['replythread']) . '.html';
}
@header('Location: ' . $url);
}
}
/**
* Calls checkRules for each ruleset
*
* @access public
*/
public static function check()
{
try {
foreach (self::$rules as $key => $value) {
self::_checkRules($key, $value);
}
} catch (kxException $kxE) {
kxFunc::showError($kxE->getMessage());
}
self::$values = array();
self::$rules = array();
}
public function processPost($postData)
{
if (empty($this->postClass)) {
$this->postClass = $this->environment->get('kx:classes:board:posting:id');
}
$this->checkFields($postData);
if ($this->board->board_locked == 1 && ($postData['user_authority'] != 1 && $postData['user_authority'] != 2)) {
kxFunc::showError(_gettext('Sorry, this board is locked and can not be posted in.'));
} else {
$files = $this->doUpload($postData);
$this->postClass->forcedAnon($postData, $this->board);
$nameAndTrip = $this->postClass->handleTripcode($postData);
$post_passwordmd5 = $postData['post_fields']['postpassword'] == '' ? '' : md5($postData['post_fields']['postpassword']);
$commands = $this->postClass->checkPostCommands($postData);
$this->postClass->checkEmptyReply($postData);
$post = array();
$post['board'] = $this->board->board_name;
$post['name'] = substr($nameAndTrip[0], 0, 74);
$post['name_save'] = true;
$post['tripcode'] = $nameAndTrip[1];
$post['email'] = substr($postData['post_fields']['email'], 0, 74);
// First array is the converted form of the japanese characters meaning sage, second meaning age
// Needs converting
//$ords_email = unistr_to_ords($post_email);
$ords_email = array();
if (strtolower($this->request['em']) != 'sage' && $ords_email != array(19979, 12370) && strtolower($this->request['em']) != 'age' && $ords_email != array(19978, 12370) && $this->request['em'] != 'return' && $this->request['em'] != 'noko') {
$post['email_save'] = true;
} else {
$post['email_save'] = false;
}
$post['subject'] = substr($postData['post_fields']['subject'], 0, 74);
$post['message'] = $postData['thread_info']['message'];
if (isset($postData['thread_info']['tag'])) {
$post['tag'] = $postData['thread_info']['tag'];
}
//Needs 1.0 equivalent
// $post = hook_process('posting', $post);
$post['post_id'] = $this->postClass->makePost($postData, $post, $files, $_SERVER['REMOTE_ADDR'], $commands['sticky'], $commands['lock'], $this->board);
$this->postClass->modPost(array_merge($postData, $post), $this->board);
$this->postClass->setCookies($post);
$this->postClass->checkSage($postData, $this->board);
$this->postClass->updateThreadWatch($postData, $this->board);
// Trim any threads which have been pushed past the limit, or exceed the maximum age limit
//kxExec:TrimToPageLimit($board_class->board);
// Regenerate board pages
$this->regeneratePages();
if ($postData['thread_info']['parent'] == 0) {
// Regenerate the thread
$this->regenerateThreads($post['post_id']);
} else {
// Regenerate the thread
$this->regenerateThreads($postData['thread_info']['parent']);
}
}
}
public function checkBlacklistedText($boardId)
{
$filters = kxEnv::Get("cache:filters:spamfilters");
/*$filters = $this->db->select("filter")
->fields("filter")
->condition("filter_type", 2, ">=")
->orderBy("filter_type", "DESC")
->execute()
->fetchAll();*/
$reported = 0;
if (isset($filters)) {
foreach ($filters as $filter) {
if ((!$filter->filter_boards || in_array($boardId, unserialize($filter->filter_boards))) && (!$filter->filter_regex && stripos($this->request['message'], $filter->filter_word) !== false) || $filter->filter_regex && preg_match($filter->filter_word, $this->request['message'])) {
// They included blacklisted text in their post. What do we do?
if ($filter->filter_type & 8) {
// Ban them if they have the ban flag set on this filter
$punishment = unserialize($filter->filter_punishment);
kxBans::banUser($_SERVER['REMOTE_ADDR'], 'board.php', 1, $punishment['banlength'], $filter->filter_boards, _gettext('Posting blacklisted text.') . ' (' . $filter . ')', $this->request['message']);
}
if ($filter->filter_type & 4) {
// Stop the post from happening if the delete flag is set
kxFunc::showError(sprintf(_gettext('Blacklisted text ( %s ) detected.'), $filter));
}
if ($filter->filter_type & 2 && !$reported) {
// Report flag is set, report the post
$reported = 1;
// TODO add this later
}
}
}
}
}
