function mod_login($redirect = false) { global $config; $args = array(); if (isset($_POST['login'])) { // Check if inputs are set and not empty if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') { $args['error'] = $config['error']['invalid']; } elseif (!login($_POST['username'], $_POST['password'])) { if ($config['syslog']) { _syslog(LOG_WARNING, 'Unauthorized login attempt!'); } $args['error'] = $config['error']['invalid']; } else { modLog('Logged in'); // Login successful // Set cookies setCookies(); if ($redirect) { header('Location: ?' . $redirect, true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } } } if (isset($_POST['username'])) { $args['username'] = $_POST['username']; } mod_page(_('Login'), 'mod/login.html', $args); }
function error($message, $priority = true) { global $board, $mod, $config; if ($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } if (defined('STDIN')) { // Running from CLI die('Error: ' . $message . "\n"); } die(Element('page.html', array('config' => $config, 'title' => 'Error', 'subtitle' => 'An error has occured.', 'body' => '<center>' . '<h2>' . _($message) . '</h2>' . (isset($board) ? "<p><a href=\"" . $config['root'] . ($mod ? $config['file_mod'] . '?/' : '') . $board['dir'] . $config['file_index'] . "\">Go back</a>.</p>" : '') . '</center>'))); }
function error($message, $priority = true, $debug_stuff = false) { global $board, $mod, $config, $db_error; if (isset($debug_stuff['file'])) { $message .= " {$debug_stuff['file']}"; } if ($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } if (defined('STDIN')) { // Running from CLI echo 'Error: ' . $message . "\n"; debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); die; } if ($config['debug'] && isset($db_error)) { $debug_stuff = array_combine(array('SQLSTATE', 'Error code', 'Error message'), $db_error); } if ($config['debug']) { $debug_stuff['backtrace'] = debug_backtrace(); } // Return the bad request header, necessary for AJAX posts // czaks: is it really so? the ajax errors only work when this is commented out // better yet use it when ajax is disabled if (!isset($_POST['json_response'])) { header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); } // Is there a reason to disable this? if (isset($_POST['json_response'])) { header('Content-Type: text/json; charset=utf-8'); die(json_encode(array('error' => $message))); } $pw = $config['db']['password']; $debug_callback = function (&$item) use(&$debug_callback, $pw) { if (is_array($item)) { $item = array_filter($item, $debug_callback); } return $item !== $pw || !$pw; }; if ($debug_stuff) { $debug_stuff = array_filter($debug_stuff, $debug_callback); } die(Element('page.html', array('config' => $config, 'title' => _('Error'), 'subtitle' => _('An error has occured.'), 'body' => Element('error.html', array('config' => $config, 'message' => $message, 'mod' => $mod, 'board' => isset($board) ? $board : false, 'debug' => is_array($debug_stuff) ? str_replace("\n", ' ', utf8tohtml(print_r($debug_stuff, true))) : utf8tohtml($debug_stuff)))))); }
function modLog($action, $_board = null) { global $mod, $board, $config; $query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)"); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':text', $action); if (isset($_board)) { $query->bindValue(':board', $_board); } elseif (isset($board)) { $query->bindValue(':board', $board['uri']); } else { $query->bindValue(':board', null, PDO::PARAM_NULL); } $query->execute() or error(db_error($query)); if ($config['syslog']) { _syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action); } }
function error($message, $priority = true, $debug_stuff = false) { global $board, $mod, $config, $db_error; if ($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } if (defined('STDIN')) { // Running from CLI die('Error: ' . $message . "\n"); } if ($config['debug'] && isset($db_error)) { $debug_stuff = array_combine(array('SQLSTATE', 'Error code', 'Error message'), $db_error); } // Is there a reason to disable this? if (isset($_POST['json_response'])) { header('Content-Type: text/json; charset=utf-8'); die(json_encode(array('error' => $message))); } die(Element('page.html', array('config' => $config, 'title' => _('Error'), 'subtitle' => _('An error has occured.'), 'body' => Element('error.html', array('config' => $config, 'message' => $message, 'mod' => $mod, 'board' => isset($board) ? $board : false, 'debug' => is_array($debug_stuff) ? str_replace("\n", ' ', utf8tohtml(print_r($debug_stuff, true))) : utf8tohtml($debug_stuff)))))); }
$query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards, :email)'); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->bindValue(':type', 20); $query->bindValue(':boards', $uri); $query->bindValue(':email', $email); $query->execute() or error(db_error($query)); $query = prepare('INSERT INTO ``boards`` (`uri`, `title`, `subtitle`) VALUES (:uri, :title, :subtitle)'); $query->bindValue(':uri', $_POST['uri']); $query->bindValue(':title', $_POST['title']); $query->bindValue(':subtitle', $_POST['subtitle']); $query->execute() or error(db_error($query)); $query = Element('posts.sql', array('board' => $uri)); query($query) or error(db_error()); if (!openBoard($_POST['uri'])) { error(_("Couldn't open board after creation.")); } if ($config['cache']['enabled']) { cache::delete('all_boards'); } // Build the board buildIndex(); rebuildThemes('boards'); $query = prepare("INSERT INTO ``board_create``(uri) VALUES(:uri)"); $query->bindValue(':uri', $uri); $query->execute() or error(db_error()); _syslog(LOG_NOTICE, "New board: {$uri}"); $body = Element("8chan/create_success.html", array("config" => $config, "password" => $_POST['password'], "uri" => $uri)); echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Success"), "subtitle" => _("This was a triumph"))); }
function basic_error_function_because_the_other_isnt_loaded_yet($message, $priority = true) { global $config; if ($config['syslog'] && $priority !== false) { // Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant. _syslog($priority !== true ? $priority : LOG_NOTICE, $message); } // Yes, this is horrible. die('<!DOCTYPE html><html><head><title>Error</title>' . '<style type="text/css">' . 'body{text-align:center;font-family:arial, helvetica, sans-serif;font-size:10pt;}' . 'p{padding:0;margin:20px 0;}' . 'p.c{font-size:11px;}' . '</style></head>' . '<body><h2>Error</h2>' . $message . '<hr/>' . '<p class="c">This alternative error page is being displayed because the other couldn\'t be found or hasn\'t loaded yet.</p></body></html>'); }
} $phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); $like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; } foreach ($filters as $name => $value) { if (!empty($like)) { $like .= ' AND '; } $like .= '`' . $name . '` = ' . $pdo->quote($value); } $like = str_replace('%', '%%', $like); $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); $query->bindValue(':limit', $search_limit, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if ($query->rowCount() == $search_limit) { _syslog(LOG_WARNING, 'Query too broad.'); $body .= '<p class="unimportant" style="text-align:center">(' . _('Query too broad.') . ')</p>'; echo Element('page.html', array('config' => $config, 'title' => 'Search', 'body' => $body)); exit; } $temp = ''; while ($post = $query->fetch()) { if (!$post['thread']) { $po = new Thread($post); } else { $po = new Post($post); } $temp .= $po->build(true) . '<hr/>'; } if (!empty($temp)) { $_body .= '<fieldset><legend>' . sprintf(ngettext('%d result in', '%d results in', $query->rowCount()), $query->rowCount()) . ' <a href="/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . '</a></legend>' . $temp . '</fieldset>';
function _error($data) { // we also print out the error message to the debug log, if activated _syslog(LOG_ERR, $data); }
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var); } $_GET = strip_array($_GET); $_POST = strip_array($_POST); } $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; // If not logged in if (!$mod) { if (isset($_POST['login'])) { // Check if inputs are set and not empty if (!isset($_POST['username']) || !isset($_POST['password']) || empty($_POST['username']) || empty($_POST['password'])) { loginForm($config['error']['invalid'], $_POST['username'], '?' . $query); } if (!login($_POST['username'], $_POST['password'])) { if ($config['syslog']) { _syslog(LOG_WARNING, 'Unauthorized login attempt!'); } loginForm($config['error']['invalid'], $_POST['username'], '?' . $query); } modLog("Logged in."); // Login successful // Set cookies setCookies(); // Redirect if (isset($_POST['redirect'])) { header('Location: ' . $_POST['redirect'], true, $config['redirect_http']); } else { header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']); } } else { loginForm(false, false, '?' . $query);
} $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; if ($noko) { $redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : ''); if (!$post['op'] && isset($_SERVER['HTTP_REFERER'])) { $regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'page50' => str_replace('%d', '(\\d+)', preg_quote($config['file_page50'], '/')), 'res' => preg_quote($config['dir']['res'], '/')); if (preg_match('/\\/' . $regex['board'] . $regex['res'] . $regex['page50'] . '([?&].*)?$/', $_SERVER['HTTP_REFERER'])) { $redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page50'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : ''); } } } else { $redirect = $root . $board['dir'] . $config['file_index']; } buildThread($post['op'] ? $id : $post['thread']); if ($config['syslog']) { _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['op'] ? $id : $post['thread']) . (!$post['op'] ? '#' . $id : '')); } if (!$post['mod']) { header('X-Associated-Content: "' . $redirect . '"'); } if (!isset($_POST['json_response'])) { header('Location: ' . $redirect, true, $config['redirect_http']); } else { header('Content-Type: text/json; charset=utf-8'); echo json_encode(array('redirect' => $redirect, 'noko' => $noko, 'id' => $id)); } if ($config['try_smarter'] && $post['op']) { $build_pages = range(1, $config['max_pages']); } if ($post['op']) { clean();
} $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']; if ($noko) { $redirect = $root . $board['dir'] . $config['dir']['res'] . link_for($post, false, false, $thread) . (!$post['op'] ? '#' . $id : ''); if (!$post['op'] && isset($_SERVER['HTTP_REFERER'])) { $regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'page50' => '(' . str_replace('%d', '(\\d+)', preg_quote($config['file_page50'], '/')) . '|' . str_replace(array('%d', '%s'), array('(\\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '/')) . ')', 'res' => preg_quote($config['dir']['res'], '/')); if (preg_match('/\\/' . $regex['board'] . $regex['res'] . $regex['page50'] . '([?&].*)?$/', $_SERVER['HTTP_REFERER'])) { $redirect = $root . $board['dir'] . $config['dir']['res'] . link_for($post, true, false, $thread) . (!$post['op'] ? '#' . $id : ''); } } } else { $redirect = $root . $board['dir'] . $config['file_index']; } buildThread($post['op'] ? $id : $post['thread']); if ($config['syslog']) { _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : '')); } if (!$post['mod']) { header('X-Associated-Content: "' . $redirect . '"'); } if (!isset($_POST['json_response'])) { header('Location: ' . $redirect, true, $config['redirect_http']); } else { header('Content-Type: text/json; charset=utf-8'); echo json_encode(array('redirect' => $redirect, 'noko' => $noko, 'id' => $id)); } if ($config['try_smarter'] && $post['op']) { $build_pages = range(1, $config['max_pages']); } if ($post['op']) { clean();
unset($user_boards[array_search($board['uri'], $user_boards)]); $_query = prepare('UPDATE ``mods`` SET `boards` = :boards WHERE `id` = :id'); $_query->bindValue(':boards', implode(',', $user_boards)); $_query->bindValue(':id', $user['id']); $_query->execute() or error(db_error($_query)); } } // Delete entire board directory exec('rm -rf ' . $board['uri'] . '/'); rrmdir('static/banners/' . $board['uri']); file_unlink("stylesheets/board/{$board['uri']}.css"); // HAAAAAX if ($config['dir']['img_root'] != '') { rrmdir($config['dir']['img_root'] . $board['uri']); } if ($config['cache']['enabled']) { cache::delete('board_' . $board['uri']); } _syslog(LOG_NOTICE, "Board deleted: {$board['uri']}"); if ($d['mod']) { $query = prepare('DELETE FROM ``mods`` WHERE `username` = BINARY :id'); $query->bindValue(':id', $d['mod']); $query->execute() or error(db_error($query)); } } fclose($f); } cache::delete('all_boards_uri'); cache::delete('all_boards'); rebuildThemes('boards'); $query = query('DELETE FROM board_create WHERE uri NOT IN (SELECT uri FROM boards);') or error(db_error());