function regist($name, $email, $sub, $com, $url, $pwd, $upfile, $upfile_name, $resto) { global $path, $badstring, $badfile, $badip, $pwdc, $textonly; $dest = ""; $mes = ""; // 時間 $time = time(); $tim = $time . substr(microtime(), 2, 3); // アップロード処理 if ($upfile && file_exists($upfile)) { $dest = $path . $tim . '.tmp'; move_uploaded_file($upfile, $dest); //↑でエラーなら↓に変更 //copy($upfile, $dest); $upfile_name = CleanStr($upfile_name); if (!is_file($dest)) { error("アップロードに失敗しました<br>サーバがサポートしていない可能性があります", $dest); } $size = getimagesize($dest); if (!is_array($size)) { error("アップロードに失敗しました<br>画像ファイル以外は受け付けません", $dest); } $chk = md5_of_file($dest); foreach ($badfile as $value) { if (preg_match("^{$value}", $chk)) { error("アップロードに失敗しました<br>同じ画像がありました", $dest); //拒絶画像 } } chmod($dest, 0666); $W = $size[0]; $H = $size[1]; switch ($size[2]) { case 1: $ext = ".gif"; break; case 2: $ext = ".jpg"; break; case 3: $ext = ".png"; break; case 4: $ext = ".swf"; break; case 5: $ext = ".psd"; break; case 6: $ext = ".bmp"; break; case 13: $ext = ".swf"; break; default: $ext = ".xxx"; error("対応しないフォーマットです。", $dest); } // 画像表示縮小 if ($W > MAX_W || $H > MAX_H) { $W2 = MAX_W / $W; $H2 = MAX_H / $H; $W2 < $H2 ? $key = $W2 : ($key = $H2); $W = ceil($W * $key); $H = ceil($H * $key); } $mes = "画像 {$upfile_name} のアップロードが成功しました<br><br>"; } // foreach($badstring as $value){if(pregereg_replace_match($value,$com)||preg_match($value,$sub)||preg_match($value,$name)||preg_match($value,$email)){ // error("拒絶されました(str)",$dest);};} if ($_SERVER["REQUEST_METHOD"] != "POST") { error("不正な投稿をしないで下さい(post)", $dest); } // フォーム内容をチェック if (!$name || preg_match("^[ | |]*\$", $name)) { $name = ""; } if (!$com || preg_match("^[ | |\t]*\$", $com)) { $com = ""; } if (!$sub || preg_match("^[ | |]*\$", $sub)) { $sub = ""; } if (!$resto && !$textonly && !is_file($dest)) { error("画像がありません", $dest); } if (!$com && !is_file($dest)) { error("何か書いて下さい", $dest); } $name = preg_replace("管理", "\"管理\"", $name); $name = preg_replace("削除", "\"削除\"", $name); if (strlen($com) > 1000) { error("本文が長すぎますっ!", $dest); } if (strlen($name) > 100) { error("本文が長すぎますっ!", $dest); } if (strlen($email) > 100) { error("本文が長すぎますっ!", $dest); } if (strlen($sub) > 100) { error("本文が長すぎますっ!", $dest); } if (strlen($resto) > 10) { error("異常です", $dest); } if (strlen($url) > 10) { error("異常です", $dest); } //ホスト取得 $host = gethostbyaddr($_SERVER["REMOTE_ADDR"]); foreach ($badip as $value) { //拒絶host if (eregi("{$value}\$", $host)) { error("拒絶されました(host)", $dest); } } if (eregi("^mail", $host) || eregi("^ns", $host) || eregi("^dns", $host) || eregi("^ftp", $host) || eregi("^prox", $host) || eregi("^pc", $host) || eregi("^[^\\.]\\.[^\\.]\$", $host)) { $pxck = "on"; } if (eregi("ne\\.jp\$", $host) || eregi("ad\\.jp\$", $host) || eregi("bbtec\\.net\$", $host) || eregi("aol\\.com\$", $host) || eregi("uu\\.net\$", $host) || eregi("asahi-net\\.or\\.jp\$", $host) || eregi("rim\\.or\\.jp\$", $host)) { $pxck = "off"; } else { $pxck = "on"; } if ($pxck == "on" && PROXY_CHECK) { if (proxy_connect('80') == 1) { error("ERROR! 公開PROXY規制中!!(80)", $dest); } elseif (proxy_connect('8080') == 1) { error("ERROR! 公開PROXY規制中!!(8080)", $dest); } } // No.とパスと時間とURLフォーマット srand((double) microtime() * 1000000); if ($pwd == "") { if ($pwdc == "") { $pwd = rand(); $pwd = substr($pwd, 0, 8); } else { $pwd = $pwdc; } } $c_pass = $pwd; $pass = $pwd ? substr(md5($pwd), 2, 8) : "*"; $youbi = array('日', '月', '火', '水', '木', '金', '土'); $yd = $youbi[gmdate("w", $time + 9 * 60 * 60)]; $now = gmdate("y/m/d", $time + 9 * 60 * 60) . "(" . (string) $yd . ")" . gmdate("H:i", $time + 9 * 60 * 60); if (DISP_ID) { if ($email && DISP_ID == 1) { $now .= " ID:???"; } else { $now .= " ID:" . substr(crypt(md5($_SERVER["REMOTE_ADDR"] . IDSEED . gmdate("Ymd", $time + 9 * 60 * 60)), 'id'), -8); } } //テキスト整形 $email = CleanStr($email); $email = preg_replace("[\r\n]", "", $email); $sub = CleanStr($sub); $sub = preg_replace("[\r\n]", "", $sub); $url = CleanStr($url); $url = preg_replace("[\r\n]", "", $url); $resto = CleanStr($resto); $resto = preg_replace("[\r\n]", "", $resto); $com = CleanStr($com); // 改行文字の統一。 $com = str_replace("\r\n", "\n", $com); $com = str_replace("\r", "\n", $com); // 連続する空行を一行 $com = preg_replace("\n(( | )*\n){3,}", "\n", $com); if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) { $com = nl2br($com); //改行文字の前に<br>を代入する } $com = str_replace("\n", "", $com); //\nを文字列から消す。 $name = preg_replace("◆", "◇", $name); $name = preg_replace("[\r\n]", "", $name); $names = $name; $name = CleanStr($name); if (preg_match("(#|#)(.*)", $names, $regs)) { $cap = $regs[2]; $cap = strtr($cap, "&", "&"); $cap = strtr($cap, ",", ","); $name = preg_replace("(#|#)(.*)", "", $name); $salt = substr($cap . "H.", 1, 2); $salt = preg_replace("[^\\.-z]", ".", $salt); $salt = strtr($salt, ":;<=>?@[\\]^_`", "ABCDEFGabcdef"); $name .= "</b>◆" . substr(crypt($cap, $salt), -10) . "<b>"; } if (!$name) { $name = "名無し"; } if (!$com) { $com = "本文なし"; } if (!$sub) { $sub = "無題"; } //ログ読み込み $fp = fopen(LOGFILE, "r+"); flock($fp, 2); rewind($fp); $buf = fread($fp, 1000000); if ($buf == '') { error("error load log", $dest); } $line = explode("\n", $buf); $countline = count($line); for ($i = 0; $i < $countline; $i++) { if ($line[$i] != "") { list($artno, ) = explode(",", rtrim($line[$i])); //逆変換テーブル作成 $lineindex[$artno] = $i + 1; $line[$i] .= "\n"; } } // 二重投稿チェック $imax = count($line) > 20 ? 20 : count($line) - 1; for ($i = 0; $i < $imax; $i++) { list($lastno, , $lname, , , $lcom, , $lhost, $lpwd, , , , $ltime, ) = explode(",", $line[$i]); if (strlen($ltime) > 10) { $ltime = substr($ltime, 0, -3); } if ($host == $lhost || substr(md5($pwd), 2, 8) == $lpwd || substr(md5($pwdc), 2, 8) == $lpwd) { $pchk = 1; } else { $pchk = 0; } if (RENZOKU && $pchk && $time - $ltime < RENZOKU) { error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest); } if (RENZOKU && $pchk && $time - $ltime < RENZOKU2 && $upfile_name) { error("画像連続投稿はもうしばらく時間を置いてからお願い致します", $dest); } if (RENZOKU && $pchk && $com == $lcom && !$upfile_name) { error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest); } } // ログ行数オーバー if (count($line) >= LOG_MAX) { for ($d = count($line) - 1; $d >= LOG_MAX - 1; $d--) { list($dno, , , , , , , , , $dext, , , $dtime, ) = explode(",", $line[$d]); if (is_file($path . $dtime . $dext)) { unlink($path . $dtime . $dext); } if (is_file(THUMB_DIR . $dtime . 's.jpg')) { unlink(THUMB_DIR . $dtime . 's.jpg'); } $line[$d] = ""; treedel($dno); } } // アップロード処理 if ($dest && file_exists($dest)) { $imax = count($line) > 200 ? 200 : count($line) - 1; for ($i = 0; $i < $imax; $i++) { //画像重複チェック list(, , , , , , , , , $extp, , , $timep, $chkp, ) = explode(",", $line[$i]); if ($chkp == $chk && file_exists($path . $timep . $extp)) { error("アップロードに失敗しました<br>同じ画像があります", $dest); } } } list($lastno, ) = explode(",", $line[0]); $no = $lastno + 1; isset($ext) ? 0 : ($ext = ""); isset($W) ? 0 : ($W = ""); isset($H) ? 0 : ($H = ""); isset($chk) ? 0 : ($chk = ""); $newline = "{$no},{$now},{$name},{$email},{$sub},{$com},{$url},{$host},{$pass},{$ext},{$W},{$H},{$tim},{$chk},\n"; $newline .= implode('', $line); ftruncate($fp, 0); set_file_buffer($fp, 0); rewind($fp); fputs($fp, $newline); //ツリー更新 $find = false; $newline = ''; $tp = fopen(TREEFILE, "r+"); set_file_buffer($tp, 0); rewind($tp); $buf = fread($tp, 1000000); if ($buf == '') { error("error tree update", $dest); } $line = explode("\n", $buf); $countline = count($line); for ($i = 0; $i < $countline; $i++) { if ($line[$i] != "") { $line[$i] .= "\n"; $j = explode(",", rtrim($line[$i])); if ($lineindex[$j[0]] == 0) { $line[$i] = ''; } } } if ($resto) { for ($i = 0; $i < $countline; $i++) { $rtno = explode(",", rtrim($line[$i])); if ($rtno[0] == $resto) { $find = TRUE; $line[$i] = rtrim($line[$i]) . ',' . $no . "\n"; $j = explode(",", rtrim($line[$i])); if (count($j) > MAX_RES) { $email = 'sage'; } if (!stristr($email, 'sage')) { $newline = $line[$i]; $line[$i] = ''; } break; } } } if (!$find) { if (!$resto) { $newline = "{$no}\n"; } else { error("スレッドがありません", $dest); } } $newline .= implode('', $line); ftruncate($tp, 0); set_file_buffer($tp, 0); rewind($tp); fputs($tp, $newline); fclose($tp); fclose($fp); //クッキー保存 setcookie("pwdc", $c_pass, time() + 7 * 24 * 3600); /* 1週間で期限切れ */ if (function_exists("mb_internal_encoding") && function_exists("mb_convert_encoding") && function_exists("mb_substr")) { if (preg_match("MSIE|Opera", $_SERVER["HTTP_USER_AGENT"])) { $i = 0; $c_name = ''; mb_internal_encoding("SJIS"); while ($j = mb_substr($names, $i, 1)) { $j = mb_convert_encoding($j, "UTF-16", "SJIS"); $c_name .= "%u" . bin2hex($j); $i++; } header("Set-Cookie: namec={$c_name}; expires=" . gmdate("D, d-M-Y H:i:s", time() + 7 * 24 * 3600) . " GMT", false); } else { $c_name = $names; setcookie("namec", $c_name, time() + 7 * 24 * 3600); /* 1週間で期限切れ */ } } if ($dest && file_exists($dest)) { rename($dest, $path . $tim . $ext); if (USE_THUMB) { thumb($path, $tim, $ext); } } updatelog(); echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"1;URL=" . PHP_SELF2 . "\"></head>"; echo "<body>{$mes} 画面を切り替えます</body></html>"; }
function regist($name, $email, $sub, $com, $url, $pwd, $upfile, $upfile_name, $resto, $num) { global $path, $badstring, $badfile, $badip, $pwdc, $textonly, $auth; if ($pwd == PANEL_PASS) { $admin = $pwd; } if ($admin != PANEL_PASS || !valid()) { $admin = ''; } $mes = ""; if (valid('moderator')) { $moderator = 1; if (valid('admin')) { $moderator = 2; } if (valid('manager')) { $moderator = 3; } } if (isset($_POST['isSticky']) || isset($_POST['isLocked']) && valid('moderator')) { if (isset($_POST['isSticky'])) { $stickied = 1; } if (isset($_POST['isLocked'])) { $locked = 1; } } if (!$upfile && !$resto) { // allow textonly threads for moderators! if (valid('textonly')) { $textonly = 1; } } // time $time = time(); $tim = $time . substr(microtime(), 2, 3); // check closed $resto = (int) $resto; if ($resto) { if (!($cchk = mysql_call("select locked from " . SQLLOG . " where no=" . $resto))) { echo S_SQLFAIL; } list($locked) = mysql_fetch_row($cchk); if ($locked == 1 && !$admin) { error("You can't reply to this thread anymore.", $upfile); } mysql_free_result($cchk); } // upload processing $has_image = $upfile && file_exists($upfile); if ($has_image) { // check image limit if ($resto) { if (!($result = mysql_call("select COUNT(*) from " . SQLLOG . " where resto={$resto} and fsize!=0"))) { echo S_SQLFAIL; } $countimgres = mysql_result($result, 0, 0); if ($countimgres > MAX_IMGRES) { error("Max limit of " . MAX_IMGRES . " image replies has been reached.", $upfile); } mysql_free_result($result); } //upload processing $dest = tempnam(substr($path, 0, -1), "img"); //$dest = $path.$tim.'.tmp'; if (OEKAKI_BOARD == 1 && $_POST['oe_chk']) { rename($upfile, $dest); chmod($dest, 0644); if ($pchfile) { rename($pchfile, "{$dest}.pch"); } } else { move_uploaded_file($upfile, $dest); } clearstatcache(); // otherwise $dest looks like 0 bytes! $upfile_name = CleanStr($upfile_name); $fsize = filesize($dest); if (!is_file($dest)) { error(S_UPFAIL, $dest); } if (!$fsize || $fsize > MAX_KB * 1024) { error(S_TOOBIG, $dest); } // PDF processing if (ENABLE_PDF == 1 && strcasecmp('.pdf', substr($upfile_name, -4)) == 0) { $ext = '.pdf'; $W = $H = 1; $md5 = md5_of_file($dest); // run through ghostscript to check for validity if (pclose(popen("/usr/local/bin/gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=nullpage {$dest}", 'w'))) { error(S_UPFAIL, $dest); } } else { $size = getimagesize($dest); if (!is_array($size)) { error(S_NOREC, $dest); } $md5 = md5_of_file($dest); //chmod($dest,0666); $W = $size[0]; $H = $size[1]; switch ($size[2]) { case 1: $ext = ".gif"; break; case 2: $ext = ".jpg"; break; case 3: $ext = ".png"; break; case 4: $ext = ".swf"; error(S_UPFAIL, $dest); break; case 5: $ext = ".psd"; error(S_UPFAIL, $dest); break; case 6: $ext = ".bmp"; error(S_UPFAIL, $dest); break; case 7: $ext = ".tiff"; error(S_UPFAIL, $dest); break; case 8: $ext = ".tiff"; error(S_UPFAIL, $dest); break; case 9: $ext = ".jpc"; error(S_UPFAIL, $dest); break; case 10: $ext = ".jp2"; error(S_UPFAIL, $dest); break; case 11: $ext = ".jpx"; error(S_UPFAIL, $dest); break; case 13: $ext = ".swf"; error(S_UPFAIL, $dest); break; default: $ext = ".xxx"; error(S_UPFAIL, $dest); break; } if (GIF_ONLY == 1 && $size[2] != 1) { error(S_UPFAIL, $dest); } } // end processing -else // Picture reduction if (!$resto) { $maxw = MAX_W; $maxh = MAX_H; } else { $maxw = MAXR_W; $maxh = MAXR_H; } if (defined('MIN_W') && MIN_W > $W) { error(S_UPFAIL, $dest); } if (defined('MIN_H') && MIN_H > $H) { error(S_UPFAIL, $dest); } if (defined('MAX_DIMENSION')) { $maxdimension = MAX_DIMENSION; } else { $maxdimension = 5000; } if ($W > $maxdimension || $H > $maxdimension) { error(S_TOOBIGRES, $dest); } elseif ($W > $maxw || $H > $maxh) { $W2 = $maxw / $W; $H2 = $maxh / $H; $W2 < $H2 ? $key = $W2 : ($key = $H2); $W = ceil($W * $key); $H = ceil($H * $key); } $mes = $upfile_name . ' ' . S_UPGOOD; } if ($_FILES["upfile"]["error"] > 0) { if ($_FILES["upfile"]["error"] == UPLOAD_ERR_INI_SIZE) { error(S_TOOBIG, $dest); } if ($_FILES["upfile"]["error"] == UPLOAD_ERR_FORM_SIZE) { error(S_TOOBIG, $dest); } if ($_FILES["upfile"]["error"] == UPLOAD_ERR_PARTIAL) { error(S_UPFAIL, $dest); } if ($_FILES["upfile"]["error"] == UPLOAD_ERR_CANT_WRITE) { error(S_UPFAIL, $dest); } } if ($upfile_name && $_FILES["upfile"]["size"] == 0) { error(S_TOOBIGORNONE, $dest); } //The last result number $lastno = mysql_result(mysql_call("select max(no) from " . SQLLOG), 0, 0); // Number of log lines if (!($result = mysql_call("select no,ext,tim from " . SQLLOG . " where no<=" . ($lastno - LOG_MAX)))) { echo S_SQLFAIL; } else { while ($resrow = mysql_fetch_row($result)) { list($dno, $dext, $dtim) = $resrow; if (!mysql_query("delete from " . SQLLOG . " where no=" . $dno)) { echo S_SQLFAIL; } if ($dext) { if (is_file($path . $dtim . $dext)) { unlink($path . $dtim . $dext); } if (is_file(THUMB_DIR . $dtim . 's.jpg')) { unlink(THUMB_DIR . $dtim . 's.jpg'); } } } mysql_free_result($result); } $find = false; $resto = (int) $resto; if ($resto) { if (!($result = mysql_call("select * from " . SQLLOG . " where root>0 and no={$resto}"))) { echo S_SQLFAIL; } else { $find = mysql_fetch_row($result); mysql_free_result($result); } if (!$find) { error(S_NOTHREADERR, $dest); } } /* foreach ( $badstring as $value ) { if ( ereg( $value, $com ) || ereg( $value, $sub ) || ereg( $value, $name ) || ereg( $value, $email ) ) { error( S_STRREF, $dest ); } ; }*/ if ($_SERVER["REQUEST_METHOD"] != "POST") { error(S_UNJUST, $dest); } // Form content check if (!$name || ereg("^[ | |]*\$", $name)) { $name = ""; } if (!$com || ereg("^[ | |\t]*\$", $com)) { $com = ""; } if (!$sub || ereg("^[ | |]*\$", $sub)) { $sub = ""; } if (!$resto && !$textonly && !is_file($dest)) { error(S_NOPIC, $dest); } if (!$com && !is_file($dest)) { error(S_NOTEXT, $dest); } $name = ereg_replace(S_MANAGEMENT, "\"" . S_MANAGEMENT . "\"", $name); $name = ereg_replace(S_DELETION, "\"" . S_DELETION . "\"", $name); if (strlen($com) > S_POSTLENGTH) { error(S_TOOLONG, $dest); } if (strlen($name) > 100) { error(S_TOOLONG, $dest); } if (strlen($email) > 100) { error(S_TOOLONG, $dest); } if (strlen($sub) > 100) { error(S_TOOLONG, $dest); } if (strlen($resto) > 10) { error(S_UNUSUAL, $dest); } if (strlen($url) > 10) { error(S_UNUSUAL, $dest); } //host check $host = $_SERVER["REMOTE_ADDR"]; $badip = mysql_call("SELECT ip FROM " . SQLBANLOG . " WHERE ip = '{$host}' and banlength <> 0 "); if ($moderator) { $host = '###.###.###.###'; } // Don't store mod/admin ips $query = mysql_query("SELECT * FROM " . SQLLOG . " WHERE no=" . $resto); $result = mysql_fetch_assoc($query); if ($result["locked"] == '1') { error(S_THREADLOCKED, $dest); } //Check if user IP is in bans table if (mysql_num_rows($badip) == 0) { // Not Banned } else { //NOW YOU F****D UP error(S_BADHOST, $dest); } if (eregi("^mail", $host) || eregi("^ns", $host) || eregi("^dns", $host) || eregi("^ftp", $host) || eregi("^prox", $host) || eregi("^pc", $host) || eregi("^[^\\.]\\.[^\\.]\$", $host)) { $pxck = "on"; } if (eregi("ne\\.jp\$", $host) || eregi("ad\\.jp\$", $host) || eregi("bbtec\\.net\$", $host) || eregi("aol\\.com\$", $host) || eregi("uu\\.net\$", $host) || eregi("asahi-net\\.or\\.jp\$", $host) || eregi("rim\\.or\\.jp\$", $host)) { $pxck = "off"; } else { $pxck = "on"; } if ($pxck == "on" && PROXY_CHECK) { if (proxy_connect('80') == 1) { error(S_PROXY80, $dest); } elseif (proxy_connect('8080') == 1) { error(S_PROXY8080, $dest); } } // No, path, time, and url format srand((double) microtime() * 1000000); if ($pwd == "") { if ($pwdc == "") { $pwd = rand(); $pwd = substr($pwd, 0, 8); } else { $pwd = $pwdc; } } $c_pass = $pwd; $pass = $pwd ? substr(md5($pwd), 2, 8) : "*"; $youbi = array(S_SUN, S_MON, S_TUE, S_WED, S_THU, S_FRI, S_SAT); $yd = $youbi[date("w", $time)]; if (SHOW_SECONDS == 1) { $now = date("m/d/y", $time) . "(" . (string) $yd . ")" . date("H:i:s", $time); } else { $now = date("m/d/y", $time) . "(" . (string) $yd . ")" . date("H:i", $time); } if (DISP_ID) { if ($email && DISP_ID == 1) { $now .= " ID:???"; } else { $now .= " ID:" . substr(crypt(md5($_SERVER["REMOTE_ADDR"] . 'id' . date("Ymd", $time)), 'id'), +3); } } $c_name = $name; $c_email = $email; //Text plastic surgery (rorororor) $email = CleanStr($email); $email = ereg_replace("[\r\n]", "", $email); $sub = CleanStr($sub); $sub = ereg_replace("[\r\n]", "", $sub); $url = CleanStr($url); $url = ereg_replace("[\r\n]", "", $url); $resto = CleanStr($resto); $resto = ereg_replace("[\r\n]", "", $resto); $com = CleanStr($com, 1); if (SPOILERS == 1 && $spoiler) { $sub = "SPOILER<>{$sub}"; } // Standardize new character lines $com = str_replace("\r\n", "\n", $com); $com = str_replace("\r", "\n", $com); //$com = preg_replace("/\A([0-9A-Za-z]{10})+\Z/", "!s8AAL8z!", $com); // Continuous lines $com = ereg_replace("\n(( | )*\n){3,}", "\n", $com); if (!$admin && substr_count($com, "\n") > MAX_LINES) { error("Error: Too many lines.", $dest); } $com = nl2br($com); //br is substituted before newline char $com = str_replace("\n", "", $com); //\n is erased // Continuous lines $com = ereg_replace("\n(( | )*\n){3,}", "\n", $com); if (!$admin && substr_count($com, "\n") > MAX_LINES) { error("Error: Too many lines.", $dest); } $name = ereg_replace("[\r\n]", "", $name); $names = iconv("UTF-8", "CP932//IGNORE", $name); // convert to Windows Japanese #kami //start new tripcode crap list($name) = explode("#", $name); $name = CleanStr($name); if (preg_match("/\\#+\$/", $names)) { $names = preg_replace("/\\#+\$/", "", $names); } if (preg_match("/\\#/", $names)) { $names = str_replace("&#", "&&", htmlspecialchars($names)); # otherwise HTML numeric entities screw up explode()! list($nametemp, $trip, $sectrip) = str_replace("&&", "&#", explode("#", $names, 3)); $names = $nametemp; $name .= "</span>"; if ($trip != "") { if (FORTUNE_TRIP == 1 && $trip == "fortune") { $fortunes = array("Bad Luck", "Average Luck", "Good Luck", "Excellent Luck", "Reply hazy, try again", "Godly Luck", "Very Bad Luck", "Outlook good", "Better not tell you now", "You will meet a dark handsome stranger", "キタ━━━━━━(゚∀゚)━━━━━━ !!!!", "( ´_ゝ`)フーン ", "Good news will come to you by mail", "Hope you're insured", "Great things await", "Don't leave the house today."); $fortunenum = rand(0, sizeof($fortunes) - 1); $fortcol = "#" . sprintf("%02x%02x%02x", 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes)), 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes) + 2 / 3 * M_PI), 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes) + 4 / 3 * M_PI)); $com = "<font color={$fortcol}><b>Your fortune: " . $fortunes[$fortunenum] . "</b></font><br /><br />" . $com; $trip = ""; if ($sectrip == "") { if ($name == "</span>" && $sectrip == "") { $name = S_ANONAME; } else { $name = str_replace("</span>", "", $name); } } } else { if ($trip == "fortune") { //remove fortune even if FORTUNE_TRIP is off $trip = ""; if ($sectrip == "") { if ($name == "</span>" && $sectrip == "") { $name = S_ANONAME; } else { $name = str_replace("</span>", "", $name); } } } else { $salt = strtr(preg_replace("/[^\\.-z]/", ".", substr($trip . "H.", 1, 2)), ":;<=>?@[\\]^_`", "ABCDEFGabcdef"); $trip = substr(crypt($trip, $salt), -10); $name .= " <span class=\"postertrip\">!" . $trip; } } } if ($sectrip != "") { $salt = "LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOL"; #this is ONLY used if the host doesn't have openssl #I don't know a better way to get random data if (file_exists(SALTFILE)) { #already generated a key $salt = file_get_contents(SALTFILE); } else { system("openssl rand 448 > '" . SALTFILE . "'", $err); if ($err === 0) { chmod(SALTFILE, 0400); $salt = file_get_contents(SALTFILE); } } $sha = base64_encode(pack("H*", sha1($sectrip . $salt))); $sha = substr($sha, 0, 11); if ($trip == "") { $name .= " <span class=\"postertrip\" text-color=#117743>"; } $name .= "!!" . $sha; } } if ($email == 'noko') { $noko = 1; $email = ''; } else { if ($email == 'nokosage') { $noko = 1; $email = 'sage'; } } if ($moderator) { if ($moderator == 1 && isset($_POST['showCap'])) { $name = '<b><font color="770099">Anonymous ## Mod </font></b>'; } if ($moderator == 2 && isset($_POST['showCap'])) { $name = '<b><font color="FF101A">Anonymous ## Admin </font></b>'; } if ($moderator == 3 && isset($_POST['showCap'])) { $name = '<b><font color="2E2EFE">Anonymous ## Manager </font></b>'; } } if (!$name) { $name = S_ANONAME; } if (!$com) { $com = S_ANOTEXT; } if (!$sub) { $sub = S_ANOTITLE; } if (FORCED_ANON == 1) { $name = "</span>{$now}<span>"; $sub = ''; $now = ''; } $com = wordwrap2($com, 100, "<br />"); $com = preg_replace("!(^|>)(>[^<]*)!", "\\1<font class=\"unkfunc\">\\2</font>", $com); $is_sage = stripos($email, "sage") !== FALSE; $may_flood = valid('floodbypass'); if (!$may_flood) { if ($com) { // Check for duplicate comments $query = "select count(no)>0 from " . SQLLOG . " where com='" . mysql_real_escape_string($com) . "' " . "and host='" . mysql_real_escape_string($host) . "' " . "and time>" . ($time - RENZOKU_DUPE); $result = mysql_call($query); if (mysql_result($result, 0, 0)) { error(S_RENZOKU, $dest); } mysql_free_result($result); } if (!$has_image) { // Check for flood limit on replies $query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0"; $result = mysql_call($query); if (mysql_result($result, 0, 0)) { error(S_RENZOKU, $dest); } mysql_free_result($result); } if ($is_sage) { // Check flood limit on sage posts $query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU_SAGE) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0 and permasage=1"; $result = mysql_call($query); if (mysql_result($result, 0, 0)) { error(S_RENZOKU, $dest); } mysql_free_result($result); } if (!$resto) { // Check flood limit on new threads $query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU3) . " " . "and host='" . mysql_real_escape_string($host) . "' and root>0"; //root>0 == non-sticky $result = mysql_call($query); if (mysql_result($result, 0, 0)) { error(S_RENZOKU3, $dest); } mysql_free_result($result); } } // Upload processing if ($has_image) { if (!$may_flood) { $query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU2) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0"; $result = mysql_call($query); if (mysql_result($result, 0, 0)) { error(S_RENZOKU2, $dest); } mysql_free_result($result); } //Duplicate image check if (DUPE_CHECK) { $result = mysql_call("select no,resto from " . SQLLOG . " where md5='{$md5}'"); if (mysql_num_rows($result)) { list($dupeno, $duperesto) = mysql_fetch_row($result); if (!$duperesto) { $duperesto = $dupeno; } error('<a href="' . DATA_SERVER . BOARD_DIR . "/res/" . $duperesto . PHP_EXT . '#' . $dupeno . '">' . S_DUPE . '</a>', $dest); } mysql_free_result($result); } } $rootqu = $resto ? "0" : "now()"; if ($stickied) { $rootqu = '20270727070707'; } //Bump processing if ($resto) { //sage or age action $resline = mysql_call("select count(no) from " . SQLLOG . " where resto=" . $resto); $countres = mysql_result($resline, 0, 0); mysql_free_result($resline); $resline = mysql_call("select sticky,permasage from " . SQLLOG . " where no=" . $resto); list($sticky, $permasage) = mysql_fetch_row($resline); mysql_free_result($resline); if (stripos($email, 'sage') === FALSE && $countres < MAX_RES && $sticky != "1" && $permasage != "1" || $admin && $age && $sticky != "1") { $query = "update " . SQLLOG . " set root=now() where no={$resto}"; //age mysql_call($query); } } //Main insert $query = "insert into " . SQLLOG . " (now,name,email,sub,com,host,pwd,ext,w,h,tim,time,md5,fsize,fname,sticky,permasage,locked,root,resto) values (" . "'" . $now . "'," . "'" . mysql_real_escape_string($name) . "'," . "'" . mysql_real_escape_string($email) . "'," . "'" . mysql_real_escape_string($sub) . "'," . "'" . mysql_real_escape_string($com) . "'," . "'" . mysql_real_escape_string($host) . "'," . "'" . mysql_real_escape_string($pass) . "'," . "'" . $ext . "'," . (int) $W . "," . (int) $H . "," . "'" . $tim . "'," . (int) $time . "," . "'" . $md5 . "'," . (int) $fsize . "," . "'" . mysql_real_escape_string($upfile_name) . "'," . (int) $stickied . "," . (int) $permasage . "," . (int) $locked . "," . $rootqu . "," . (int) mysql_real_escape_string($resto) . ")"; if (!($result = mysql_call($query))) { echo S_SQLFAIL; } //post registration $cookie_domain = '.' . SITE_ROOT . ''; //Cookies setrawcookie("" . SITE_ROOT . "_name", rawurlencode($c_name), time() + ($c_name ? 7 * 24 * 3600 : -3600), '/', $cookie_domain); if ($c_email != "sage" && $c_email != "age") { setcookie("" . SITE_ROOT . "_email", $c_email, time() + ($c_email ? 7 * 24 * 3600 : -3600), '/', $cookie_domain); // 1 week cookie expiration } setcookie("" . SITE_ROOT . "_pass", $c_pass, time() + 7 * 24 * 3600, '/', $cookie_domain); // 1 week cookie expiration if (!$resto) { prune_old(); } // thumbnail if ($has_image) { rename($dest, $path . $tim . $ext); if (USE_THUMB) { $tn_name = thumb($path, $tim, $ext, $resto); if (!$tn_name && $ext != ".pdf") { error(S_UNUSUAL); } } } $static_rebuild = defined("STATIC_REBUILD") && STATIC_REBUILD == 1; //Finding the last entry number if (!($result = mysql_call("select max(no) from " . SQLLOG))) { echo S_SQLFAIL; } $hacky = mysql_fetch_array($result); $insertid = (int) $hacky[0]; mysql_free_result($result); $deferred = false; // update html if ($resto) { $deferred = updatelog($resto, $static_rebuild); } else { $deferred = updatelog($insertid, $static_rebuild); } if ($noko && !$resto) { $redirect = DATA_SERVER . BOARD_DIR . "/res/" . $insertid . PHP_EXT; } else { if ($noko == 1) { $redirect = DATA_SERVER . BOARD_DIR . "/res/" . $resto . PHP_EXT . '#' . $insertid; } else { $redirect = PHP_SELF2_ABS; } } if ($deferred) { echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"2;URL={$redirect}\"></head>"; echo "<body>{$mes} " . S_SCRCHANGE . "<br>Your post may not appear immediately.<!-- thread:{$resto},no:{$insertid} --></body></html>"; } else { echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"1;URL={$redirect}\"></head>"; echo "<body>{$mes} " . S_SCRCHANGE . "<!-- thread:{$resto},no:{$insertid} --></body></html>"; } }