function ModulePage()
{
global $PIO;
if (!isset($_GET['res'])) {
if (!file_exists('./.userrepair') || isset($_GET['force'])) {
touch('./.userrepair');
$PIO->dbMaintanence('repair', $PIO->dbMaintanence('repair'));
updatelog();
// 重導向到靜態快取
unlink('./.userrepair');
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
} else {
error('已經有其他人在修復中。<p>[<a href="' . $this->SELF . '&force=1">強制執行</a>]</p>');
}
} else {
if (!file_exists('./.userrepair') || isset($_GET['force'])) {
touch('./.userrepair');
$no = intval($_GET['res']);
deleteCache(array($no));
unlink('./.userrepair');
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF . '?res=' . $no);
} else {
error('已經有其他人在修復中。<p>[<a href="' . $this->SELF . '&res=' . $_GET['res'] . '&force=1">強制執行</a>]</p>');
}
}
}
function ModulePage()
{
global $PIO, $PTE;
if (isset($_GET['action'])) {
// 標籤雲
require './module/wordcloud.class.php';
$pte_vals = array('{$TITLE}' => TITLE, '{$RESTO}' => '');
$dat = $PTE->ParseBlock('HEADER', $pte_vals);
$dat .= '<style type="text/css">
.word { padding: 4px 4px 4px 4px; letter-spacing: 3px; text-decoration: none; font-weight: normal; }
.size9 { color: #000 !important; font-size: 200%; }
.size8 { color: #111 !important; font-size: 170%; }
.size7 { color: #222 !important; font-size: 150%; }
.size6 { color: #333 !important; font-size: 120%; }
.size5 { color: #444 !important; font-size: 110%; }
.size4 { color: #555 !important; font-size: 100%; }
.size3 { color: #666 !important; font-size: 90%; }
.size2 { color: #777 !important; font-size: 80%; }
.size1 { color: #888 !important; font-size: 70%; }
.size0 { color: #999 !important; font-size: 60%; }
</style>
</head>
<body id="main">';
$p = $PIO->fetchPosts($PIO->fetchPostList());
$cloud = new wordCloud();
foreach ($p as $pp) {
if ($pp['category']) {
$pp['category'] = substr(str_replace(array(',', ','), ' ', $pp['category']), 1, -1);
$cloud->addString($pp['category']);
}
}
$myCloud = $cloud->showCloud('array');
if (is_array($myCloud)) {
foreach ($myCloud as $key => $value) {
$dat .= '<a href="./pixmicat.php?mode=category&c=' . urlencode($value['word']) . '" class="word size' . $value['range'] . '">' . $value['word'] . '</a>' . "\n";
}
}
echo $dat . "</body></html>";
return;
}
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (!isset($_POST['tag'])) {
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$pte_vals = array('{$TITLE}' => TITLE, '{$RESTO}' => '');
$dat = $PTE->ParseBlock('HEADER', $pte_vals);
$dat .= '</head><body id="main">';
$dat .= '<form action="' . $this->mypage . '&no=' . $_GET['no'] . '" method="POST">Tag: <input type="text" name="tag" value="' . htmlentities(substr(str_replace(',', ',', $post[0]['category']), 1, -1), ENT_QUOTES, 'UTF-8') . '" size="28" /><input type="submit" name="submit" value="Tag!" /></form>';
echo $dat . "</body></html>";
} else {
$Tag = CleanStr($_POST['tag']);
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
$post = $PIO->fetchPosts($_GET['no']);
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
if (!count($post)) {
die('[Error] Post does not exist.');
}
if (USE_CATEGORY && $Tag) {
// 修整標籤樣式
$ss = method_exists($PIO, '_replaceComma') ? ',' : ',';
// Dirty implement
$category = explode(',', $Tag);
// 把標籤拆成陣列
$category = $ss . implode($ss, array_map('trim', $category)) . $ss;
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
$PIO->updatePost($_GET['no'], array('category' => $category));
$PIO->dbCommit();
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
updatelog(0, $threadPage, true);
}
// 僅更新討論串出現那頁
deleteCache(array($parentNo));
// 刪除討論串舊快取
if (isset($_POST['ajaxmode'])) {
echo $Tag;
} else {
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
}
function regist()
{
global $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR, $THUMB_SETTING;
$PIO = PMCLibrary::getPIOInstance();
$FileIO = PMCLibrary::getFileIOInstance();
$PMS = PMCLibrary::getPMSInstance();
$dest = '';
$mes = '';
$up_incomplete = 0;
$is_admin = false;
$delta_totalsize = 0;
// 總檔案大小的更動值
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
error(_T('regist_nospam'));
}
$name = isset($_POST[FT_NAME]) ? CleanStr($_POST[FT_NAME]) : '';
$email = isset($_POST[FT_EMAIL]) ? CleanStr($_POST[FT_EMAIL]) : '';
$sub = isset($_POST[FT_SUBJECT]) ? CleanStr($_POST[FT_SUBJECT]) : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? CleanStr($_POST['category']) : '';
$resto = isset($_POST['resto']) ? intval($_POST['resto']) : 0;
$upfile = isset($_FILES['upfile']['tmp_name']) ? $_FILES['upfile']['tmp_name'] : '';
$upfile_path = isset($_POST['upfile_path']) ? $_POST['upfile_path'] : '';
$upfile_name = isset($_FILES['upfile']['name']) ? $_FILES['upfile']['name'] : false;
$upfile_status = isset($_FILES['upfile']['error']) ? $_FILES['upfile']['error'] : 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
$PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host), $resto));
// "RegistBegin" Hook Point
// 封鎖:IP/Hostname/DNSBL 檢查機能
$baninfo = '';
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
error(_T('regist_ipfiltered', $baninfo));
}
// 封鎖:限制出現之文字
foreach ($BAD_STRING as $value) {
if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
error(_T('regist_wordfiltered'));
}
}
// 檢查是否輸入櫻花日文假名
foreach (array($name, $email, $sub, $com) as $anti) {
if (anti_sakura($anti)) {
error(_T('regist_sakuradetected'));
}
}
// 時間
$time = time();
$tim = $time . substr(microtime(), 2, 3);
// 判斷上傳狀態
switch ($upfile_status) {
case 1:
error(_T('regist_upload_exceedphp'));
break;
case 2:
error(_T('regist_upload_exceedcustom'));
break;
case 3:
error(_T('regist_upload_incompelete'));
break;
case 6:
error(_T('regist_upload_direrror'));
break;
case 4:
// 無上傳
if (!$resto && !isset($_POST['noimg'])) {
error(_T('regist_upload_noimg'));
}
break;
case 0:
// 上傳正常
// 上傳正常
default:
}
// 如果有上傳檔案則處理附加圖檔
if ($upfile && (@is_uploaded_file($upfile) || @is_file($upfile))) {
// 一‧先儲存檔案
$dest = STORAGE_PATH . $tim . '.tmp';
@move_uploaded_file($upfile, $dest) or @copy($upfile, $dest);
@chmod($dest, 0666);
if (!is_file($dest)) {
error(_T('regist_upload_filenotfound'), $dest);
}
// 二‧判斷上傳附加圖檔途中是否有中斷
$upsizeTTL = $_SERVER['CONTENT_LENGTH'];
if (isset($_FILES['upfile'])) {
// 有傳輸資料才需要計算,避免作白工
$upsizeHDR = 0;
// 檔案路徑:IE附完整路徑,故得從隱藏表單取得
$tmp_upfile_path = $upfile_name;
if ($upfile_path) {
$tmp_upfile_path = get_magic_quotes_gpc() ? stripslashes($upfile_path) : $upfile_path;
}
list(, $boundary) = explode('=', $_SERVER['CONTENT_TYPE']);
foreach ($_POST as $header => $value) {
// 表單欄位傳送資料
$upsizeHDR += strlen('--' . $boundary . "\r\n");
$upsizeHDR += strlen('Content-Disposition: form-data; name="' . $header . '"' . "\r\n\r\n" . (get_magic_quotes_gpc() ? stripslashes($value) : $value) . "\r\n");
}
// 附加圖檔欄位傳送資料
$upsizeHDR += strlen('--' . $boundary . "\r\n");
$upsizeHDR += strlen('Content-Disposition: form-data; name="upfile"; filename="' . $tmp_upfile_path . "\"\r\n" . 'Content-Type: ' . $_FILES['upfile']['type'] . "\r\n\r\n");
$upsizeHDR += strlen("\r\n--" . $boundary . "--\r\n");
$upsizeHDR += $_FILES['upfile']['size'];
// 傳送附加圖檔資料量
// 上傳位元組差值超過 HTTP_UPLOAD_DIFF:上傳附加圖檔不完全
if ($upsizeTTL - $upsizeHDR > HTTP_UPLOAD_DIFF) {
if (KILL_INCOMPLETE_UPLOAD) {
unlink($dest);
die(_T('regist_upload_killincomp'));
// 給瀏覽器的提示,假如使用者還看的到的話才不會納悶
} else {
$up_incomplete = 1;
}
}
}
// 三‧檢查是否為可接受的檔案
$size = @getimagesize($dest);
if (!is_array($size)) {
error(_T('regist_upload_notimage'), $dest);
}
// $size不為陣列就不是圖檔
$imgsize = @filesize($dest);
// 檔案大小
$imgsize = $imgsize >= 1024 ? (int) ($imgsize / 1024) . ' KB' : $imgsize . ' B';
// KB和B的判別
switch ($size[2]) {
// 判斷上傳附加圖檔之格式
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
case 4:
$ext = ".swf";
break;
case 5:
$ext = ".psd";
break;
case 6:
$ext = ".bmp";
break;
case 13:
$ext = ".swf";
break;
default:
$ext = ".xxx";
error(_T('regist_upload_notsupport'), $dest);
}
$allow_exts = explode('|', strtolower(ALLOW_UPLOAD_EXT));
// 接受之附加圖檔副檔名
if (array_search(substr($ext, 1), $allow_exts) === false) {
error(_T('regist_upload_notsupport'), $dest);
}
// 並無在接受副檔名之列
// 封鎖設定:限制上傳附加圖檔之MD5檢查碼
$md5chksum = md5_file($dest);
// 檔案MD5
if (array_search($md5chksum, $BAD_FILEMD5) !== FALSE) {
error(_T('regist_upload_blocked'), $dest);
}
// 在封鎖設定內則阻擋
// 四‧計算附加圖檔圖檔縮圖顯示尺寸
$W = $imgW = $size[0];
$H = $imgH = $size[1];
$MAXW = $resto ? MAX_RW : MAX_W;
$MAXH = $resto ? MAX_RH : MAX_H;
if ($W > $MAXW || $H > $MAXH) {
$W2 = $MAXW / $W;
$H2 = $MAXH / $H;
$key = $W2 < $H2 ? $W2 : $H2;
$W = ceil($W * $key);
$H = ceil($H * $key);
}
$mes = _T('regist_uploaded', CleanStr($upfile_name));
}
// 檢查表單欄位內容並修整
if (strlenUnicode($name) > INPUT_MAX) {
error(_T('regist_nametoolong'), $dest);
}
if (strlenUnicode($email) > INPUT_MAX) {
error(_T('regist_emailtoolong'), $dest);
}
if (strlenUnicode($sub) > INPUT_MAX) {
error(_T('regist_topictoolong'), $dest);
}
if (strlenUnicode($resto) > INPUT_MAX) {
error(_T('regist_longthreadnum'), $dest);
}
// E-mail / 標題修整
$email = str_replace("\r\n", '', $email);
$sub = str_replace("\r\n", '', $sub);
// 名稱修整
$name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
// 防止トリップ偽造
$name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
// 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$nameOri = $name;
// 名稱
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
// トリップ(Trip)機能
$name = $nameOri = $regs[1];
$cap = strtr($regs[2], array('&' => '&'));
$salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
$salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
// 管理員キャップ(Cap)機能
$acap_name = $nameOri;
$acap_pwd = strtr($aregs[2], array('&' => '&'));
if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
$name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
$is_admin = true;
$email = $aregs[1];
// 去除 #xx 密碼
}
}
if (!$is_admin) {
// 非管理員
$name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
$name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
}
$name = str_replace('&' . _T('trip_pre'), '&' . _T('trip_pre'), $name);
// 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
// 內文修整
if (strlenUnicode($com) > COMM_MAX && !$is_admin) {
error(_T('regist_commenttoolong'), $dest);
}
$com = CleanStr($com, $is_admin);
// 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
if (!$com && $upfile_status == 4) {
error(_T('regist_withoutcomment'));
}
$com = str_replace(array("\r\n", "\r"), "\n", $com);
$com = preg_replace("/\n(( | )*\n){3,}/", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
}
// 換行字元用<br />代替
$com = str_replace("\n", '', $com);
// 若還有\n換行字元則取消換行
// 預設的內容
if (!$name || preg_match("/^[ | |]*\$/", $name)) {
if (ALLOW_NONAME) {
$name = DEFAULT_NONAME;
} else {
error(_T('regist_withoutname'), $dest);
}
}
if (!$sub || preg_match("/^[ | |]*\$/", $sub)) {
$sub = DEFAULT_NOTITLE;
}
if (!$com || preg_match("/^[ | |\t]*\$/", $com)) {
$com = DEFAULT_NOCOMMENT;
}
// 修整標籤樣式
if ($category && USE_CATEGORY) {
$category = explode(',', $category);
// 把標籤拆成陣列
$category = ',' . implode(',', array_map('trim', $category)) . ',';
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
if ($up_incomplete) {
$com .= '<br /><br /><span class="warn_txt">' . _T('notice_incompletefile') . '</span>';
}
// 上傳附加圖檔不完全的提示
// 密碼和時間的樣式
if ($pwd == '') {
$pwd = $pwdc == '' ? substr(rand(), 0, 8) : $pwdc;
}
$pass = $pwd ? substr(md5($pwd), 2, 8) : '*';
// 生成真正儲存判斷用的密碼
$youbi = array(_T('sun'), _T('mon'), _T('tue'), _T('wed'), _T('thu'), _T('fri'), _T('sat'));
$yd = $youbi[gmdate('w', $time + TIME_ZONE * 60 * 60)];
$now = gmdate('y/m/d', $time + TIME_ZONE * 60 * 60) . '(' . (string) $yd . ')' . gmdate('H:i', $time + TIME_ZONE * 60 * 60);
if (DISP_ID) {
// 顯示ID
if ($email && DISP_ID == 1) {
$now .= ' ID:???';
} else {
$now .= ' ID:' . substr(crypt(md5(getREMOTE_ADDR() . IDSEED . gmdate('Ymd', $time + TIME_ZONE * 60 * 60)), 'id'), -8);
}
}
// 連續投稿 / 相同附加圖檔檢查
$checkcount = 50;
// 預設檢查50筆資料
$pwdc = substr(md5($pwdc), 2, 8);
// Cookies密碼
if ($PIO->isSuccessivePost($checkcount, $com, $time, $pass, $pwdc, $host, $upfile_name)) {
error(_T('regist_successivepost'), $dest);
}
// 連續投稿檢查
if ($dest) {
if ($PIO->isDuplicateAttachment($checkcount, $md5chksum)) {
error(_T('regist_duplicatefile'), $dest);
}
}
// 相同附加圖檔檢查
if ($resto) {
$ThreadExistsBefore = $PIO->isThread($resto);
}
// 舊文章刪除處理
if (PIOSensor::check('delete', $LIMIT_SENSOR)) {
$delarr = PIOSensor::listee('delete', $LIMIT_SENSOR);
if (count($delarr)) {
deleteCache($delarr);
$PMS->useModuleMethods('PostOnDeletion', array($delarr, 'recycle'));
// "PostOnDeletion" Hook Point
$files = $PIO->removePosts($delarr);
if (count($files)) {
$delta_totalsize -= $FileIO->deleteImage($files);
}
// 更新 delta 值
}
}
// 附加圖檔容量限制功能啟動:刪除過大檔
if (STORAGE_LIMIT && STORAGE_MAX > 0) {
$tmp_total_size = $FileIO->getCurrentStorageSize();
// 取得目前附加圖檔使用量
if ($tmp_total_size > STORAGE_MAX) {
$files = $PIO->delOldAttachments($tmp_total_size, STORAGE_MAX, false);
$delta_totalsize -= $FileIO->deleteImage($files);
}
}
// 判斷欲回應的文章是不是剛剛被刪掉了
if ($resto) {
if ($ThreadExistsBefore) {
// 欲回應的討論串是否存在
if (!$PIO->isThread($resto)) {
// 被回應的討論串存在但已被刪
// 提前更新資料來源,此筆新增亦不紀錄
$PIO->dbCommit();
updatelog();
error(_T('regist_threaddeleted'), $dest);
} else {
// 檢查是否討論串被設為禁止回應 (順便取出原討論串的貼文時間)
$post = $PIO->fetchPosts($resto);
// [特殊] 取單篇文章內容,但是回傳的$post同樣靠[$i]切換文章!
list($chkstatus, $chktime) = array($post[0]['status'], $post[0]['tim']);
$chktime = substr($chktime, 0, -3);
// 拿掉微秒 (後面三個字元)
$flgh = $PIO->getPostStatus($chkstatus);
if ($flgh->exists('TS')) {
error(_T('regist_threadlocked'), $dest);
}
}
} else {
error(_T('thread_not_found'), $dest);
}
// 不存在
}
// 計算某些欄位值
$no = $PIO->getLastPostNo('beforeCommit') + 1;
isset($ext) ? 0 : ($ext = '');
isset($imgW) ? 0 : ($imgW = 0);
isset($imgH) ? 0 : ($imgH = 0);
isset($imgsize) ? 0 : ($imgsize = '');
isset($W) ? 0 : ($W = 0);
isset($H) ? 0 : ($H = 0);
isset($md5chksum) ? 0 : ($md5chksum = '');
$age = false;
$status = '';
if ($resto) {
if (!stristr($email, 'sage') && ($PIO->postCount($resto) <= MAX_RES || MAX_RES == 0)) {
if (!MAX_AGE_TIME || $time - $chktime < MAX_AGE_TIME * 60 * 60) {
$age = true;
}
// 討論串並無過期,推文
}
}
$PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
// "RegistBeforeCommit" Hook Point
// 正式寫入儲存
$PIO->addPost($no, $resto, $md5chksum, $category, $tim, $ext, $imgW, $imgH, $imgsize, $W, $H, $pass, $now, $name, $email, $sub, $com, $host, $age, $status);
$PIO->dbCommit();
$lastno = $PIO->getLastPostNo('afterCommit');
// 取得此新文章編號
$PMS->useModuleMethods('RegistAfterCommit', array($lastno, $resto, $name, $email, $sub, $com));
// "RegistAfterCommit" Hook Point
// Cookies儲存:密碼與E-mail部分,期限是一週
setcookie('pwdc', $pwd, time() + 7 * 24 * 3600);
setcookie('emailc', $email, time() + 7 * 24 * 3600);
if ($dest && is_file($dest)) {
$destFile = IMG_DIR . $tim . $ext;
// 圖檔儲存位置
$thumbFile = THUMB_DIR . $tim . 's.' . $THUMB_SETTING['Format'];
// 預覽圖儲存位置
if (USE_THUMB !== 0) {
// 生成預覽圖
$thumbType = USE_THUMB;
if (USE_THUMB == 1) {
$thumbType = 'gd';
}
// 與舊設定相容
require ROOTPATH . 'lib/thumb/thumb.' . $thumbType . '.php';
$thObj = new ThumbWrapper($dest, $imgW, $imgH);
$thObj->setThumbnailConfig($W, $H, $THUMB_SETTING);
$thObj->makeThumbnailtoFile($thumbFile);
@chmod($thumbFile, 0666);
unset($thObj);
}
rename($dest, $destFile);
if (file_exists($destFile)) {
$FileIO->uploadImage($tim . $ext, $destFile, filesize($destFile));
$delta_totalsize += filesize($destFile);
}
if (file_exists($thumbFile)) {
$FileIO->uploadImage($tim . 's.' . $THUMB_SETTING['Format'], $thumbFile, filesize($thumbFile));
$delta_totalsize += filesize($thumbFile);
}
}
// delta != 0 表示總檔案大小有更動,須更新快取
if ($delta_totalsize != 0) {
$FileIO->updateStorageSize($delta_totalsize);
}
updatelog();
// 引導使用者至新頁面
$RedirURL = PHP_SELF2 . '?' . $tim;
// 定義儲存資料後轉址目標
if (isset($_POST['up_series'])) {
// 勾選連貼機能
if ($resto) {
$RedirURL = PHP_SELF . '?res=' . $resto . '&upseries=1';
} else {
$RedirURL = PHP_SELF . '?res=' . $lastno . '&upseries=1';
// 新增主題後繼續轉到此主題下
}
}
$RedirforJS = strtr($RedirURL, array("&" => "&"));
// JavaScript用轉址目標
echo <<<_REDIR_
<!DOCTYPE html>
<html lang="zh-TW">
<head>
<meta charset="utf-8">
<title></title>
<meta http-equiv="Refresh" content="1;URL={$RedirURL}" />
<script type="text/javascript">
// Redirection (use JS)
// <![CDATA[
function redir(){
\tlocation.href = "{$RedirforJS}";
}
setTimeout("redir()", 1000);
// ]]>
</script>
</head>
<body>
<div>
_REDIR_;
echo _T('regist_redirect', $mes, $RedirURL) . '</div>
</body>
</html>';
}
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
?>
<?php
include "conntube.php";
$action = $_POST['action'];
switch ($action) {
case 'updatelog':
updatelog();
break;
case 'deletelog':
deletelog();
break;
case 'changelog':
changelog();
break;
echo 'Thats the best part of it!!';
break;
}
?>
<?php
function updatelog()
{
function ModulePage()
{
global $PIO, $PTE;
if (!isset($_GET['do'])) {
// 沒有 "do" 指令,舊的 tag 連接
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (!isset($_POST['tag'])) {
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$pte_vals = array('{$TITLE}' => TITLE, '{$RESTO}' => '');
$dat = $PTE->ParseBlock('HEADER', $pte_vals);
$dat .= '</head><body id="main">';
$dat .= '<form action="' . $this->mypage . '&no=' . $_GET['no'] . '" method="POST">Tag: <input type="text" name="tag" value="' . htmlentities(substr(str_replace(',', ',', $post[0]['category']), 1, -1), ENT_QUOTES, 'UTF-8') . '" size="28" /><input type="submit" name="submit" value="Tag!" /></form>';
echo $dat . "</body></html>";
} else {
$Tag = CleanStr($_POST['tag']);
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
$post = $PIO->fetchPosts($_GET['no']);
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
if (!count($post)) {
die('[Error] Post does not exist.');
}
$ss = method_exists($PIO, '_replaceComma') ? ',' : ',';
// Dirty implement
$category = explode(',', $Tag);
// 把標籤拆成陣列
$category = $ss . implode($ss, array_map('trim', $category)) . $ss;
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
$PIO->updatePost($_GET['no'], array('category' => $category));
$PIO->dbCommit();
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
updatelog(0, $threadPage, true);
}
// 僅更新討論串出現那頁
deleteCache(array($parentNo));
// 刪除討論串舊快取
if (isset($_POST['ajaxmode'])) {
echo $Tag;
} else {
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
} else {
// 有 "do" 指令,查看下一步
if ($_GET['do'] == "search") {
// 搜尋符合標籤的主題
global $PTE, $PIO, $PMS, $FileIO, $language;
$category = isset($_GET['c']) ? strtolower(strip_tags(trim($_GET['c']))) : '';
// 搜尋之類別標籤
if (!$category) {
error(_T('category_nokeyword'));
}
$category_enc = urlencode($category);
$category_md5 = md5($category);
$page = isset($_GET['p']) ? @intval($_GET['p']) : 1;
if ($page < 1) {
$page = 1;
}
// 目前瀏覽頁數
$isrecache = isset($_GET['recache']);
// 是否強制重新生成快取
// 利用Session快取類別標籤出現篇別以減少負擔
session_start();
// 啟動Session
if (!isset($_SESSION['loglist_' . $category_md5]) || $isrecache) {
$loglist = $PIO->searchCategory($category);
$_SESSION['loglist_' . $category_md5] = serialize($loglist);
} else {
$loglist = unserialize($_SESSION['loglist_' . $category_md5]);
}
$loglist_count = count($loglist);
if (!$loglist_count) {
error(_T('category_notfound'));
}
$page_max = ceil($loglist_count / PAGE_DEF);
if ($page > $page_max) {
$page = $page_max;
}
// 總頁數
// 分割陣列取出適當範圍作分頁之用
$loglist_cut = array_slice($loglist, PAGE_DEF * ($page - 1), PAGE_DEF);
// 取出特定範圍文章
$loglist_cut_count = count($loglist_cut);
$dat = '';
head($dat);
$links = '[<a href="' . PHP_SELF2 . '?' . time() . '">' . _T('return') . '</a>][<a href="' . PHP_SELF . '?mode=module&load=mod_tag&do=search&c=' . $category_enc . '&recache=1">' . _T('category_recache') . '</a>]';
$PMS->useModuleMethods('LinksAboveBar', array(&$links, 'category'));
$dat .= "<div>{$links}</div>\n";
for ($i = 0; $i < $loglist_cut_count; $i++) {
$tID = $loglist_cut[$i];
$tree_count = $PIO->postCount($tID) - 1;
// 討論串回應個數
$RES_start = $tree_count - RE_DEF + 1;
if ($RES_start < 1) {
$RES_start = 1;
}
// 開始
$RES_amount = RE_DEF;
// 取幾個
$hiddenReply = $RES_start - 1;
// 被隱藏回應
// $RES_start, $RES_amount 拿去算新討論串結構 (分頁後, 部分回應隱藏)
$tree = $PIO->fetchPostList($tID);
// 整個討論串樹狀結構
$tree_cut = array_slice($tree, $RES_start, $RES_amount);
array_unshift($tree_cut, $tID);
// 取出特定範圍回應
$posts = $PIO->fetchPosts($tree_cut);
// 取得文章架構內容
$dat .= arrangeThread($PTE, $tree, $tree_cut, $posts, $hiddenReply, 0, array(), array(), false, false, false);
}
$dat .= '<table border="1"><tr>';
if ($page > 1) {
$dat .= '<td><form action="' . PHP_SELF . '?mode=module&load=mod_tag&do=search&c=' . $category_enc . '&p=' . ($page - 1) . '" method="post"><div><input type="submit" value="' . _T('prev_page') . '" /></div></form></td>';
} else {
$dat .= '<td style="white-space: nowrap;">' . _T('first_page') . '</td>';
}
$dat .= '<td>';
for ($i = 1; $i <= $page_max; $i++) {
if ($i == $page) {
$dat .= "[<b>" . $i . "</b>] ";
} else {
$dat .= '[<a href="' . PHP_SELF . '?mode=module&load=mod_tag&do=search&c=' . $category_enc . '&p=' . $i . '">' . $i . '</a>] ';
}
}
$dat .= '</td>';
if ($page < $page_max) {
$dat .= '<td><form action="' . PHP_SELF . '?mode=module&load=mod_tag&do=search&c=' . $category_enc . '&p=' . ($page + 1) . '" method="post"><div><input type="submit" value="' . _T('next_page') . '" /></div></form></td>';
} else {
$dat .= '<td style="white-space: nowrap;">' . _T('last_page') . '</td>';
}
$dat .= '</tr></table>' . "\n";
foot($dat);
echo $dat;
} else {
if ($_GET['do'] == "cloud") {
// 建立 tag cloud?
// blah blah blah
} else {
// 不知道該如何處理的 "do" 指令
echo "スクリプトはTranslation Server Errorに免費の午餐を食べています!<br />";
echo "...你想表達什麼?";
}
}
}
}
function ModulePage()
{
global $PIO, $FileIO, $PMS, $language, $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR;
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (!isset($_POST['mode'])) {
// 顯示表單
if (!$this->shown_in_page && !adminAuthenticate('check')) {
die('[Error] Access Denied.');
}
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
extract($post[0]);
$PMS->loadModules('mod_bbcode');
//嘗試載入mod_bbcode
if ($bbcode = $PMS->getModuleInstance('mod_bbcode')) {
$bbcode->_html2bb($com);
}
$name = preg_replace('|<span.*?>(.*?)</span>|', '\\1', $name);
$dat = '';
head($dat);
$PMS->hookModuleMethod('PostInfo', array($this, '_EditPostInfo'));
form($dat, $resto, false, $this->mypage . '&no=' . $_GET['no'], $name, $email, $sub, str_replace('<br />', "\n", $com), substr(str_replace(',', ',', $category), 1, -1), 'edit');
foot($dat);
echo $dat;
} else {
// 儲存
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error(_T('regist_notpost'));
}
// 非正規POST方式
$post = $PIO->fetchPosts($_GET['no']);
$newValues = array();
if (!count($post)) {
die('[Error] Post does not exist.');
}
$name = isset($_POST[FT_NAME]) ? $_POST[FT_NAME] : '';
$email = isset($_POST[FT_EMAIL]) ? $_POST[FT_EMAIL] : '';
$sub = isset($_POST[FT_SUBJECT]) ? $_POST[FT_SUBJECT] : '';
$com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
$category = isset($_POST['category']) ? $_POST['category'] : '';
$resto = isset($_POST['resto']) ? $_POST['resto'] : 0;
$upfile = '';
$upfile_path = '';
$upfile_name = false;
$upfile_status = 4;
$pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
if ($resto && !$PIO->isThread($resto)) {
die('[Error] Thread was deleted.');
}
$is_admin = $haveperm = $pwd == ADMIN_PASS || adminAuthenticate('check');
$PMS->useModuleMethods('Authenticate', array($pwd, 'useredit', &$haveperm));
if ($pwd == '' && $pwdc != '') {
$pwd = $pwdc;
}
$pwd_md5 = substr(md5($pwd), 2, 8);
$host = gethostbyaddr(getREMOTE_ADDR());
if (!($pwd_md5 == $post[0]['pwd'] || $host == $post[0]['host'] || $haveperm)) {
die('[Error] Access denied.');
}
// 欄位陷阱
$FTname = isset($_POST['name']) ? $_POST['name'] : '';
$FTemail = isset($_POST['email']) ? $_POST['email'] : '';
$FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
$FTcom = isset($_POST['com']) ? $_POST['com'] : '';
$FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
error(_T('regist_nospam'));
}
// 封鎖:IP/Hostname/DNSBL 檢查機能
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
$baninfo = '';
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
error(_T('regist_ipfiltered', $baninfo));
}
// 封鎖:限制出現之文字
foreach ($BAD_STRING as $value) {
if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
error(_T('regist_wordfiltered'));
}
}
$PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host)));
// "RegistBegin" Hook Point
// 檢查是否輸入櫻花日文假名
$chkanti = array($name, $email, $sub, $com);
foreach ($chkanti as $anti) {
if (anti_sakura($anti)) {
error(_T('regist_sakuradetected'));
}
}
// 檢查表單欄位內容並修整
if (strlen($name) > 100) {
error(_T('regist_nametoolong'));
}
if (strlen($email) > 100) {
error(_T('regist_emailtoolong'));
}
if (strlen($sub) > 100) {
error(_T('regist_topictoolong'));
}
if (strlen($resto) > 10) {
error(_T('regist_longthreadnum'));
}
$email = CleanStr($email);
$email = str_replace("\r\n", '', $email);
$sub = CleanStr($sub);
$sub = str_replace("\r\n", '', $sub);
$resto = CleanStr($resto);
$resto = str_replace("\r\n", '', $resto);
// 名稱修整
$name = CleanStr($name);
$name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
// 防止トリップ偽造
$name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
// 防止管理員キャップ偽造
$name = str_replace("\r\n", '', $name);
$nameOri = $name;
// 名稱
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
// トリップ(Trip)機能
$name = $nameOri = $regs[1];
$cap = strtr($regs[2], array('&' => '&'));
$salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
$salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
// 管理員キャップ(Cap)機能
$acap_name = $nameOri;
$acap_pwd = strtr($aregs[2], array('&' => '&'));
if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
$name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
$is_admin = true;
$email = $aregs[1];
// 去除 #xx 密碼
}
}
if (!$is_admin) {
// 非管理員
$name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
$name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
}
$name = str_replace('&◆', '&◆', $name);
// 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
// 內文修整
if (strlen($com) > COMM_MAX && !$is_admin) {
error(_T('regist_commenttoolong'));
}
$com = CleanStr($com, $is_admin);
// 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
}
// 換行字元用<br />代替
$com = str_replace("\n", '', $com);
// 若還有\n換行字元則取消換行
if ($category && USE_CATEGORY) {
// 修整標籤樣式
$category = explode(',', $category);
// 把標籤拆成陣列
$category = ',' . implode(',', array_map('trim', $category)) . ',';
// 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
} else {
$category = '';
}
$age = false;
$dest = '';
$W = $post[0]['tw'];
$H = $post[0]['th'];
$imgW = $post[0]['imgw'];
$imgH = $post[0]['imgh'];
$status = $post[0]['status'];
$PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
// "RegistBeforeCommit" Hook Point
if ($name != $post[0]['name'] && $_POST[FT_NAME]) {
$newValues['name'] = $name;
}
if ($email != $post[0]['email'] && $_POST[FT_EMAIL]) {
$newValues['email'] = $email;
}
if ($sub != $post[0]['sub'] && $_POST[FT_SUBJECT]) {
$newValues['sub'] = $sub;
}
if ($com != $post[0]['com'] && $_POST[FT_COMMENT]) {
$newValues['com'] = $com;
}
if ($category != $post[0]['category'] && $_POST['category']) {
$newValues['category'] = $category;
}
$PIO->updatePost($_GET['no'], $newValues);
$PIO->dbCommit();
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
updatelog(0, $threadPage, true);
}
// 僅更新討論串出現那頁
deleteCache(array($parentNo));
// 刪除討論串舊快取
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
function regist($name, $email, $sub, $com, $url, $pwd, $upfile, $upfile_name, $resto)
{
global $path, $badstring, $badfile, $badip, $pwdc, $textonly;
$dest = "";
$mes = "";
// 時間
$time = time();
$tim = $time . substr(microtime(), 2, 3);
// アップロード処理
if ($upfile && file_exists($upfile)) {
$dest = $path . $tim . '.tmp';
move_uploaded_file($upfile, $dest);
//↑でエラーなら↓に変更
//copy($upfile, $dest);
$upfile_name = CleanStr($upfile_name);
if (!is_file($dest)) {
error("アップロードに失敗しました<br>サーバがサポートしていない可能性があります", $dest);
}
$size = getimagesize($dest);
if (!is_array($size)) {
error("アップロードに失敗しました<br>画像ファイル以外は受け付けません", $dest);
}
$chk = md5_of_file($dest);
foreach ($badfile as $value) {
if (preg_match("^{$value}", $chk)) {
error("アップロードに失敗しました<br>同じ画像がありました", $dest);
//拒絶画像
}
}
chmod($dest, 0666);
$W = $size[0];
$H = $size[1];
switch ($size[2]) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
case 4:
$ext = ".swf";
break;
case 5:
$ext = ".psd";
break;
case 6:
$ext = ".bmp";
break;
case 13:
$ext = ".swf";
break;
default:
$ext = ".xxx";
error("対応しないフォーマットです。", $dest);
}
// 画像表示縮小
if ($W > MAX_W || $H > MAX_H) {
$W2 = MAX_W / $W;
$H2 = MAX_H / $H;
$W2 < $H2 ? $key = $W2 : ($key = $H2);
$W = ceil($W * $key);
$H = ceil($H * $key);
}
$mes = "画像 {$upfile_name} のアップロードが成功しました<br><br>";
}
// foreach($badstring as $value){if(pregereg_replace_match($value,$com)||preg_match($value,$sub)||preg_match($value,$name)||preg_match($value,$email)){
// error("拒絶されました(str)",$dest);};}
if ($_SERVER["REQUEST_METHOD"] != "POST") {
error("不正な投稿をしないで下さい(post)", $dest);
}
// フォーム内容をチェック
if (!$name || preg_match("^[ | |]*\$", $name)) {
$name = "";
}
if (!$com || preg_match("^[ | |\t]*\$", $com)) {
$com = "";
}
if (!$sub || preg_match("^[ | |]*\$", $sub)) {
$sub = "";
}
if (!$resto && !$textonly && !is_file($dest)) {
error("画像がありません", $dest);
}
if (!$com && !is_file($dest)) {
error("何か書いて下さい", $dest);
}
$name = preg_replace("管理", "\"管理\"", $name);
$name = preg_replace("削除", "\"削除\"", $name);
if (strlen($com) > 1000) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($name) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($email) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($sub) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($resto) > 10) {
error("異常です", $dest);
}
if (strlen($url) > 10) {
error("異常です", $dest);
}
//ホスト取得
$host = gethostbyaddr($_SERVER["REMOTE_ADDR"]);
foreach ($badip as $value) {
//拒絶host
if (eregi("{$value}\$", $host)) {
error("拒絶されました(host)", $dest);
}
}
if (eregi("^mail", $host) || eregi("^ns", $host) || eregi("^dns", $host) || eregi("^ftp", $host) || eregi("^prox", $host) || eregi("^pc", $host) || eregi("^[^\\.]\\.[^\\.]\$", $host)) {
$pxck = "on";
}
if (eregi("ne\\.jp\$", $host) || eregi("ad\\.jp\$", $host) || eregi("bbtec\\.net\$", $host) || eregi("aol\\.com\$", $host) || eregi("uu\\.net\$", $host) || eregi("asahi-net\\.or\\.jp\$", $host) || eregi("rim\\.or\\.jp\$", $host)) {
$pxck = "off";
} else {
$pxck = "on";
}
if ($pxck == "on" && PROXY_CHECK) {
if (proxy_connect('80') == 1) {
error("ERROR! 公開PROXY規制中!!(80)", $dest);
} elseif (proxy_connect('8080') == 1) {
error("ERROR! 公開PROXY規制中!!(8080)", $dest);
}
}
// No.とパスと時間とURLフォーマット
srand((double) microtime() * 1000000);
if ($pwd == "") {
if ($pwdc == "") {
$pwd = rand();
$pwd = substr($pwd, 0, 8);
} else {
$pwd = $pwdc;
}
}
$c_pass = $pwd;
$pass = $pwd ? substr(md5($pwd), 2, 8) : "*";
$youbi = array('日', '月', '火', '水', '木', '金', '土');
$yd = $youbi[gmdate("w", $time + 9 * 60 * 60)];
$now = gmdate("y/m/d", $time + 9 * 60 * 60) . "(" . (string) $yd . ")" . gmdate("H:i", $time + 9 * 60 * 60);
if (DISP_ID) {
if ($email && DISP_ID == 1) {
$now .= " ID:???";
} else {
$now .= " ID:" . substr(crypt(md5($_SERVER["REMOTE_ADDR"] . IDSEED . gmdate("Ymd", $time + 9 * 60 * 60)), 'id'), -8);
}
}
//テキスト整形
$email = CleanStr($email);
$email = preg_replace("[\r\n]", "", $email);
$sub = CleanStr($sub);
$sub = preg_replace("[\r\n]", "", $sub);
$url = CleanStr($url);
$url = preg_replace("[\r\n]", "", $url);
$resto = CleanStr($resto);
$resto = preg_replace("[\r\n]", "", $resto);
$com = CleanStr($com);
// 改行文字の統一。
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
// 連続する空行を一行
$com = preg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
//改行文字の前に<br>を代入する
}
$com = str_replace("\n", "", $com);
//\nを文字列から消す。
$name = preg_replace("◆", "◇", $name);
$name = preg_replace("[\r\n]", "", $name);
$names = $name;
$name = CleanStr($name);
if (preg_match("(#|#)(.*)", $names, $regs)) {
$cap = $regs[2];
$cap = strtr($cap, "&", "&");
$cap = strtr($cap, ",", ",");
$name = preg_replace("(#|#)(.*)", "", $name);
$salt = substr($cap . "H.", 1, 2);
$salt = preg_replace("[^\\.-z]", ".", $salt);
$salt = strtr($salt, ":;<=>?@[\\]^_`", "ABCDEFGabcdef");
$name .= "</b>◆" . substr(crypt($cap, $salt), -10) . "<b>";
}
if (!$name) {
$name = "名無し";
}
if (!$com) {
$com = "本文なし";
}
if (!$sub) {
$sub = "無題";
}
//ログ読み込み
$fp = fopen(LOGFILE, "r+");
flock($fp, 2);
rewind($fp);
$buf = fread($fp, 1000000);
if ($buf == '') {
error("error load log", $dest);
}
$line = explode("\n", $buf);
$countline = count($line);
for ($i = 0; $i < $countline; $i++) {
if ($line[$i] != "") {
list($artno, ) = explode(",", rtrim($line[$i]));
//逆変換テーブル作成
$lineindex[$artno] = $i + 1;
$line[$i] .= "\n";
}
}
// 二重投稿チェック
$imax = count($line) > 20 ? 20 : count($line) - 1;
for ($i = 0; $i < $imax; $i++) {
list($lastno, , $lname, , , $lcom, , $lhost, $lpwd, , , , $ltime, ) = explode(",", $line[$i]);
if (strlen($ltime) > 10) {
$ltime = substr($ltime, 0, -3);
}
if ($host == $lhost || substr(md5($pwd), 2, 8) == $lpwd || substr(md5($pwdc), 2, 8) == $lpwd) {
$pchk = 1;
} else {
$pchk = 0;
}
if (RENZOKU && $pchk && $time - $ltime < RENZOKU) {
error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
if (RENZOKU && $pchk && $time - $ltime < RENZOKU2 && $upfile_name) {
error("画像連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
if (RENZOKU && $pchk && $com == $lcom && !$upfile_name) {
error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
}
// ログ行数オーバー
if (count($line) >= LOG_MAX) {
for ($d = count($line) - 1; $d >= LOG_MAX - 1; $d--) {
list($dno, , , , , , , , , $dext, , , $dtime, ) = explode(",", $line[$d]);
if (is_file($path . $dtime . $dext)) {
unlink($path . $dtime . $dext);
}
if (is_file(THUMB_DIR . $dtime . 's.jpg')) {
unlink(THUMB_DIR . $dtime . 's.jpg');
}
$line[$d] = "";
treedel($dno);
}
}
// アップロード処理
if ($dest && file_exists($dest)) {
$imax = count($line) > 200 ? 200 : count($line) - 1;
for ($i = 0; $i < $imax; $i++) {
//画像重複チェック
list(, , , , , , , , , $extp, , , $timep, $chkp, ) = explode(",", $line[$i]);
if ($chkp == $chk && file_exists($path . $timep . $extp)) {
error("アップロードに失敗しました<br>同じ画像があります", $dest);
}
}
}
list($lastno, ) = explode(",", $line[0]);
$no = $lastno + 1;
isset($ext) ? 0 : ($ext = "");
isset($W) ? 0 : ($W = "");
isset($H) ? 0 : ($H = "");
isset($chk) ? 0 : ($chk = "");
$newline = "{$no},{$now},{$name},{$email},{$sub},{$com},{$url},{$host},{$pass},{$ext},{$W},{$H},{$tim},{$chk},\n";
$newline .= implode('', $line);
ftruncate($fp, 0);
set_file_buffer($fp, 0);
rewind($fp);
fputs($fp, $newline);
//ツリー更新
$find = false;
$newline = '';
$tp = fopen(TREEFILE, "r+");
set_file_buffer($tp, 0);
rewind($tp);
$buf = fread($tp, 1000000);
if ($buf == '') {
error("error tree update", $dest);
}
$line = explode("\n", $buf);
$countline = count($line);
for ($i = 0; $i < $countline; $i++) {
if ($line[$i] != "") {
$line[$i] .= "\n";
$j = explode(",", rtrim($line[$i]));
if ($lineindex[$j[0]] == 0) {
$line[$i] = '';
}
}
}
if ($resto) {
for ($i = 0; $i < $countline; $i++) {
$rtno = explode(",", rtrim($line[$i]));
if ($rtno[0] == $resto) {
$find = TRUE;
$line[$i] = rtrim($line[$i]) . ',' . $no . "\n";
$j = explode(",", rtrim($line[$i]));
if (count($j) > MAX_RES) {
$email = 'sage';
}
if (!stristr($email, 'sage')) {
$newline = $line[$i];
$line[$i] = '';
}
break;
}
}
}
if (!$find) {
if (!$resto) {
$newline = "{$no}\n";
} else {
error("スレッドがありません", $dest);
}
}
$newline .= implode('', $line);
ftruncate($tp, 0);
set_file_buffer($tp, 0);
rewind($tp);
fputs($tp, $newline);
fclose($tp);
fclose($fp);
//クッキー保存
setcookie("pwdc", $c_pass, time() + 7 * 24 * 3600);
/* 1週間で期限切れ */
if (function_exists("mb_internal_encoding") && function_exists("mb_convert_encoding") && function_exists("mb_substr")) {
if (preg_match("MSIE|Opera", $_SERVER["HTTP_USER_AGENT"])) {
$i = 0;
$c_name = '';
mb_internal_encoding("SJIS");
while ($j = mb_substr($names, $i, 1)) {
$j = mb_convert_encoding($j, "UTF-16", "SJIS");
$c_name .= "%u" . bin2hex($j);
$i++;
}
header("Set-Cookie: namec={$c_name}; expires=" . gmdate("D, d-M-Y H:i:s", time() + 7 * 24 * 3600) . " GMT", false);
} else {
$c_name = $names;
setcookie("namec", $c_name, time() + 7 * 24 * 3600);
/* 1週間で期限切れ */
}
}
if ($dest && file_exists($dest)) {
rename($dest, $path . $tim . $ext);
if (USE_THUMB) {
thumb($path, $tim, $ext);
}
}
updatelog();
echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"1;URL=" . PHP_SELF2 . "\"></head>";
echo "<body>{$mes} 画面を切り替えます</body></html>";
}
function resredir($res)
{
$res = (int) $res;
if (!($redir = mysql_call("select no,resto from " . SQLLOG . " where no=" . $res))) {
echo S_SQLFAIL;
}
list($no, $resto) = mysql_fetch_row($redir);
if (!$no) {
$maxq = mysql_call("select max(no) from " . SQLLOG . "");
list($max) = mysql_fetch_row($maxq);
if (!$max || $res > $max) {
header("HTTP/1.0 404 Not Found");
} else {
// res < max, so it must be deleted!
header("HTTP/1.0 410 Gone");
}
error(S_NOTHREADERR, $dest);
}
if ($resto == "0") {
// thread
$redirect = DATA_SERVER . BOARD_DIR . "/res/" . $no . PHP_EXT . '#' . $no;
} else {
$redirect = DATA_SERVER . BOARD_DIR . "/res/" . $resto . PHP_EXT . '#' . $no;
}
echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL={$redirect}\">";
if ($resto == "0") {
log_cache();
}
if ($resto == "0") {
// thread
updatelog($res);
}
}
public function ModulePage()
{
$PIO = PMCLibrary::getPIOInstance();
if (!isset($_GET['no'])) {
die('[Error] not enough parameter.');
}
if (isset($_GET['action'])) {
if (adminAuthenticate('check')) {
$pushcount = '';
$puststart = 0;
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
// 被推之文章不存在
extract($post[0]);
if ($status != '') {
$f = $PIO->getPostStatus($status);
$pushcount = $f->value('mppCnt');
// 被推次數
}
if (($puststart = strpos($com, $this->PUSHPOST_SEPARATOR . '<br />')) === false) {
die('[Error] No pushpost.');
}
$ocom = substr($com, 0, $puststart);
$pushpost = explode('<br />', substr($com, $puststart + strlen($this->PUSHPOST_SEPARATOR . '<br />')));
$com = $ocom;
if ($_GET['action'] == 'del') {
// list
$p_count = 1;
$com .= '<div class="pushpost">';
foreach ($pushpost as $p) {
$com .= '<input type="checkbox" name="' . $p_count++ . '" value="delete" />' . $p . '<br />';
}
$com .= '</div>';
$dat = '';
head($dat);
$dat .= '<div class="bar_reply">' . $this->_T('deletepush') . '</div>';
$dat .= '<form action="' . $this->getModulePageURL(array('action' => 'delpush', 'no' => $_GET['no'])) . '" method="post">';
$dat .= PMCLibrary::getPTEInstance()->ParseBlock('SEARCHRESULT', array('{$NO}' => $no, '{$SUB}' => $sub, '{$NAME}' => $name, '{$NOW}' => $now, '{$COM}' => $com, '{$CATEGORY}' => $category, '{$NAME_TEXT}' => _T('post_name'), '{$CATEGORY_TEXT}' => _T('post_category')));
echo $dat, '<input type="submit" value="' . _T('del_btn') . '" /></form></body></html>';
return;
} else {
if ($_GET['action'] == 'delpush') {
// delete
$delno = array();
reset($_POST);
while ($item = each($_POST)) {
if ($item[1] == 'delete' && $item[0] != 'func') {
array_push($delno, $item[0]);
}
}
if (count($delno)) {
foreach ($delno as $d) {
if (isset($pushpost[$d - 1])) {
unset($pushpost[$d - 1]);
}
}
}
$pushcount = count($pushpost);
if ($pushcount) {
$f->update('mppCnt', $pushcount);
// 更新推文次數
$com = $ocom . $this->PUSHPOST_SEPARATOR . '<br />' . implode('<br />', $pushpost);
} else {
$f->remove('mppCnt');
// 刪除推文次數
$com = $ocom;
}
$PIO->updatePost($_GET['no'], array('com' => $com, 'status' => $f->toString()));
// 更新推文
$PIO->dbCommit();
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF . '?page_num=0');
return;
} else {
die('[Error] unknown action.');
}
}
} else {
die('[Error] unauthenticated action.');
}
}
// 非 AJAX 推文,產出表單供填寫
if (!isset($_POST['comm'])) {
echo $this->printStaticForm(intval($_GET['no']));
} else {
// 處理推文
// 傳送方法不正確
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
die(_T('regist_notpost'));
}
// 查IP
$baninfo = '';
$ip = getREMOTE_ADDR();
$host = gethostbyaddr($ip);
if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
die(_T('regist_ipfiltered', $baninfo));
}
$name = CleanStr($_POST['name']);
$comm = CleanStr($_POST['comm']);
if (strlen($name) > 30) {
die($this->_T('maxlength'));
}
// 名稱太長
if (strlen($comm) > 160) {
die($this->_T('maxlength'));
}
// 太多字
if (strlen($comm) == 0) {
die($this->_T('nocomment'));
}
// 沒打字
$name = str_replace(array(_T('trip_pre'), _T('admin'), _T('deletor')), array(_T('trip_pre_fake'), '"' . _T('admin') . '"', '"' . _T('deletor') . '"'), $name);
// 生成ID, Trip 等識別資訊
$pushID = $this->getID();
$pushtime = gmdate('y/m/d H:i', time() + intval(TIME_ZONE) * 3600);
if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
$cap = strtr($regs[2], array('&' => '&'));
$salt = strtr(preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2)), ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$name = $regs[1] . _T('trip_pre') . substr(crypt($cap, $salt), -10);
}
if (!$name || preg_match("/^[ | |]*\$/", $name)) {
if (ALLOW_NONAME) {
$name = DEFAULT_NONAME;
} else {
die(_T('regist_withoutname'));
}
// 不接受匿名
}
if (ALLOW_NONAME == 2) {
// 強制砍名
$name = preg_match('/(\\' . _T('trip_pre') . '.{10})/', $name, $matches) ? $matches[1] . ':' : DEFAULT_NONAME . ':';
} else {
$name .= ':';
}
$pushpost = "{$name} {$comm} ({$pushID} {$pushtime})";
// 推文主體
$post = $PIO->fetchPosts($_GET['no']);
if (!count($post)) {
die('[Error] Post does not exist.');
}
// 被推之文章不存在
$parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
$threads = array_flip($PIO->fetchThreadList());
$threadPage = floor($threads[$parentNo] / PAGE_DEF);
$p = $parentNo == $post[0]['no'] ? $post : $PIO->fetchPosts($parentNo);
// 取出首篇
$flgh = $PIO->getPostStatus($p[0]['status']);
if ($flgh->exists('TS')) {
die('[Error] ' . _T('regist_threadlocked'));
}
// 首篇禁止回應/同時表示禁止推文
$post[0]['com'] .= (strpos($post[0]['com'], $this->PUSHPOST_SEPARATOR . '<br />') === false ? '<br />' . $this->PUSHPOST_SEPARATOR : '') . '<br /> ' . $pushpost;
$flgh2 = $PIO->getPostStatus($post[0]['status']);
$flgh2->plus('mppCnt');
// 推文次數+1
$PIO->updatePost($_GET['no'], array('com' => $post[0]['com'], 'status' => $flgh2->toString()));
// 更新推文
$PIO->dbCommit();
// mod_audit logcat
$this->callCHP('mod_audit_logcat', array(sprintf('[%s] No.%d %s (%s)', __CLASS__, $_GET['no'], $comm, $pushID)));
if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
// 僅更新討論串出現那頁
updatelog(0, $threadPage, true);
}
deleteCache(array($parentNo));
// 刪除討論串舊快取
if (isset($_POST['ajaxmode'])) {
echo '+OK ', $pushpost;
} else {
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
}
}
}
