$today = date("Y-m-d H:i:s"); // Some important settings we gonna use throughout the page define('BASEURL', 'http://localhost:3000/'); define('DOMAIN', '.localhost:8888'); define("NOW", "" . $today . ""); // Make sure nobodys trying to f#&k with us if (get_magic_quotes_gpc()) { function strip_array($var) { return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); } $_POST = strip_array($_POST); $_SESSION = strip_array($_SESSION); $_GET = strip_array($_GET); $_REQUEST = strip_array($_REQUEST); $_COOKIE = strip_array($_COOKIE); } // Connect to the glorious database function db() { static $connection; if (!isset($connection)) { $db = parse_ini_file('config.ini'); $connection = mysqli_connect('localhost', $db['username'], $db['password'], $db['database']); } if ($connection === false) { return mysqli_connect_error(); } return $connection; } // Now a few shorthand functions to talk with the database
* Copyright (c) 2010-2014 Tinyboard Development Group */ require 'inc/functions.php'; require 'inc/mod/pages.php'; require 'inc/mod/auth.php'; if ($config['debug']) { $parse_start_time = microtime(true); } // Fix for magic quotes if (get_magic_quotes_gpc()) { function strip_array($var) { return is_array($var) ? array_map('strip_array', $var) : stripslashes($var); } $_GET = strip_array($_GET); $_POST = strip_array($_POST); } $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : ''; $pages = array('' => ':?/', '/' => 'dashboard', '/confirm/(.+)' => 'confirm', '/logout' => 'secure logout', '/users' => 'users', '/users/(\\d+)/(promote|demote)' => 'secure user_promote', '/users/(\\d+)' => 'secure_POST user', '/users/new' => 'secure_POST user_new', '/new_PM/([^/]+)' => 'secure_POST new_pm', '/PM/(\\d+)(/reply)?' => 'pm', '/inbox' => 'inbox', '/log' => 'log', '/log/(\\d+)' => 'log', '/log:([^/]+)' => 'user_log', '/log:([^/]+)/(\\d+)' => 'user_log', '/news' => 'secure_POST news', '/news/(\\d+)' => 'secure_POST news', '/news/delete/(\\d+)' => 'secure news_delete', '/noticeboard' => 'secure_POST noticeboard', '/noticeboard/(\\d+)' => 'secure_POST noticeboard', '/noticeboard/delete/(\\d+)' => 'secure noticeboard_delete', '/edit/(\\%b)' => 'secure_POST edit_board', '/new-board' => 'secure_POST new_board', '/rebuild' => 'secure_POST rebuild', '/reports' => 'reports', '/reports/(\\d+)/dismiss(all)?' => 'secure report_dismiss', '/IP/([\\w.:]+)' => 'secure_POST ip', '/IP/([\\w.:]+)/remove_note/(\\d+)' => 'secure ip_remove_note', '/ban' => 'secure_POST ban', '/bans' => 'secure_POST bans', '/bans/(\\d+)' => 'secure_POST bans', '/ban-appeals' => 'secure_POST ban_appeals', '/search' => 'search_redirect', '/search/(posts|IP_notes|bans|log)/(.+)/(\\d+)' => 'search', '/search/(posts|IP_notes|bans|log)/(.+)' => 'search', '/(\\%b)/ban(&delete)?/(\\d+)' => 'secure_POST ban_post', '/(\\%b)/move/(\\d+)' => 'secure_POST move', '/(\\%b)/edit(_raw)?/(\\d+)' => 'secure_POST edit_post', '/(\\%b)/delete/(\\d+)' => 'secure delete', '/(\\%b)/deletefile/(\\d+)' => 'secure deletefile', '/(\\%b+)/spoiler/(\\d+)' => 'secure spoiler_image', '/(\\%b)/deletebyip/(\\d+)(/global)?' => 'secure deletebyip', '/(\\%b)/(un)?lock/(\\d+)' => 'secure lock', '/(\\%b)/(un)?sticky/(\\d+)' => 'secure sticky', '/(\\%b)/bump(un)?lock/(\\d+)' => 'secure bumplock', '/themes' => 'themes_list', '/themes/(\\w+)' => 'secure_POST theme_configure', '/themes/(\\w+)/rebuild' => 'secure theme_rebuild', '/themes/(\\w+)/uninstall' => 'secure theme_uninstall', '/config' => 'secure_POST config', '/config/(\\%b)' => 'secure_POST config', '/debug/antispam' => 'debug_antispam', '/debug/recent' => 'debug_recent_posts', '/debug/apc' => 'debug_apc', '/debug/sql' => 'secure_POST debug_sql', '/(\\%b)/' => 'view_board', '/(\\%b)/' . preg_quote($config['file_index'], '!') => 'view_board', '/(\\%b)/' . str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '!')) => 'view_board', '/(\\%b)/' . preg_quote($config['dir']['res'], '!') . str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '!')) => 'view_thread'); if (!$mod) { $pages = array('!^(.+)?$!' => 'login'); } elseif (isset($_GET['status'], $_GET['r'])) { header('Location: ' . $_GET['r'], true, (int) $_GET['status']); exit; } if (isset($config['mod']['custom_pages'])) { $pages = array_merge($pages, $config['mod']['custom_pages']); } $new_pages = array(); foreach ($pages as $key => $callback) { if (is_string($callback) && preg_match('/^secure /', $callback)) {
<?php if (get_magic_quotes_gpc()) { function strip_array($var) { return is_array($var) ? array_map("strip_array", $var) : stripslashes($var); } $_POST = strip_array($_POST); $_SESSION = strip_array($_SESSION); $_GET = strip_array($_GET); } /** * Router */ function route($table) { $path = $_SERVER['REQUEST_URI']; $q_pos = strpos($path, '?'); if ($q_pos !== false) { $path = substr($path, 0, $q_pos); } $segments = explode('/', trim($path, ' /')); $possibilities = array(); foreach ($table as $route => $handler) { $parts = preg_split('/\\s+/', $route); $method = $parts[0]; if ($method !== $_SERVER['REQUEST_METHOD']) { continue; } $path = $parts[1]; $path = preg_replace('%//+%', '/', $path);
while ($db = mysql_fetch_array($query)) { $fieldname = $db[name]; $requirederror .= adfieldinputcheck($in[catid], "{$fieldname}", $in[$fieldname]); } if (!$in[location] || !$in[header] || !$in[text] || $requirederror) { died($error[14]); } else { if (isbanned($_SESSION[suserid])) { $error = rawurlencode($error[27]); header(headerstr("classified.php?status=6&errormessage={$error}")); exit; } if (strlen($in['text']) < $limit["0"] || strlen($in['text']) > $limit["1"]) { died("Sorry, your text has to be between {$limit['0']} and {$limit['1']} characters."); } $in = strip_array($in); $in[text] = encode_msg($in[text]); if ($in[icon1] == "on") { $in[icon1] = 1; } else { $in[icon1] = 0; } if ($in[icon2] == "on") { $in[icon2] = 1; } else { $in[icon2] = 0; } if ($in[icon3] == "on") { $in[icon3] = 1; } else { $in[icon3] = 0;
function check_login($prompt = false) { global $config, $mod; // Validate session if (isset($_COOKIE[$config['cookies']['mod']])) { // Should be username:hash:salt $cookie = explode(':', $_COOKIE[$config['cookies']['mod']]); if (count($cookie) != 3) { // Malformed cookies destroyCookies(); if ($prompt) { mod_login(); } exit; } $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username"); $query->bindValue(':username', $cookie[0]); $query->execute() or error(db_error($query)); $user = $query->fetch(PDO::FETCH_ASSOC); // validate password hash if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) { // Malformed cookies destroyCookies(); if ($prompt) { mod_login(); } exit; } $mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $cookie[0], 'boards' => explode(',', $user['boards'])); } if ($config['debug']) { $parse_start_time = microtime(true); } // Fix for magic quotes if (get_magic_quotes_gpc()) { function strip_array($var) { return is_array($var) ? array_map('strip_array', $var) : stripslashes($var); } $_GET = strip_array($_GET); $_POST = strip_array($_POST); } }
function undo_magic_quotes() { //************************************************ function strip_array($var) { //stripslashes() also handles cases when magic_quotes_sybase is on. if (is_array($var)) { return array_map("strip_array", $var); } else { return stripslashes($var); } } //end strip_array() if (get_magic_quotes_gpc()) { if (isset($_GET)) { $_GET = strip_array($_GET); } if (isset($_POST)) { $_POST = strip_array($_POST); } if (isset($_COOKIE)) { $_COOKIE = strip_array($_COOKIE); } } }