function regist($name, $email, $sub, $com, $url, $pwd, $upfile, $upfile_name, $resto)
{
global $path, $badstring, $badfile, $badip, $pwdc, $textonly;
$dest = "";
$mes = "";
// 時間
$time = time();
$tim = $time . substr(microtime(), 2, 3);
// アップロード処理
if ($upfile && file_exists($upfile)) {
$dest = $path . $tim . '.tmp';
move_uploaded_file($upfile, $dest);
//↑でエラーなら↓に変更
//copy($upfile, $dest);
$upfile_name = CleanStr($upfile_name);
if (!is_file($dest)) {
error("アップロードに失敗しました<br>サーバがサポートしていない可能性があります", $dest);
}
$size = getimagesize($dest);
if (!is_array($size)) {
error("アップロードに失敗しました<br>画像ファイル以外は受け付けません", $dest);
}
$chk = md5_of_file($dest);
foreach ($badfile as $value) {
if (preg_match("^{$value}", $chk)) {
error("アップロードに失敗しました<br>同じ画像がありました", $dest);
//拒絶画像
}
}
chmod($dest, 0666);
$W = $size[0];
$H = $size[1];
switch ($size[2]) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
case 4:
$ext = ".swf";
break;
case 5:
$ext = ".psd";
break;
case 6:
$ext = ".bmp";
break;
case 13:
$ext = ".swf";
break;
default:
$ext = ".xxx";
error("対応しないフォーマットです。", $dest);
}
// 画像表示縮小
if ($W > MAX_W || $H > MAX_H) {
$W2 = MAX_W / $W;
$H2 = MAX_H / $H;
$W2 < $H2 ? $key = $W2 : ($key = $H2);
$W = ceil($W * $key);
$H = ceil($H * $key);
}
$mes = "画像 {$upfile_name} のアップロードが成功しました<br><br>";
}
// foreach($badstring as $value){if(pregereg_replace_match($value,$com)||preg_match($value,$sub)||preg_match($value,$name)||preg_match($value,$email)){
// error("拒絶されました(str)",$dest);};}
if ($_SERVER["REQUEST_METHOD"] != "POST") {
error("不正な投稿をしないで下さい(post)", $dest);
}
// フォーム内容をチェック
if (!$name || preg_match("^[ | |]*\$", $name)) {
$name = "";
}
if (!$com || preg_match("^[ | |\t]*\$", $com)) {
$com = "";
}
if (!$sub || preg_match("^[ | |]*\$", $sub)) {
$sub = "";
}
if (!$resto && !$textonly && !is_file($dest)) {
error("画像がありません", $dest);
}
if (!$com && !is_file($dest)) {
error("何か書いて下さい", $dest);
}
$name = preg_replace("管理", "\"管理\"", $name);
$name = preg_replace("削除", "\"削除\"", $name);
if (strlen($com) > 1000) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($name) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($email) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($sub) > 100) {
error("本文が長すぎますっ!", $dest);
}
if (strlen($resto) > 10) {
error("異常です", $dest);
}
if (strlen($url) > 10) {
error("異常です", $dest);
}
//ホスト取得
$host = gethostbyaddr($_SERVER["REMOTE_ADDR"]);
foreach ($badip as $value) {
//拒絶host
if (eregi("{$value}\$", $host)) {
error("拒絶されました(host)", $dest);
}
}
if (eregi("^mail", $host) || eregi("^ns", $host) || eregi("^dns", $host) || eregi("^ftp", $host) || eregi("^prox", $host) || eregi("^pc", $host) || eregi("^[^\\.]\\.[^\\.]\$", $host)) {
$pxck = "on";
}
if (eregi("ne\\.jp\$", $host) || eregi("ad\\.jp\$", $host) || eregi("bbtec\\.net\$", $host) || eregi("aol\\.com\$", $host) || eregi("uu\\.net\$", $host) || eregi("asahi-net\\.or\\.jp\$", $host) || eregi("rim\\.or\\.jp\$", $host)) {
$pxck = "off";
} else {
$pxck = "on";
}
if ($pxck == "on" && PROXY_CHECK) {
if (proxy_connect('80') == 1) {
error("ERROR! 公開PROXY規制中!!(80)", $dest);
} elseif (proxy_connect('8080') == 1) {
error("ERROR! 公開PROXY規制中!!(8080)", $dest);
}
}
// No.とパスと時間とURLフォーマット
srand((double) microtime() * 1000000);
if ($pwd == "") {
if ($pwdc == "") {
$pwd = rand();
$pwd = substr($pwd, 0, 8);
} else {
$pwd = $pwdc;
}
}
$c_pass = $pwd;
$pass = $pwd ? substr(md5($pwd), 2, 8) : "*";
$youbi = array('日', '月', '火', '水', '木', '金', '土');
$yd = $youbi[gmdate("w", $time + 9 * 60 * 60)];
$now = gmdate("y/m/d", $time + 9 * 60 * 60) . "(" . (string) $yd . ")" . gmdate("H:i", $time + 9 * 60 * 60);
if (DISP_ID) {
if ($email && DISP_ID == 1) {
$now .= " ID:???";
} else {
$now .= " ID:" . substr(crypt(md5($_SERVER["REMOTE_ADDR"] . IDSEED . gmdate("Ymd", $time + 9 * 60 * 60)), 'id'), -8);
}
}
//テキスト整形
$email = CleanStr($email);
$email = preg_replace("[\r\n]", "", $email);
$sub = CleanStr($sub);
$sub = preg_replace("[\r\n]", "", $sub);
$url = CleanStr($url);
$url = preg_replace("[\r\n]", "", $url);
$resto = CleanStr($resto);
$resto = preg_replace("[\r\n]", "", $resto);
$com = CleanStr($com);
// 改行文字の統一。
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
// 連続する空行を一行
$com = preg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
$com = nl2br($com);
//改行文字の前に<br>を代入する
}
$com = str_replace("\n", "", $com);
//\nを文字列から消す。
$name = preg_replace("◆", "◇", $name);
$name = preg_replace("[\r\n]", "", $name);
$names = $name;
$name = CleanStr($name);
if (preg_match("(#|#)(.*)", $names, $regs)) {
$cap = $regs[2];
$cap = strtr($cap, "&", "&");
$cap = strtr($cap, ",", ",");
$name = preg_replace("(#|#)(.*)", "", $name);
$salt = substr($cap . "H.", 1, 2);
$salt = preg_replace("[^\\.-z]", ".", $salt);
$salt = strtr($salt, ":;<=>?@[\\]^_`", "ABCDEFGabcdef");
$name .= "</b>◆" . substr(crypt($cap, $salt), -10) . "<b>";
}
if (!$name) {
$name = "名無し";
}
if (!$com) {
$com = "本文なし";
}
if (!$sub) {
$sub = "無題";
}
//ログ読み込み
$fp = fopen(LOGFILE, "r+");
flock($fp, 2);
rewind($fp);
$buf = fread($fp, 1000000);
if ($buf == '') {
error("error load log", $dest);
}
$line = explode("\n", $buf);
$countline = count($line);
for ($i = 0; $i < $countline; $i++) {
if ($line[$i] != "") {
list($artno, ) = explode(",", rtrim($line[$i]));
//逆変換テーブル作成
$lineindex[$artno] = $i + 1;
$line[$i] .= "\n";
}
}
// 二重投稿チェック
$imax = count($line) > 20 ? 20 : count($line) - 1;
for ($i = 0; $i < $imax; $i++) {
list($lastno, , $lname, , , $lcom, , $lhost, $lpwd, , , , $ltime, ) = explode(",", $line[$i]);
if (strlen($ltime) > 10) {
$ltime = substr($ltime, 0, -3);
}
if ($host == $lhost || substr(md5($pwd), 2, 8) == $lpwd || substr(md5($pwdc), 2, 8) == $lpwd) {
$pchk = 1;
} else {
$pchk = 0;
}
if (RENZOKU && $pchk && $time - $ltime < RENZOKU) {
error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
if (RENZOKU && $pchk && $time - $ltime < RENZOKU2 && $upfile_name) {
error("画像連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
if (RENZOKU && $pchk && $com == $lcom && !$upfile_name) {
error("連続投稿はもうしばらく時間を置いてからお願い致します", $dest);
}
}
// ログ行数オーバー
if (count($line) >= LOG_MAX) {
for ($d = count($line) - 1; $d >= LOG_MAX - 1; $d--) {
list($dno, , , , , , , , , $dext, , , $dtime, ) = explode(",", $line[$d]);
if (is_file($path . $dtime . $dext)) {
unlink($path . $dtime . $dext);
}
if (is_file(THUMB_DIR . $dtime . 's.jpg')) {
unlink(THUMB_DIR . $dtime . 's.jpg');
}
$line[$d] = "";
treedel($dno);
}
}
// アップロード処理
if ($dest && file_exists($dest)) {
$imax = count($line) > 200 ? 200 : count($line) - 1;
for ($i = 0; $i < $imax; $i++) {
//画像重複チェック
list(, , , , , , , , , $extp, , , $timep, $chkp, ) = explode(",", $line[$i]);
if ($chkp == $chk && file_exists($path . $timep . $extp)) {
error("アップロードに失敗しました<br>同じ画像があります", $dest);
}
}
}
list($lastno, ) = explode(",", $line[0]);
$no = $lastno + 1;
isset($ext) ? 0 : ($ext = "");
isset($W) ? 0 : ($W = "");
isset($H) ? 0 : ($H = "");
isset($chk) ? 0 : ($chk = "");
$newline = "{$no},{$now},{$name},{$email},{$sub},{$com},{$url},{$host},{$pass},{$ext},{$W},{$H},{$tim},{$chk},\n";
$newline .= implode('', $line);
ftruncate($fp, 0);
set_file_buffer($fp, 0);
rewind($fp);
fputs($fp, $newline);
//ツリー更新
$find = false;
$newline = '';
$tp = fopen(TREEFILE, "r+");
set_file_buffer($tp, 0);
rewind($tp);
$buf = fread($tp, 1000000);
if ($buf == '') {
error("error tree update", $dest);
}
$line = explode("\n", $buf);
$countline = count($line);
for ($i = 0; $i < $countline; $i++) {
if ($line[$i] != "") {
$line[$i] .= "\n";
$j = explode(",", rtrim($line[$i]));
if ($lineindex[$j[0]] == 0) {
$line[$i] = '';
}
}
}
if ($resto) {
for ($i = 0; $i < $countline; $i++) {
$rtno = explode(",", rtrim($line[$i]));
if ($rtno[0] == $resto) {
$find = TRUE;
$line[$i] = rtrim($line[$i]) . ',' . $no . "\n";
$j = explode(",", rtrim($line[$i]));
if (count($j) > MAX_RES) {
$email = 'sage';
}
if (!stristr($email, 'sage')) {
$newline = $line[$i];
$line[$i] = '';
}
break;
}
}
}
if (!$find) {
if (!$resto) {
$newline = "{$no}\n";
} else {
error("スレッドがありません", $dest);
}
}
$newline .= implode('', $line);
ftruncate($tp, 0);
set_file_buffer($tp, 0);
rewind($tp);
fputs($tp, $newline);
fclose($tp);
fclose($fp);
//クッキー保存
setcookie("pwdc", $c_pass, time() + 7 * 24 * 3600);
/* 1週間で期限切れ */
if (function_exists("mb_internal_encoding") && function_exists("mb_convert_encoding") && function_exists("mb_substr")) {
if (preg_match("MSIE|Opera", $_SERVER["HTTP_USER_AGENT"])) {
$i = 0;
$c_name = '';
mb_internal_encoding("SJIS");
while ($j = mb_substr($names, $i, 1)) {
$j = mb_convert_encoding($j, "UTF-16", "SJIS");
$c_name .= "%u" . bin2hex($j);
$i++;
}
header("Set-Cookie: namec={$c_name}; expires=" . gmdate("D, d-M-Y H:i:s", time() + 7 * 24 * 3600) . " GMT", false);
} else {
$c_name = $names;
setcookie("namec", $c_name, time() + 7 * 24 * 3600);
/* 1週間で期限切れ */
}
}
if ($dest && file_exists($dest)) {
rename($dest, $path . $tim . $ext);
if (USE_THUMB) {
thumb($path, $tim, $ext);
}
}
updatelog();
echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"1;URL=" . PHP_SELF2 . "\"></head>";
echo "<body>{$mes} 画面を切り替えます</body></html>";
}
function regist($name, $email, $sub, $com, $url, $pwd, $upfile, $upfile_name, $resto, $num)
{
global $path, $badstring, $badfile, $badip, $pwdc, $textonly, $auth;
if ($pwd == PANEL_PASS) {
$admin = $pwd;
}
if ($admin != PANEL_PASS || !valid()) {
$admin = '';
}
$mes = "";
if (valid('moderator')) {
$moderator = 1;
if (valid('admin')) {
$moderator = 2;
}
if (valid('manager')) {
$moderator = 3;
}
}
if (isset($_POST['isSticky']) || isset($_POST['isLocked']) && valid('moderator')) {
if (isset($_POST['isSticky'])) {
$stickied = 1;
}
if (isset($_POST['isLocked'])) {
$locked = 1;
}
}
if (!$upfile && !$resto) {
// allow textonly threads for moderators!
if (valid('textonly')) {
$textonly = 1;
}
}
// time
$time = time();
$tim = $time . substr(microtime(), 2, 3);
// check closed
$resto = (int) $resto;
if ($resto) {
if (!($cchk = mysql_call("select locked from " . SQLLOG . " where no=" . $resto))) {
echo S_SQLFAIL;
}
list($locked) = mysql_fetch_row($cchk);
if ($locked == 1 && !$admin) {
error("You can't reply to this thread anymore.", $upfile);
}
mysql_free_result($cchk);
}
// upload processing
$has_image = $upfile && file_exists($upfile);
if ($has_image) {
// check image limit
if ($resto) {
if (!($result = mysql_call("select COUNT(*) from " . SQLLOG . " where resto={$resto} and fsize!=0"))) {
echo S_SQLFAIL;
}
$countimgres = mysql_result($result, 0, 0);
if ($countimgres > MAX_IMGRES) {
error("Max limit of " . MAX_IMGRES . " image replies has been reached.", $upfile);
}
mysql_free_result($result);
}
//upload processing
$dest = tempnam(substr($path, 0, -1), "img");
//$dest = $path.$tim.'.tmp';
if (OEKAKI_BOARD == 1 && $_POST['oe_chk']) {
rename($upfile, $dest);
chmod($dest, 0644);
if ($pchfile) {
rename($pchfile, "{$dest}.pch");
}
} else {
move_uploaded_file($upfile, $dest);
}
clearstatcache();
// otherwise $dest looks like 0 bytes!
$upfile_name = CleanStr($upfile_name);
$fsize = filesize($dest);
if (!is_file($dest)) {
error(S_UPFAIL, $dest);
}
if (!$fsize || $fsize > MAX_KB * 1024) {
error(S_TOOBIG, $dest);
}
// PDF processing
if (ENABLE_PDF == 1 && strcasecmp('.pdf', substr($upfile_name, -4)) == 0) {
$ext = '.pdf';
$W = $H = 1;
$md5 = md5_of_file($dest);
// run through ghostscript to check for validity
if (pclose(popen("/usr/local/bin/gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=nullpage {$dest}", 'w'))) {
error(S_UPFAIL, $dest);
}
} else {
$size = getimagesize($dest);
if (!is_array($size)) {
error(S_NOREC, $dest);
}
$md5 = md5_of_file($dest);
//chmod($dest,0666);
$W = $size[0];
$H = $size[1];
switch ($size[2]) {
case 1:
$ext = ".gif";
break;
case 2:
$ext = ".jpg";
break;
case 3:
$ext = ".png";
break;
case 4:
$ext = ".swf";
error(S_UPFAIL, $dest);
break;
case 5:
$ext = ".psd";
error(S_UPFAIL, $dest);
break;
case 6:
$ext = ".bmp";
error(S_UPFAIL, $dest);
break;
case 7:
$ext = ".tiff";
error(S_UPFAIL, $dest);
break;
case 8:
$ext = ".tiff";
error(S_UPFAIL, $dest);
break;
case 9:
$ext = ".jpc";
error(S_UPFAIL, $dest);
break;
case 10:
$ext = ".jp2";
error(S_UPFAIL, $dest);
break;
case 11:
$ext = ".jpx";
error(S_UPFAIL, $dest);
break;
case 13:
$ext = ".swf";
error(S_UPFAIL, $dest);
break;
default:
$ext = ".xxx";
error(S_UPFAIL, $dest);
break;
}
if (GIF_ONLY == 1 && $size[2] != 1) {
error(S_UPFAIL, $dest);
}
}
// end processing -else
// Picture reduction
if (!$resto) {
$maxw = MAX_W;
$maxh = MAX_H;
} else {
$maxw = MAXR_W;
$maxh = MAXR_H;
}
if (defined('MIN_W') && MIN_W > $W) {
error(S_UPFAIL, $dest);
}
if (defined('MIN_H') && MIN_H > $H) {
error(S_UPFAIL, $dest);
}
if (defined('MAX_DIMENSION')) {
$maxdimension = MAX_DIMENSION;
} else {
$maxdimension = 5000;
}
if ($W > $maxdimension || $H > $maxdimension) {
error(S_TOOBIGRES, $dest);
} elseif ($W > $maxw || $H > $maxh) {
$W2 = $maxw / $W;
$H2 = $maxh / $H;
$W2 < $H2 ? $key = $W2 : ($key = $H2);
$W = ceil($W * $key);
$H = ceil($H * $key);
}
$mes = $upfile_name . ' ' . S_UPGOOD;
}
if ($_FILES["upfile"]["error"] > 0) {
if ($_FILES["upfile"]["error"] == UPLOAD_ERR_INI_SIZE) {
error(S_TOOBIG, $dest);
}
if ($_FILES["upfile"]["error"] == UPLOAD_ERR_FORM_SIZE) {
error(S_TOOBIG, $dest);
}
if ($_FILES["upfile"]["error"] == UPLOAD_ERR_PARTIAL) {
error(S_UPFAIL, $dest);
}
if ($_FILES["upfile"]["error"] == UPLOAD_ERR_CANT_WRITE) {
error(S_UPFAIL, $dest);
}
}
if ($upfile_name && $_FILES["upfile"]["size"] == 0) {
error(S_TOOBIGORNONE, $dest);
}
//The last result number
$lastno = mysql_result(mysql_call("select max(no) from " . SQLLOG), 0, 0);
// Number of log lines
if (!($result = mysql_call("select no,ext,tim from " . SQLLOG . " where no<=" . ($lastno - LOG_MAX)))) {
echo S_SQLFAIL;
} else {
while ($resrow = mysql_fetch_row($result)) {
list($dno, $dext, $dtim) = $resrow;
if (!mysql_query("delete from " . SQLLOG . " where no=" . $dno)) {
echo S_SQLFAIL;
}
if ($dext) {
if (is_file($path . $dtim . $dext)) {
unlink($path . $dtim . $dext);
}
if (is_file(THUMB_DIR . $dtim . 's.jpg')) {
unlink(THUMB_DIR . $dtim . 's.jpg');
}
}
}
mysql_free_result($result);
}
$find = false;
$resto = (int) $resto;
if ($resto) {
if (!($result = mysql_call("select * from " . SQLLOG . " where root>0 and no={$resto}"))) {
echo S_SQLFAIL;
} else {
$find = mysql_fetch_row($result);
mysql_free_result($result);
}
if (!$find) {
error(S_NOTHREADERR, $dest);
}
}
/* foreach ( $badstring as $value ) {
if ( ereg( $value, $com ) || ereg( $value, $sub ) || ereg( $value, $name ) || ereg( $value, $email ) ) {
error( S_STRREF, $dest );
}
;
}*/
if ($_SERVER["REQUEST_METHOD"] != "POST") {
error(S_UNJUST, $dest);
}
// Form content check
if (!$name || ereg("^[ | |]*\$", $name)) {
$name = "";
}
if (!$com || ereg("^[ | |\t]*\$", $com)) {
$com = "";
}
if (!$sub || ereg("^[ | |]*\$", $sub)) {
$sub = "";
}
if (!$resto && !$textonly && !is_file($dest)) {
error(S_NOPIC, $dest);
}
if (!$com && !is_file($dest)) {
error(S_NOTEXT, $dest);
}
$name = ereg_replace(S_MANAGEMENT, "\"" . S_MANAGEMENT . "\"", $name);
$name = ereg_replace(S_DELETION, "\"" . S_DELETION . "\"", $name);
if (strlen($com) > S_POSTLENGTH) {
error(S_TOOLONG, $dest);
}
if (strlen($name) > 100) {
error(S_TOOLONG, $dest);
}
if (strlen($email) > 100) {
error(S_TOOLONG, $dest);
}
if (strlen($sub) > 100) {
error(S_TOOLONG, $dest);
}
if (strlen($resto) > 10) {
error(S_UNUSUAL, $dest);
}
if (strlen($url) > 10) {
error(S_UNUSUAL, $dest);
}
//host check
$host = $_SERVER["REMOTE_ADDR"];
$badip = mysql_call("SELECT ip FROM " . SQLBANLOG . " WHERE ip = '{$host}' and banlength <> 0 ");
if ($moderator) {
$host = '###.###.###.###';
}
// Don't store mod/admin ips
$query = mysql_query("SELECT * FROM " . SQLLOG . " WHERE no=" . $resto);
$result = mysql_fetch_assoc($query);
if ($result["locked"] == '1') {
error(S_THREADLOCKED, $dest);
}
//Check if user IP is in bans table
if (mysql_num_rows($badip) == 0) {
// Not Banned
} else {
//NOW YOU F****D UP
error(S_BADHOST, $dest);
}
if (eregi("^mail", $host) || eregi("^ns", $host) || eregi("^dns", $host) || eregi("^ftp", $host) || eregi("^prox", $host) || eregi("^pc", $host) || eregi("^[^\\.]\\.[^\\.]\$", $host)) {
$pxck = "on";
}
if (eregi("ne\\.jp\$", $host) || eregi("ad\\.jp\$", $host) || eregi("bbtec\\.net\$", $host) || eregi("aol\\.com\$", $host) || eregi("uu\\.net\$", $host) || eregi("asahi-net\\.or\\.jp\$", $host) || eregi("rim\\.or\\.jp\$", $host)) {
$pxck = "off";
} else {
$pxck = "on";
}
if ($pxck == "on" && PROXY_CHECK) {
if (proxy_connect('80') == 1) {
error(S_PROXY80, $dest);
} elseif (proxy_connect('8080') == 1) {
error(S_PROXY8080, $dest);
}
}
// No, path, time, and url format
srand((double) microtime() * 1000000);
if ($pwd == "") {
if ($pwdc == "") {
$pwd = rand();
$pwd = substr($pwd, 0, 8);
} else {
$pwd = $pwdc;
}
}
$c_pass = $pwd;
$pass = $pwd ? substr(md5($pwd), 2, 8) : "*";
$youbi = array(S_SUN, S_MON, S_TUE, S_WED, S_THU, S_FRI, S_SAT);
$yd = $youbi[date("w", $time)];
if (SHOW_SECONDS == 1) {
$now = date("m/d/y", $time) . "(" . (string) $yd . ")" . date("H:i:s", $time);
} else {
$now = date("m/d/y", $time) . "(" . (string) $yd . ")" . date("H:i", $time);
}
if (DISP_ID) {
if ($email && DISP_ID == 1) {
$now .= " ID:???";
} else {
$now .= " ID:" . substr(crypt(md5($_SERVER["REMOTE_ADDR"] . 'id' . date("Ymd", $time)), 'id'), +3);
}
}
$c_name = $name;
$c_email = $email;
//Text plastic surgery (rorororor)
$email = CleanStr($email);
$email = ereg_replace("[\r\n]", "", $email);
$sub = CleanStr($sub);
$sub = ereg_replace("[\r\n]", "", $sub);
$url = CleanStr($url);
$url = ereg_replace("[\r\n]", "", $url);
$resto = CleanStr($resto);
$resto = ereg_replace("[\r\n]", "", $resto);
$com = CleanStr($com, 1);
if (SPOILERS == 1 && $spoiler) {
$sub = "SPOILER<>{$sub}";
}
// Standardize new character lines
$com = str_replace("\r\n", "\n", $com);
$com = str_replace("\r", "\n", $com);
//$com = preg_replace("/\A([0-9A-Za-z]{10})+\Z/", "!s8AAL8z!", $com);
// Continuous lines
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!$admin && substr_count($com, "\n") > MAX_LINES) {
error("Error: Too many lines.", $dest);
}
$com = nl2br($com);
//br is substituted before newline char
$com = str_replace("\n", "", $com);
//\n is erased
// Continuous lines
$com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
if (!$admin && substr_count($com, "\n") > MAX_LINES) {
error("Error: Too many lines.", $dest);
}
$name = ereg_replace("[\r\n]", "", $name);
$names = iconv("UTF-8", "CP932//IGNORE", $name);
// convert to Windows Japanese #kami
//start new tripcode crap
list($name) = explode("#", $name);
$name = CleanStr($name);
if (preg_match("/\\#+\$/", $names)) {
$names = preg_replace("/\\#+\$/", "", $names);
}
if (preg_match("/\\#/", $names)) {
$names = str_replace("&#", "&&", htmlspecialchars($names));
# otherwise HTML numeric entities screw up explode()!
list($nametemp, $trip, $sectrip) = str_replace("&&", "&#", explode("#", $names, 3));
$names = $nametemp;
$name .= "</span>";
if ($trip != "") {
if (FORTUNE_TRIP == 1 && $trip == "fortune") {
$fortunes = array("Bad Luck", "Average Luck", "Good Luck", "Excellent Luck", "Reply hazy, try again", "Godly Luck", "Very Bad Luck", "Outlook good", "Better not tell you now", "You will meet a dark handsome stranger", "キタ━━━━━━(゚∀゚)━━━━━━ !!!!", "( ´_ゝ`)フーン ", "Good news will come to you by mail", "Hope you're insured", "Great things await", "Don't leave the house today.");
$fortunenum = rand(0, sizeof($fortunes) - 1);
$fortcol = "#" . sprintf("%02x%02x%02x", 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes)), 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes) + 2 / 3 * M_PI), 127 + 127 * sin(2 * M_PI * $fortunenum / sizeof($fortunes) + 4 / 3 * M_PI));
$com = "<font color={$fortcol}><b>Your fortune: " . $fortunes[$fortunenum] . "</b></font><br /><br />" . $com;
$trip = "";
if ($sectrip == "") {
if ($name == "</span>" && $sectrip == "") {
$name = S_ANONAME;
} else {
$name = str_replace("</span>", "", $name);
}
}
} else {
if ($trip == "fortune") {
//remove fortune even if FORTUNE_TRIP is off
$trip = "";
if ($sectrip == "") {
if ($name == "</span>" && $sectrip == "") {
$name = S_ANONAME;
} else {
$name = str_replace("</span>", "", $name);
}
}
} else {
$salt = strtr(preg_replace("/[^\\.-z]/", ".", substr($trip . "H.", 1, 2)), ":;<=>?@[\\]^_`", "ABCDEFGabcdef");
$trip = substr(crypt($trip, $salt), -10);
$name .= " <span class=\"postertrip\">!" . $trip;
}
}
}
if ($sectrip != "") {
$salt = "LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOL";
#this is ONLY used if the host doesn't have openssl
#I don't know a better way to get random data
if (file_exists(SALTFILE)) {
#already generated a key
$salt = file_get_contents(SALTFILE);
} else {
system("openssl rand 448 > '" . SALTFILE . "'", $err);
if ($err === 0) {
chmod(SALTFILE, 0400);
$salt = file_get_contents(SALTFILE);
}
}
$sha = base64_encode(pack("H*", sha1($sectrip . $salt)));
$sha = substr($sha, 0, 11);
if ($trip == "") {
$name .= " <span class=\"postertrip\" text-color=#117743>";
}
$name .= "!!" . $sha;
}
}
if ($email == 'noko') {
$noko = 1;
$email = '';
} else {
if ($email == 'nokosage') {
$noko = 1;
$email = 'sage';
}
}
if ($moderator) {
if ($moderator == 1 && isset($_POST['showCap'])) {
$name = '<b><font color="770099">Anonymous ## Mod </font></b>';
}
if ($moderator == 2 && isset($_POST['showCap'])) {
$name = '<b><font color="FF101A">Anonymous ## Admin </font></b>';
}
if ($moderator == 3 && isset($_POST['showCap'])) {
$name = '<b><font color="2E2EFE">Anonymous ## Manager </font></b>';
}
}
if (!$name) {
$name = S_ANONAME;
}
if (!$com) {
$com = S_ANOTEXT;
}
if (!$sub) {
$sub = S_ANOTITLE;
}
if (FORCED_ANON == 1) {
$name = "</span>{$now}<span>";
$sub = '';
$now = '';
}
$com = wordwrap2($com, 100, "<br />");
$com = preg_replace("!(^|>)(>[^<]*)!", "\\1<font class=\"unkfunc\">\\2</font>", $com);
$is_sage = stripos($email, "sage") !== FALSE;
$may_flood = valid('floodbypass');
if (!$may_flood) {
if ($com) {
// Check for duplicate comments
$query = "select count(no)>0 from " . SQLLOG . " where com='" . mysql_real_escape_string($com) . "' " . "and host='" . mysql_real_escape_string($host) . "' " . "and time>" . ($time - RENZOKU_DUPE);
$result = mysql_call($query);
if (mysql_result($result, 0, 0)) {
error(S_RENZOKU, $dest);
}
mysql_free_result($result);
}
if (!$has_image) {
// Check for flood limit on replies
$query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0";
$result = mysql_call($query);
if (mysql_result($result, 0, 0)) {
error(S_RENZOKU, $dest);
}
mysql_free_result($result);
}
if ($is_sage) {
// Check flood limit on sage posts
$query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU_SAGE) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0 and permasage=1";
$result = mysql_call($query);
if (mysql_result($result, 0, 0)) {
error(S_RENZOKU, $dest);
}
mysql_free_result($result);
}
if (!$resto) {
// Check flood limit on new threads
$query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU3) . " " . "and host='" . mysql_real_escape_string($host) . "' and root>0";
//root>0 == non-sticky
$result = mysql_call($query);
if (mysql_result($result, 0, 0)) {
error(S_RENZOKU3, $dest);
}
mysql_free_result($result);
}
}
// Upload processing
if ($has_image) {
if (!$may_flood) {
$query = "select count(no)>0 from " . SQLLOG . " where time>" . ($time - RENZOKU2) . " " . "and host='" . mysql_real_escape_string($host) . "' and resto>0";
$result = mysql_call($query);
if (mysql_result($result, 0, 0)) {
error(S_RENZOKU2, $dest);
}
mysql_free_result($result);
}
//Duplicate image check
if (DUPE_CHECK) {
$result = mysql_call("select no,resto from " . SQLLOG . " where md5='{$md5}'");
if (mysql_num_rows($result)) {
list($dupeno, $duperesto) = mysql_fetch_row($result);
if (!$duperesto) {
$duperesto = $dupeno;
}
error('<a href="' . DATA_SERVER . BOARD_DIR . "/res/" . $duperesto . PHP_EXT . '#' . $dupeno . '">' . S_DUPE . '</a>', $dest);
}
mysql_free_result($result);
}
}
$rootqu = $resto ? "0" : "now()";
if ($stickied) {
$rootqu = '20270727070707';
}
//Bump processing
if ($resto) {
//sage or age action
$resline = mysql_call("select count(no) from " . SQLLOG . " where resto=" . $resto);
$countres = mysql_result($resline, 0, 0);
mysql_free_result($resline);
$resline = mysql_call("select sticky,permasage from " . SQLLOG . " where no=" . $resto);
list($sticky, $permasage) = mysql_fetch_row($resline);
mysql_free_result($resline);
if (stripos($email, 'sage') === FALSE && $countres < MAX_RES && $sticky != "1" && $permasage != "1" || $admin && $age && $sticky != "1") {
$query = "update " . SQLLOG . " set root=now() where no={$resto}";
//age
mysql_call($query);
}
}
//Main insert
$query = "insert into " . SQLLOG . " (now,name,email,sub,com,host,pwd,ext,w,h,tim,time,md5,fsize,fname,sticky,permasage,locked,root,resto) values (" . "'" . $now . "'," . "'" . mysql_real_escape_string($name) . "'," . "'" . mysql_real_escape_string($email) . "'," . "'" . mysql_real_escape_string($sub) . "'," . "'" . mysql_real_escape_string($com) . "'," . "'" . mysql_real_escape_string($host) . "'," . "'" . mysql_real_escape_string($pass) . "'," . "'" . $ext . "'," . (int) $W . "," . (int) $H . "," . "'" . $tim . "'," . (int) $time . "," . "'" . $md5 . "'," . (int) $fsize . "," . "'" . mysql_real_escape_string($upfile_name) . "'," . (int) $stickied . "," . (int) $permasage . "," . (int) $locked . "," . $rootqu . "," . (int) mysql_real_escape_string($resto) . ")";
if (!($result = mysql_call($query))) {
echo S_SQLFAIL;
}
//post registration
$cookie_domain = '.' . SITE_ROOT . '';
//Cookies
setrawcookie("" . SITE_ROOT . "_name", rawurlencode($c_name), time() + ($c_name ? 7 * 24 * 3600 : -3600), '/', $cookie_domain);
if ($c_email != "sage" && $c_email != "age") {
setcookie("" . SITE_ROOT . "_email", $c_email, time() + ($c_email ? 7 * 24 * 3600 : -3600), '/', $cookie_domain);
// 1 week cookie expiration
}
setcookie("" . SITE_ROOT . "_pass", $c_pass, time() + 7 * 24 * 3600, '/', $cookie_domain);
// 1 week cookie expiration
if (!$resto) {
prune_old();
}
// thumbnail
if ($has_image) {
rename($dest, $path . $tim . $ext);
if (USE_THUMB) {
$tn_name = thumb($path, $tim, $ext, $resto);
if (!$tn_name && $ext != ".pdf") {
error(S_UNUSUAL);
}
}
}
$static_rebuild = defined("STATIC_REBUILD") && STATIC_REBUILD == 1;
//Finding the last entry number
if (!($result = mysql_call("select max(no) from " . SQLLOG))) {
echo S_SQLFAIL;
}
$hacky = mysql_fetch_array($result);
$insertid = (int) $hacky[0];
mysql_free_result($result);
$deferred = false;
// update html
if ($resto) {
$deferred = updatelog($resto, $static_rebuild);
} else {
$deferred = updatelog($insertid, $static_rebuild);
}
if ($noko && !$resto) {
$redirect = DATA_SERVER . BOARD_DIR . "/res/" . $insertid . PHP_EXT;
} else {
if ($noko == 1) {
$redirect = DATA_SERVER . BOARD_DIR . "/res/" . $resto . PHP_EXT . '#' . $insertid;
} else {
$redirect = PHP_SELF2_ABS;
}
}
if ($deferred) {
echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"2;URL={$redirect}\"></head>";
echo "<body>{$mes} " . S_SCRCHANGE . "<br>Your post may not appear immediately.<!-- thread:{$resto},no:{$insertid} --></body></html>";
} else {
echo "<html><head><META HTTP-EQUIV=\"refresh\" content=\"1;URL={$redirect}\"></head>";
echo "<body>{$mes} " . S_SCRCHANGE . "<!-- thread:{$resto},no:{$insertid} --></body></html>";
}
}
