function ThornDBI($server = THdbserver, $user = THdbuser, $pass = THdbpass, $base = THdbbase) { if (isset($this->cxn) == false) { $this->cxn = mysql_connect($server, $user, $pass) or THdie("DBcxn"); mysql_select_db($base, $this->cxn) or THdie("DBsel"); } }
echo '<td style="text-align: right; width: 30%;"><a href="logviewer.php?log=' . $_GET['log'] . 'offset=' . $offsetfwd . '">>></a></td>'; } else { echo '<td class="righthalf">>></td>'; } echo '</tr></table>'; } echo '<div style="text-align: left;"><pre>'; if (sizeof($logentries[$chunk_to_use]) == 0) { echo "No log entries on record."; } else { // We could format this later. foreach ($logentries[$chunk_to_use] as $logentry) { echo $logentry; } } echo '</pre></div>'; } else { THdie("Log '" . $logname . " does not exist!"); } } ?> </div> </div> <?php include "menu.php"; ?> </body> </html>
<?php /* drydock imageboard script (http://code.573chan.org/) File: recentpics.php (aka ThornLight) Description: Show the most recent posted pictures for moderator use Unless otherwise stated, this code is copyright 2008 by the drydock developers and is released under the Artistic License 2.0: http://www.opensource.org/licenses/artistic-license-2.0.php */ require_once "config.php"; require_once "common.php"; if (!$_SESSION['admin'] && !$_SESSION['moderator']) { THdie("Sorry, you do not have the proper permissions set to be here, or you are not logged in."); } else { $db = new ThornToolsDBI(); // Init some stuff if (isset($_GET['board'])) { $board_folder = trim($_GET['board']); //trim the board name from get } else { $board_folder = ""; } $boardid = 0; $boardlink = ""; $offset = 0; $offsetback = 0; $offsetfwd = 0; $count = 0;
// Imglookup is the only one that actually uses a redirect, the rest uses the adminlookup template // Init some things that MIGHT get set later if we're doing an IP lookup $single_ip = ""; $posthistory = array(); $banhistory = array(); $banselect = array(); $reports = array(); $boards = array(); // Perform some IP lookup things if requested if (isset($_GET['action']) && $_GET['action'] == "iplookup") { $single_ip = trim($_GET['ip']); if ($single_ip != "") { $longip = ip2long($single_ip); // Make sure it's valid if ($longip === false) { THdie("Invalid IP of '" . $single_ip . "' provided."); } // Get recent reports $reports = $db->recentreportsfromip($longip); // Get ban history $banhistory = $db->getiphistory($longip); // Get current ban information, if any $banselect = $db->getban($longip, false); // don't clear bans (hence the 2nd parameter) // Get recent posts $posthistory = $db->recentpostsfromip($longip); // Set images for each post foreach ($posthistory as $post) { $post['images'] = $db->getimgs($post['imgidx']); } // Get the boards array to show folders
function putpost($name, $tpass, $link, $boardnumber, $thread, $body, $ip, $mod, $password = "", $tyme = false) { $q = "INSERT INTO " . THreplies_table . " (thread,board,body"; $v = " ) VALUES (" . $thread . ",'" . $boardnumber . "','"; $v .= $this->escape_string($body); $bump = preg_match("/^(mailto:)?sage\$/", $link); // sage check //FIX THE REST OF THIS QUERY $glob = $this->getglobalid($boardnumber); $q .= ",ip,bump,globalid"; $v .= "'," . $ip . "," . (int) $bump . "," . $glob; if ($name != null) { $q .= ", name"; $v .= ",'" . $this->escape_string($name) . "'"; } if ($tpass != null) { $q .= ", trip"; $v .= ",'" . $tpass . "'"; } if ($link != null) { if (!preg_match("/^(http:|https:|ftp:|mailto:|aim:)/", $link)) { $link = "mailto:" . $link; } $q .= ", link"; $v .= ",'" . $this->escape_string($link) . "'"; } if ($tyme === false) { $tyme = time() + THtimeoffset * 60; } //echo($q); if ($password != "") { $q .= ", password"; $v .= ",'" . $this->escape_string(md5(THsecret_salt . $password)) . "'"; } $visible = 1; $v .= "," . $tyme . "," . $visible . ");"; $q .= ", time, visible"; //die($q.$v); $this->myquery($q . $v) or THdie("DBpost"); //if ($board == THnewsboard) { buildnews(); } $pnum = sqlite_last_insert_rowid(THdblitefn); //help if (!$bump) { $this->myquery("update " . THthreads_table . " set bump=" . $tyme . " where id=" . $thread . " and permasage = 0"); } $this->myquery("update " . THboards_table . " set lasttime=" . $tyme . " where id='" . $boardnumber . "'") or THdie("DBpost"); smclearcache($boardnumber, -1, -1); // clear cache for the board smclearcache($boardnumber, -1, $thread); // and for the thread return $pnum; }
} $sm = sminit("popup.tpl"); $sm->assign("text", $message); $sm->assign("timeout", 5); // 5s $sm->assign("title", "Moderation action"); $sm->display("popup.tpl"); die; } elseif ($_GET['quicker'] == 1) { // First check if we even have the params we need if (!isset($_GET['board']) || !isset($_GET['post'])) { $message = "No post and/or board parameter, nothing to do!"; } else { $db = new ThornModDBI(); if ($db->checkban()) { THdie("ADbanned"); } // Get the board name. $board_folder = trim($_GET['board']); // Check for local mod access or global mod/admin access. if (is_in_csl($board_folder, $_SESSION['mod_array']) != 1 && $_SESSION['admin'] != 1 && $_SESSION['mod_global'] != 1) { $message = "You are not permitted to moderate posts on this board"; } else { // Set some stuff up. $board_id = $db->getboardnumber($board_folder); // Make sure we retrieved a valid board folder if ($board_folder == null) { $message = "That board does not exist!"; } else { $postid = intval($_GET['post']); // SQL injection protection :]
/** * Check if the current session has administrator status * * @return bool Is the user an admin? */ function checkadmin() { if ($_SESSION['admin'] != true) { THdie("You are not logged in as an administrator!"); } }
$threadtpl = "thread.tpl"; //oh boy let's split it up more // Caching ID format: t<board>-<thread global id>-<template> $cid = "t" . $boardid . "-" . (int) $_GET['i'] . "-" . $template; $modvar = is_in_csl($boardid, $_SESSION['mod_array']); // individual board moderator $sm = sminit($threadtpl, $cid, $template, false, $modvar); $sm->assign('modvar', $modvar); $sm->assign('boardmode', $boardmode); $sm->assign('template', $template); //here we go with a bunch of retarded variables that later we can turn into an array $sm->assign('username', $_SESSION['username']); //Are we using reCAPTCHA? if (THvc == 1) { require_once 'recaptchalib.php'; $sm->assign('reCAPTCHAPublic', reCAPTCHAPublic); } $sm->assign('comingfrom', "thread"); //OOPS! This will let us pull the thread we WANT not the thread we ASKED FOR. -tyam $db = new ThornThreadDBI(intval($_GET['i']), $boardid); // The constructor initializes the $head member to be the assoc-array from the corresponding // entry in the threads table, so if it's null that means that it wasn't found in the DB. if ($db->head == null) { THdie("Sorry, this thread does not exist."); } $sm->register_object("it", $db, array("getreplies", "getsthreads", "getindex", "binfo", "head", "blotterentries")); //$sm->display($threadtpl,$cid); $sm->display($threadtpl, $cid); // display extra mod stuff if they have access if ($_SESSION['admin'] == 1 || $_SESSION['moderator'] == 1 || $modvar) { $sm->assign('modvar', 1);
function ThornDBI() { if (isset($this->cxn) == false) { $this->cxn = THdblitefn or THdie($sqliteerror); } }
smclearcache($board_id, -1, $threadid); // clear the associated cache for this thread smclearcache($board_id, -1, -1); // clear the associated cache for the original board smclearcache($destboard, -1, -1); // clear the associated cache for the target board // Write to the log $actionstring = "Move thread\t(t:" . $thread . ",ob:" . $postarray['board'] . ") => (tid:" . $newthreadspot . ",b:" . $destboard . ")"; writelog($actionstring, "moderator"); if (THuserewrite) { THdie('Thread moved.<br /><a href="' . THurl . $destboard_name . '/thread/' . $newthreadspot . '">Return to thread</a>'); } else { THdie('Thread moved.<br /><a href="' . THurl . 'drydock.php?b=' . $destboard_name . '&i=' . $newthreadspot . '">Return to thread</a>'); } } else { THdie("Invalid move thread attempt!"); } } // Some stuff might have changed after all that, so let's refetch the data $postarray = $db->getsinglepost($postid, $board_id); $postarray['images'] = $db->getimgs($postarray['imgidx']); // Get the boards array, to possibly show a list for moving $boards = array(); $boards = $db->getboard(); // No parameters means everything gets fetched $sm = sminit("adminedit.tpl", null, "_admin", true); // Admin mode means NO caching. (and we provided a null id anyway) // $sm->debugging = true; // debug for now // $sm->debug_tpl = THpath."_Smarty/debug.tpl"; // These can be pretty big, so we're going to assign by reference. $sm->assign_by_ref("boards", $boards);
/** * Rebuild the config file, and update options based on the incoming * array, which contains various parameters * * @param array $configpost An array of values whose new values will * take effect in the new config file */ function rebuild_config($configpost) { $config = fopen(THpath . "config.php", 'w'); fwrite($config, '<?php' . "\n"); //Stuff that doesn't change fwrite($config, 'define("ddversion","' . THversion . '");' . "\n"); //we can check against this later, in the upgrade script fwrite($config, 'define("THpath","' . THpath . '");' . "\n"); fwrite($config, 'define("THurl","' . THurl . '");' . "\n"); fwrite($config, 'define("THcookieid","' . THcookieid . '");' . "\n"); //cookie seed. fwrite($config, 'define("THsecret_salt","' . THsecret_salt . '");' . "\n"); //Database stuff that doesn't change fwrite($config, 'define("THdbserver","' . THdbserver . '");' . "\n"); fwrite($config, 'define("THdbuser","' . THdbuser . '");' . "\n"); fwrite($config, 'define("THdbpass","' . THdbpass . '");' . "\n"); fwrite($config, 'define("THdbbase","' . THdbbase . '");' . "\n"); fwrite($config, 'define("THdbtype","' . THdbtype . '");' . "\n"); fwrite($config, 'define("THdbprefix","' . THdbprefix . '");' . "\n"); //tables fwrite($config, 'define("THbans_table","' . THbans_table . '");' . "\n"); fwrite($config, 'define("THbanhistory_table","' . THbanhistory_table . '");' . "\n"); fwrite($config, 'define("THblotter_table","' . THblotter_table . '");' . "\n"); fwrite($config, 'define("THboards_table","' . THboards_table . '");' . "\n"); fwrite($config, 'define("THcapcodes_table","' . THcapcodes_table . '");' . "\n"); fwrite($config, 'define("THextrainfo_table","' . THextrainfo_table . '");' . "\n"); fwrite($config, 'define("THfilters_table","' . THfilters_table . '");' . "\n"); fwrite($config, 'define("THimages_table","' . THimages_table . '");' . "\n"); fwrite($config, 'define("THpages_table","' . THpages_table . '");' . "\n"); fwrite($config, 'define("THreplies_table","' . THreplies_table . '");' . "\n"); fwrite($config, 'define("THreports_table","' . THreports_table . '");' . "\n"); fwrite($config, 'define("THthreads_table","' . THthreads_table . '");' . "\n"); fwrite($config, 'define("THusers_table","' . THusers_table . '");' . "\n"); fwrite($config, "\n"); //Stuff that might have changed $ppp = (int) abs($configpost['THjpegqual']); if ($ppp > 100) { $ppp = 100; } //yeah, let's upsample the jpegs >:[ fwrite($config, 'define("THjpegqual",' . $ppp . ');' . "\n"); if (!isset($configpost['THdupecheck'])) { $configpost['THdupecheck'] = NULL; } fprintf($config, "define(\"THdupecheck\", %d);\n", $configpost['THdupecheck'] == "on"); fwrite($config, "\n"); //Template settings if (!isset($configpost['THuserewrite'])) { $configpost['THuserewrite'] = NULL; } fprintf($config, "define(\"THuserewrite\", %d);\n", $configpost['THuserewrite'] == "on"); //Default template set $newtplset = str_replace('"', "", $configpost['THtplset']); fwrite($config, 'define("THtplset","' . $newtplset . '");' . "\n"); if (!isset($configpost['THtpltest'])) { $configpost['THtpltest'] = NULL; } fprintf($config, "define(\"THtpltest\", %d);\n", $configpost['THtpltest'] == "on"); // I think this code is for when we were restricted to only one template set for the boards. // Ah, the bad old days. //if ($tpltest || $newtplset!=THtplset) //{ //Frag cache for template testing mode and if template set was changed //$sm->clear_all_cache(); //$sm->clear_compiled_tpl(); //} //We need to handle this differently now. If they turn on reCAPTCHA without the lib, the pages just won't load and won't produce an error. So let's fix that by causing an error. if ((int) $configpost['THvc'] == 1 && !file_exists($path . "recaptchalib.php")) { fwrite($config, 'define("THvc",' . THvc . ');' . "\n"); //NO CHANGE ALLOWED! $recaptchaerror = "You need to get recaptchalib.php from <a href='http://google.com/recaptcha/'>Google</a>!<br />" . "All settings were saved except anti-spam.<br /><br />" . '<a href="' . $path . 'admin.php?a=g">continue</a>'; } else { //Allow the change... unless the keys aren't set! if ($configpost['reCAPTCHAPublic'] == NULL || $configpost['reCAPTCHAPrivate'] == NULL) { fwrite($config, 'define("reCAPTCHAPublic","' . reCAPTCHAPublic . '");' . "\n"); fwrite($config, 'define("reCAPTCHAPrivate","' . reCAPTCHAPrivate . '");' . "\n"); $recaptchaerror = "reCAPTCHA keys must be set to use it. You can get keys from <a href='http://google.com/recaptcha/'>Google</a>!<br />" . "All settings were saved except anti-spam.<br /><br />" . '<a href="' . $path . 'admin.php?a=g">continue</a>'; } else { //Sounds good, chief. fwrite($config, 'define("THvc",' . (int) $configpost['THvc'] . ');' . "\n"); fwrite($config, 'define("reCAPTCHAPublic","' . $configpost['reCAPTCHAPublic'] . '");' . "\n"); fwrite($config, 'define("reCAPTCHAPrivate","' . $configpost['reCAPTCHAPrivate'] . '");' . "\n"); } } fwrite($config, "\n"); //Time settings fwrite($config, 'define("THtimeoffset",' . (int) $configpost['THtimeoffset'] . ');' . "\n"); fwrite($config, 'define("THdatetimestring","' . str_replace('"', "", $configpost['THdatetimestring']) . '");' . "\n"); fwrite($config, "\n"); //Site settings fwrite($config, 'define("THname","' . str_replace('"', "", $configpost['THname']) . '");' . "\n"); fwrite($config, 'define("THnewsboard",' . (int) $configpost['THnewsboard'] . ');' . "\n"); fwrite($config, 'define("THmodboard",' . (int) $configpost['THmodboard'] . ');' . "\n"); fwrite($config, 'define("THdefaulttext","' . str_replace('"', "", $configpost['THdefaulttext']) . '");' . "\n"); fwrite($config, 'define("THdefaultname","' . str_replace('"', "", $configpost['THdefaultname']) . '");' . "\n"); fwrite($config, "\n"); //Utility settings fwrite($config, 'define("THpearpath","' . str_replace('"', "", $configpost['THpearpath']) . '");' . "\n"); if (!isset($configpost['THuseSVG'])) { $configpost['THuseSVG'] = NULL; } fprintf($config, "define(\"THuseSVG\", %d);\n", $configpost['THuseSVG'] == "on"); fwrite($config, 'define("THSVGthumbnailer",' . (int) $configpost['THSVGthumbnailer'] . ');' . "\n"); if (!isset($configpost['THusePDF'])) { $configpost['THusePDF'] = NULL; } fprintf($config, "define(\"THusePDF\", %d);\n", $configpost['THusePDF'] == "on"); if (!isset($configpost['THuseSWFmeta'])) { $configpost['THuseSWFmeta'] = NULL; } fprintf($config, "define(\"THuseSWFmeta\", %d);\n", $configpost['THuseSWFmeta'] == "on"); if (!isset($configpost['THusecURL'])) { $configpost['THusecURL'] = NULL; } fprintf($config, "define(\"THusecURL\", %d);\n", $configpost['THusecURL'] == "on"); if (!isset($configpost['DDDEBUG'])) { $configpost['DDDEBUG'] = NULL; } fprintf($config, "define(\"DDDEBUG\", %d);\n", $configpost['DDDEBUG'] == "on"); fwrite($config, "\n"); //Profile settings fwrite($config, 'define("THprofile_adminlevel",' . THprofile_adminlevel . ');' . "\n"); //should not need to be changed fwrite($config, 'define("THprofile_userlevel",' . THprofile_userlevel . ');' . "\n"); //ditto fwrite($config, 'define("THprofile_emailname","' . $configpost['THprofile_emailname'] . '");' . "\n"); fwrite($config, 'define("THprofile_emailaddr","' . $configpost['THprofile_emailaddr'] . '");' . "\n"); fwrite($config, 'define("THprofile_regpolicy",' . (int) $configpost['THprofile_regpolicy'] . ');' . "\n"); //1=manual, !=1 = auto approve fwrite($config, 'define("THprofile_viewuserpolicy",' . (int) $configpost['THprofile_viewuserpolicy'] . ');' . "\n"); //1=logged in only, 2=anyone, 0=mods only fwrite($config, 'define("THprofile_cookietime",' . (int) $configpost['THprofile_cookietime'] * 3600 . ');' . "\n"); fwrite($config, 'define("THprofile_cookiepath","' . $configpost['THprofile_cookiepath'] . '");' . "\n"); //should be "/" probably if (!isset($configpost['THprofile_emailwelcome'])) { $configpost['THprofile_emailwelcome'] = NULL; } fprintf($config, "define(\"THprofile_emailwelcome\", %d);\n", $configpost['THprofile_emailwelcome'] == "on"); //1=send if (!isset($configpost['THprofile_lcnames'])) { $configpost['THprofile_lcnames'] = NULL; } fprintf($config, "define(\"THprofile_lcnames\", %d);\n", $configpost['THprofile_lcnames'] == "on"); //1 = names are converted to lowercase fwrite($config, 'define("THprofile_maxpicsize",' . $configpost['THprofile_maxpicsize'] . ');' . "\n"); //in bytes fwrite($config, '?>'); //some editors break colors here so <? fclose($config); //file's closed, fwrites, etc //Let's take care of that error. if ($recaptchaerror) { THdie($recaptchaerror); } }
THdie("POnonewth"); } //File checking and processing here, I suppose. $filemessages = array(); // Array of strings regarding "bad" files $goodfiles = checkfiles($binfo, $filemessages); //echo(count($goodfiles)); if ($binfo['tpix'] == 0 && count($goodfiles) > 0 && $mod == false) { THdie("POthnopix"); } if ($binfo['tpix'] == 2 && count($goodfiles) == 0 && $mod == false) { THdie("POthmustpix"); } if (count($goodfiles) == 0 && !$_POST['body'] && $mod == false) { //oops, tyam moment THdie("You must post images or leave a comment."); } $pin = (int) ($_POST['pin'] == "on" && $mod); $lock = (int) ($_POST['lock'] == "on" && $mod); $permasage = (int) ($_POST['permasage'] == "on" && $mod); $usethese = preptrip($_POST['nombre']); if (preg_match("/^(mailto:)?noko\$/", $_POST['link'])) { //hide noko $datlink = ""; } else { $datlink = $_POST['link']; } $tnum = $db->putthread($usethese['nombre'], $usethese['trip'], $binfo['id'], $_POST['subj'], $_POST['body'], $datlink, ip2long($_SERVER['REMOTE_ADDR']), $mod, $pin, $lock, $permasage, $_POST['password']); movefiles($goodfiles, $tnum, true, $binfo, $db); $sm = smsimple(); $sm->clear_cache(null, $board);
function putpost($name, $tpass, $link, $boardnumber, $thread, $body, $ip, $mod, $password = "", $tyme = false) { $q = "insert into " . THreplies_table . " set thread=" . $thread . ", board=" . $boardnumber . ", body='"; if ($boardnumber == THmodboard) { $q .= $this->escape_string($body); } else { $q .= $this->clean($body); } $bump = preg_match("/^(mailto:)?sage\$/", $link); // sage check $q .= "', ip=" . $ip . ", bump=" . (int) $bump; $globalid = $this->getglobalid($boardnumber); $q .= ", globalid=" . $globalid; if ($name != null) { $q .= ", name='" . $this->clean($name) . "'"; } if ($tpass != null) { $q .= ", trip='" . $tpass . "'"; } $bump = preg_match("/^(mailto:)?sage\$/", $link); if ($link != null) { if (!preg_match("/^(http:|https:|ftp:|mailto:|aim:)/", $link)) { $link = "mailto:" . $link; } $q .= ", link='" . $this->clean($link) . "'"; } if ($tyme === false) { $tyme = time() + THtimeoffset * 60; } if ($password != "") { $q .= ", password='******'"; } //echo($q); $this->myquery($q . ", time=" . $tyme) or THdie("DBpost"); //if ($board == THnewsboard) { buildnews(); } $pnum = mysql_insert_id(); if (!$bump) { $this->myquery("update " . THthreads_table . " set bump=" . $tyme . " where id=" . $thread . " and permasage = 0"); } $this->myquery("update " . THboards_table . " set lasttime=" . $tyme . " where id='" . $boardnumber . "'") or THdie("DBpost"); smclearcache($boardnumber, -1, -1); // clear cache for the board smclearcache($boardnumber, -1, $thread); // and for the thread return $pnum; }
// Don't bother checking if the id actually // refers to something that exists - the way our SQL // queries work, it won't make a difference because in // that case there will be nothing matching the "WHERE ID=___" // clause. // Clean up the incoming parameters $id = intval($_POST['id']); $name = trim($_POST['name']); $title = trim($_POST['title']); $content = $_POST['content']; $publish = intval($_POST['publish']); // Check name/title aren't empty if ($name == "" || $title == "") { THdie("Invalid name and/or title parameter provided."); } // Now we check if it exists (we check with ID because we don't // want to match the current page we're editing) if ($db->checkstaticpagename($name, $id) == true) { THdie("Another static page already has name '" . $name . "'."); } // Check publish parameter if ($publish < 0 || $publish > 3) { THdie("Invalid publish option specified!"); } // Everything checked out, so let's clear the cache and update // the info smclearpagecache($id); $db->editstaticpage($id, $name, $title, $content, $publish); // Redirect! header("Location: " . THurl . "admin.php?a=spe&id=" . $id); }