function nel_settings_control($dataforce, $authorize, $dbh)
{
$mode = $dataforce['mode_action'];
if (!$authorize->get_user_perm($_SESSION['username'], 'perm_config')) {
nel_derp(102, array('origin' => 'ADMIN'));
}
require_once INCLUDE_PATH . 'output/admin-panel-generation.php';
$update = FALSE;
if ($mode === 'update') {
// Apply settings from admin panel
$dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting=""');
while ($item = each($_POST)) {
if ($item[0] !== 'mode' && $item[0] !== 'username' && $item[0] !== 'super_sekrit') {
if ($item[0] === 'jpeg_quality' && $item[1] > 100) {
$item[0] = 100;
}
if ($item[0] === 'page_limit') {
$dataforce['max_pages'] = (int) $item[1];
}
$dbh->query('UPDATE ' . CONFIGTABLE . ' SET setting="' . $item[1] . '" WHERE config_name="' . $item[0] . '"');
}
}
nel_cache_rules($dbh);
nel_cache_settings($dbh);
nel_regen($dataforce, NULL, 'full', FALSE, $dbh);
}
nel_render_admin_panel($dataforce, $dbh);
}
function nel_thread_panel($dataforce, $authorize, $plugins, $dbh)
{
$mode = $dataforce['mode_action'];
if (!$authorize->get_user_perm($_SESSION['username'], 'perm_thread_panel')) {
nel_derp(103, array('origin' => 'ADMIN'));
}
require_once INCLUDE_PATH . 'output/thread-panel-generation.php';
if (isset($dataforce['expand_thread'])) {
$expand = TRUE;
} else {
$expand = FALSE;
}
if ($mode === 'update') {
$updates = nel_thread_updates($dataforce, $plugins, $dbh);
nel_regen($dataforce, $updates, 'thread', FALSE, $dbh);
nel_regen($dataforce, NULL, 'main', FALSE, $dbh);
}
nel_render_thread_panel($dataforce, $expand, $dbh);
}
function nel_unsticky_thread($dataforce, $sub, $dbh)
{
$id = $sub[1];
$dbh->query('UPDATE ' . POSTTABLE . ' SET sticky=0 WHERE post_number=' . $id . '');
nel_update_archive_status($dataforce, $dbh);
if (!empty($_SESSION)) {
$temp = $_SESSION['ignore_login'];
$_SESSION['ignore_login'] = TRUE;
}
if (!file_exists(PAGE_PATH . $id . '/' . $id . '.html')) {
$dataforce['response_id'] = $id;
nel_regen($dataforce, $dataforce['response_id'], 'thread', FALSE, $dbh);
}
cache_post_links();
$dataforce['archive_update'] = TRUE;
nel_regen($dataforce, NULL, 'main', FALSE, $dbh);
if (!empty($_SESSION)) {
$_SESSION['ignore_login'] = $temp;
}
}
function nel_process_new_post($dataforce, $plugins, $dbh)
{
global $enabled_types, $fgsfds, $plugins;
$new_thread_dir = '';
// Get time
$time = get_millisecond_time();
$reply_delay = $time - BS_REPLY_DELAY * 1000;
// Check if post is ok
$post_count = nel_is_post_ok($dataforce, $time, $dbh);
// Process FGSFDS
if (!is_null($dataforce['fgsfds'])) {
if (utf8_strripos($dataforce['fgsfds'], 'noko') !== FALSE) {
$fgsfds['noko'] = TRUE;
}
if (utf8_strripos($dataforce['fgsfds'], 'sage') !== FALSE) {
$fgsfds['sage'] = TRUE;
}
$fgsfds = $plugins->plugin_hook('fgsfds_field', FALSE, array($fgsfds));
}
// Start collecting file info
$files = nel_process_file_info();
$there_is_no_spoon = TRUE;
$poster_info = array('name' => $dataforce['name'], 'email' => $dataforce['email'], 'subject' => $dataforce['subject'], 'comment' => $dataforce['comment'], 'tripcode' => '', 'secure_tripcode' => '');
if (!empty($files)) {
$files_count = count($files);
$there_is_no_spoon = FALSE;
} else {
$files = array();
$files_count = 0;
if (!$poster_info['comment']) {
nel_derp(10, array('origin' => 'POST'));
}
if (BS1_REQUIRE_IMAGE_ALWAYS) {
nel_derp(8, array('origin' => 'POST'));
}
if (BS1_REQUIRE_IMAGE_START && $dataforce['response_to'] === 0) {
nel_derp(9, array('origin' => 'POST'));
}
}
// Cancer-fighting tools and lulz
if (utf8_strlen($poster_info['comment']) > BS_MAX_COMMENT_LENGTH || utf8_strlen($poster_info['name']) > BS_MAX_NAME_LENGTH || utf8_strlen($poster_info['email']) > BS_MAX_EMAIL_LENGTH || utf8_strlen($poster_info['subject']) > BS_MAX_SUBJECT_LENGTH || utf8_strlen($dataforce['file_source']) > BS_MAX_SOURCE_LENGTH || utf8_strlen($dataforce['file_license']) > BS_MAX_LICENSE_LENGTH) {
nel_derp(11, array('origin' => 'POST'));
}
if (isset($dataforce['pass'])) {
$cpass = $dataforce['pass'];
$hashed_pass = nel_hash($dataforce['pass'], $plugins);
$dataforce['pass'] = utf8_substr($hashed_pass, 0, 16);
} else {
$cpass = utf8_substr(rand(), 0, 8);
}
nel_banned_text($poster_info['comment'], $files);
// Name and tripcodes
$modpostc = 0;
$cookie_name = $poster_info['name'];
if ($poster_info['name'] !== '' && !BS1_FORCE_ANONYMOUS) {
nel_banned_name($poster_info['name'], $files);
$faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_MODPOST'));
if ($faggotry) {
$poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT');
}
$faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_ADMINPOST'));
if ($faggotry) {
$poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT');
}
$faggotry = utf8_strpos($poster_info['name'], nel_stext('THREAD_JANPOST'));
if ($faggotry) {
$poster_info['name'] = nel_stext('FAKE_STAFF_ATTEMPT');
}
preg_match('/^([^#]*)(#(?!#))?([^#]*)(##)?(.*)$/', $poster_info['name'], $name_pieces);
$poster_info['name'] = $name_pieces[1];
if ($name_pieces[5] !== '') {
if ($name_pieces[5] === $_SESSION['settings']['staff_trip']) {
if ($_SESSION['perms']['perm_post']) {
if ($_SESSION['settings']['staff_type'] === 'admin') {
$modpostc = 3;
} else {
if ($_SESSION['settings']['staff_type'] === 'moderator') {
$modpostc = 2;
} else {
if ($_SESSION['settings']['staff_type'] === 'janitor') {
$modpostc = 1;
}
}
}
}
if ($_SESSION['perms']['perm_sticky'] && utf8_strripos($dataforce['fgsfds'], 'sticky') !== FALSE) {
$fgsfds['sticky'] = TRUE;
}
if ($modpostc > 0) {
break;
}
}
}
if ($name_pieces[3] !== '' && BS1_ALLOW_TRIPKEYS) {
$cap = utf8_strtr($name_pieces[3], '&', '&');
$cap = utf8_strtr($cap, ',', ',');
$salt = utf8_substr($cap . 'H.', 1, 2);
$salt = preg_replace('#[^\\.-z]#', '.#', $salt);
$salt = utf8_strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
$poster_info['tripcode'] = utf8_substr(crypt($cap, $salt), -10);
}
$poster_info = $plugins->plugin_hook('tripcode-processing', TRUE, array($poster_info, $name_pieces));
if ($name_pieces[5] !== '' || $modpostc > 0) {
$trip = nel_hash($name_pieces[5], $plugins);
$poster_info['secure_tripcode'] = utf8_substr(crypt($trip, '42'), -12);
}
$poster_info = $plugins->plugin_hook('secure-tripcode-processing', TRUE, array($poster_info, $name_pieces, $modpostc));
if ($name_pieces[1] === '' || !empty($_SESSION) && $_SESSION['perms']['perm_post_anon']) {
$poster_info['name'] = nel_stext('THREAD_NONAME');
$poster_info['email'] = '';
}
} else {
$poster_info['name'] = nel_stext('THREAD_NONAME');
$poster_info['email'] = '';
}
// Cookies OM NOM NOM NOM
setcookie('pwd-' . CONF_BOARD_DIR, $cpass, time() + 30 * 24 * 3600, '/');
// 1 month cookie expiration
setcookie('name-' . CONF_BOARD_DIR, $cookie_name, time() + 30 * 24 * 3600, '/');
// 1 month cookie expiration
$poster_info = $plugins->plugin_hook('after-post-info-processing', TRUE, array($poster_info));
$i = 0;
while ($i < $files_count) {
if (file_exists($files[$i]['dest'])) {
$files[$i]['md5'] = md5_file($files[$i]['dest']);
nel_banned_md5($files[$i]['md5'], $files[$i]);
$prepared = $dbh->prepare('SELECT post_ref FROM ' . FILETABLE . ' WHERE md5=:md5 LIMIT 1');
$prepared->bindParam(':md5', $files[$i]['md5'], PDO::PARAM_STR);
if ($prepared->execute()) {
$post_ref = $prepared->fetchColumn();
unset($prepared);
if ($dataforce['response_to'] === 0) {
$prepared = $dbh->prepare('SELECT COUNT(*) FROM ' . POSTTABLE . ' WHERE post_number=:postref AND response_to=0');
$prepared->bindParam(':postref', $post_ref, PDO::PARAM_INT);
} else {
$prepared = $dbh->prepare('SELECT COUNT(*) FROM ' . POSTTABLE . ' WHERE post_number=:postref AND response_to=:respto');
$prepared->bindParam(':postref', $post_ref, PDO::PARAM_INT);
$prepared->bindParam(':respto', $dataforce['response_to'], PDO::PARAM_INT);
}
if ($prepared->execute()) {
$same_thread = $prepared->fetchColumn();
if ($same_thread > 0) {
nel_derp(12, array('origin' => 'POST', 'bad-filename' => $files[i]['basic_filename'] . $files[i]['ext'], 'files' => $files));
}
}
unset($prepared);
}
}
++$i;
}
//
// Go ahead and put post into database
//
$prepared = $dbh->prepare('INSERT INTO ' . POSTTABLE . '
(name, tripcode, secure_tripcode, email, subject, comment, host, password, post_time, last_update, response_to, last_response, post_count, sticky, mod_post, mod_comment, archive_status, locked) VALUES
(:name, :tripcode, :secure_tripcode, :email, :subject, :comment, :host, :password, :time, :last_update, :respto, 0, 1, :sticky, :modpost, :mcomment, 0, 0)');
$prepared->bindValue(':name', $poster_info['name'], PDO::PARAM_STR);
if ($poster_info['tripcode'] === '') {
$prepared->bindValue(':tripcode', NULL, PDO::PARAM_NULL);
} else {
$prepared->bindValue(':tripcode', $poster_info['tripcode'], PDO::PARAM_STR);
}
if ($poster_info['secure_tripcode'] === '') {
$prepared->bindValue(':secure_tripcode', NULL, PDO::PARAM_NULL);
} else {
$prepared->bindValue(':secure_tripcode', $poster_info['secure_tripcode'], PDO::PARAM_STR);
}
$prepared->bindValue(':email', $poster_info['email'], PDO::PARAM_STR);
$prepared->bindValue(':subject', $poster_info['subject'], PDO::PARAM_STR);
$prepared->bindValue(':comment', $poster_info['comment'], PDO::PARAM_STR);
$prepared->bindValue(':host', @inet_pton($_SERVER["REMOTE_ADDR"]), PDO::PARAM_STR);
$prepared->bindValue(':password', $dataforce['pass'], PDO::PARAM_STR);
$prepared->bindValue(':time', $time, PDO::PARAM_STR);
$prepared->bindValue(':last_update', $time, PDO::PARAM_STR);
$prepared->bindValue(':respto', $dataforce['response_to'], PDO::PARAM_INT);
if ($fgsfds['sticky']) {
$prepared->bindValue(':sticky', 1, PDO::PARAM_INT);
} else {
$prepared->bindValue(':sticky', 0, PDO::PARAM_INT);
}
$prepared->bindValue(':modpost', $modpostc, PDO::PARAM_INT);
$prepared->bindValue(':mcomment', NULL, PDO::PARAM_NULL);
$prepared->execute();
unset($prepared);
$result = $dbh->query('SELECT post_number FROM ' . POSTTABLE . ' WHERE post_time=' . $time . ' AND response_to=' . $dataforce['response_to'] . '');
$row = $result->fetch();
$post_number = $row[0];
unset($result);
if ($dataforce['response_to'] === 0) {
$fgsfds['noko_topic'] = $post_number;
$new_thread_dir = $post_number;
nel_create_thread_directories($new_thread_dir);
} else {
$fgsfds['noko_topic'] = $dataforce['response_to'];
$new_thread_dir = $dataforce['response_to'];
}
$srcpath = SRC_PATH . $new_thread_dir . '/';
$thumbpath = THUMB_PATH . $new_thread_dir . '/';
//
// Make thumbnails and do final file processing
//
$i = 0;
while ($i < $files_count) {
$files[$i]['im_x'] = 0;
$files[$i]['im_y'] = 0;
$files[$i]['pre_x'] = 0;
$files[$i]['pre_y'] = 0;
if ($files[$i]['subtype'] === 'SWF' || $files[$i]['supertype'] === 'GRAPHICS' && !BS1_USE_MAGICK) {
$dim = getimagesize($files[$i]['dest']);
$files[$i]['im_x'] = $dim[0];
$files[$i]['im_y'] = $dim[1];
$ratio = min(BS_MAX_HEIGHT / $files[$i]['im_y'], BS_MAX_WIDTH / $files[$i]['im_x']);
$files[$i]['pre_x'] = $files[$i]['im_x'] > BS_MAX_WIDTH ? intval($ratio * $files[$i]['im_x']) : $files[$i]['im_x'];
$files[$i]['pre_y'] = $files[$i]['im_y'] > BS_MAX_HEIGHT ? intval($ratio * $files[$i]['im_y']) : $files[$i]['im_y'];
}
if (BS1_USE_THUMB && $files[$i]['supertype'] === 'GRAPHICS') {
exec("convert -version", $out, $rescode);
if ($rescode === 0 && BS1_USE_MAGICK) {
$cmd_getinfo = 'identify -format "%wx%h" ' . escapeshellarg($files[$i]['dest'] . '[0]');
exec($cmd_getinfo, $res);
$dims = explode('x', $res[0]);
$files[$i]['im_x'] = $dims[0];
$files[$i]['im_y'] = $dims[1];
$ratio = min(BS_MAX_HEIGHT / $files[$i]['im_y'], BS_MAX_WIDTH / $files[$i]['im_x']);
$files[$i]['pre_x'] = $files[$i]['im_x'] > BS_MAX_WIDTH ? intval($ratio * $files[$i]['im_x']) : $files[$i]['im_x'];
$files[$i]['pre_y'] = $files[$i]['im_y'] > BS_MAX_HEIGHT ? intval($ratio * $files[$i]['im_y']) : $files[$i]['im_y'];
if ($files[$i]['subtype'] === 'GIF') {
$files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.gif';
$cmd_coalesce = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -coalesce ' . escapeshellarg($thumbpath . 'tmp' . $files[$i]['thumbfile']);
$cmd_resize = 'convert ' . escapeshellarg($thumbpath . 'tmp' . $files[$i]['thumbfile']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -layers optimize ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']);
exec($cmd_coalesce);
exec($cmd_resize);
unlink($thumbpath . 'tmp' . $files[$i]['thumbfile']);
chmod($thumbpath . $files[$i]['thumbfile'], 0644);
} else {
if (BS1_USE_PNG_THUMB) {
$files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.png';
$cmd_resize = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -quality 00 -sharpen 0x0.5 ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']);
} else {
$files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.jpg';
$cmd_resize = 'convert ' . escapeshellarg($files[$i]['dest']) . ' -resize ' . BS_MAX_WIDTH . 'x' . BS_MAX_HEIGHT . '\\> -quality ' . BS_JPEG_QUALITY . ' -sharpen 0x0.5 ' . escapeshellarg($thumbpath . $files[$i]['thumbfile']);
}
exec($cmd_resize);
chmod($thumbpath . $files[$i]['thumbfile'], 0644);
}
} else {
// Test is really only for GIF support, which had a long absence
// If your GD is somehow so old (or dumb) it can't do JPEG or PNG get a new host. Srsly.
$gd_test = gd_info();
switch ($files[$i]['subtype']) {
case 'JPEG':
$image = imagecreatefromjpeg($files[$i]['dest']);
break;
case 'GIF':
if ($gd_test['GIF Read Support']) {
$image = imagecreatefromgif($files[$i]['dest']);
}
break;
case 'PNG':
$image = imagecreatefrompng($files[$i]['dest']);
break;
}
$files[$i]['thumbnail'] = imagecreatetruecolor($files[$i]['pre_x'], $files[$i]['pre_y']);
$files[$i]['thumbfile'] = $files[$i]['basic_filename'] . '-preview.jpg';
imagecopyresampled($files[$i]['thumbnail'], $image, 0, 0, 0, 0, $files[$i]['pre_x'], $files[$i]['pre_y'], $files[$i]['im_x'], $files[$i]['im_y']);
if (BS1_USE_PNG_THUMB) {
imagepng($files[$i]['thumbnail'], $thumbpath . $files[$i]['thumbfile'], -1);
// Quality
} else {
imagejpeg($files[$i]['thumbnail'], $thumbpath . $files[$i]['thumbfile'], BS_JPEG_QUALITY);
}
}
}
clearstatcache();
if (!file_exists($srcpath . $files[$i]['basic_filename'] . $files[$i]['ext'])) {
rename($files[$i]['dest'], $srcpath . $files[$i]['basic_filename'] . '.' . $files[$i]['ext']);
} else {
$files[$i]['basic_filename'] = "cc" . utf8_substr($time, -4) . "--" . $files[$i]['basic_filename'];
rename($files[$i]['dest'], $srcpath . $files[$i]['basic_filename'] . '.' . $files[$i]['ext']);
}
++$i;
}
//
// Update post info and add file data if applicable
//
if ($dataforce['response_to'] === 0) {
$parent_id = $post_number;
} else {
$parent_id = $dataforce['response_to'];
}
if ($dataforce['response_to'] !== 0 && !$fgsfds['sage'] && $post_count < BS_MAX_BUMPS) {
++$post_count;
$dbh->query('UPDATE ' . POSTTABLE . ' SET last_update=' . $time . ', last_response=' . $post_number . ', post_count=' . $post_count . ' WHERE post_number=' . $dataforce['response_to'] . '');
$dbh->query('UPDATE ' . POSTTABLE . ' SET last_update=0 WHERE post_number=' . $post_number . '');
$parent_id = $dataforce['response_to'];
}
if (!$there_is_no_spoon) {
$i = 0;
while ($i < $files_count) {
$dbh->query('UPDATE ' . POSTTABLE . ' SET has_file=1 WHERE post_number=' . $post_number . '');
$prepared = $dbh->prepare('INSERT INTO ' . FILETABLE . ' (parent_thread,post_ref,file_order,supertype,subtype,mime,filename,extension,filesize,md5,source,license)
VALUES (' . '' . $parent_id . ',' . '' . $post_number . ',' . '"' . ($i + 1) . '",' . '"' . $files[$i]['supertype'] . '",' . '"' . $files[$i]['subtype'] . '",' . '"' . $files[$i]['mime'] . '",' . '"' . $files[$i]['basic_filename'] . '",' . '"' . $files[$i]['ext'] . '",' . '"' . $files[$i]['fsize'] . '",' . '"' . $files[$i]['md5'] . '",' . '"' . $files[$i]['file_source'] . '",' . '"' . $files[$i]['file_license'] . '")');
$prepared->execute();
unset($prepared);
if ($files[$i]['supertype'] === 'GRAPHICS') {
$dbh->query('UPDATE ' . FILETABLE . ' SET image_width=' . $files[$i]['im_x'] . ', image_height=' . $files[$i]['im_y'] . ', preview_name="' . $files[$i]['thumbfile'] . '", preview_width=' . $files[$i]['pre_x'] . ', preview_height=' . $files[$i]['pre_y'] . ', md5="' . $files[$i]['md5'] . '" WHERE post_ref=' . $post_number . ' AND file_order=' . ($i + 1) . '');
} else {
if ($files[$i]['subtype'] === 'SWF') {
$dbh->query('UPDATE ' . FILETABLE . ' SET image_width=' . $files[$i]['im_x'] . ', image_height=' . $files[$i]['im_y'] . ', md5="' . $files[$i]['md5'] . '" WHERE post_ref=' . $post_number . ' AND file_order=' . ($i + 1) . '');
}
}
++$i;
}
}
//
// Run the archiving routine if this is a new thread or deleted/expired thread
//
nel_update_archive_status($dataforce, $dbh);
//
// Generate response page if it doesn't exist, otherwise update
//
if (!empty($_SESSION)) {
$temp = $_SESSION['ignore_login'];
}
$return_res = $dataforce['response_to'] === 0 ? $new_thread_dir : $dataforce['response_to'];
nel_regen($dataforce, $return_res, 'thread', FALSE, $dbh);
$dataforce['archive_update'] = TRUE;
nel_regen($dataforce, NULL, 'main', FALSE, $dbh);
if (!empty($_SESSION)) {
$_SESSION['ignore_login'] = $temp;
}
return $return_res;
}
define('BOARD_FILES', 'board_files/');
// Name of directory where the support and internal files go
require_once BOARD_FILES . 'config.php';
require_once INCLUDE_PATH . 'plugins.php';
$plugin_files = glob(PLUGINS_PATH . '*.nel.php');
$plugins = new nel_plugin_handler();
foreach ($plugin_files as $file) {
require_once $file;
}
$plugins->activate();
// A demo point. Does nothing, really
$example_result = $plugins->plugin_hook('plugin-example', TRUE, array(5));
require_once INCLUDE_PATH . 'general-functions.php';
require_once INCLUDE_PATH . 'file-handling.php';
require_once INCLUDE_PATH . 'initializations.php';
require_once INCLUDE_PATH . 'archive.php';
require_once INCLUDE_PATH . 'derp.php';
require_once INCLUDE_PATH . 'regen.php';
require_once INCLUDE_PATH . 'thread-functions.php';
require_once INCLUDE_PATH . 'output/html-generation.php';
require_once INCLUDE_PATH . 'banhammer.php';
require_once INCLUDE_PATH . 'snacks.php';
// IT'S GO TIME!
nel_ban_spambots($dataforce, $dbh);
require_once INCLUDE_PATH . 'sessions.php';
nel_initialize_session($dataforce, $plugins, $authorize);
require_once INCLUDE_PATH . 'central-dispatch.php';
nel_process_get($dataforce, $authorize, $dbh);
nel_process_post($dataforce, $plugins, $authorize, $dbh);
nel_regen($dataforce, NULL, 'main', FALSE, $dbh);
nel_clean_exit($dataforce, FALSE);