<?php
/*
* This file is part of kusaba.
*
* kusaba is free software; you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* kusaba is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* kusaba; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* +------------------------------------------------------------------------------+
* kusaba - http://www.kusaba.org/
* Written by Trevor "tj9991" Slocum
* http://www.tj9991.com/
* tslocum@gmail.com
* +------------------------------------------------------------------------------+
*/
/**
* Board operations which available to all users
*
* This file serves the purpose of providing functionality for all users of the
* boards. This includes: posting, reporting posts, and deleting posts.
*
* @package kusaba
*/
/**
* Start the session
*/
session_start();
/**
* Require the configuration file, functions file, board and post class, bans class, and posting class
*/
require 'config.php';
require KU_ROOTDIR . 'inc/functions.php';
require KU_ROOTDIR . 'inc/classes/board-post.class.php';
require KU_ROOTDIR . 'inc/classes/bans.class.php';
require KU_ROOTDIR . 'inc/classes/posting.class.php';
require KU_ROOTDIR . 'inc/classes/parse.class.php';
$bans_class = new Bans();
$parse_class = new Parse();
$posting_class = new Posting();
// {{{ Module loading
modules_load_all();
// }}}
// {{{ Fake email field check
if (isset($_POST['email'])) {
if ($_POST['email']!= '') {
exitWithErrorPage('Spam bot detected');
}
}
// }}}
// {{{ GET/POST board send check
/* In some cases, the board value is sent through post, others get */
$_POST['board'] = (isset($_GET['board'])) ? $_GET['board'] : $_POST['board'];
// }}}
/* If the script was called using a board name: */
if (isset($_POST['board'])) {
$board_name = $tc_db->GetOne("SELECT `name` FROM `" . KU_DBPREFIX . "boards` WHERE `name` = '" . mysql_real_escape_string($_POST['board']) . "'");
if ($board_name != '') {
$board_class = new Board($board_name);
if ($board_class->board_locale != '') {
changeLocale($board_class->board_locale);
}
} else {
do_redirect(KU_WEBPATH);
}
} else {
/* A board being supplied is required for this script to function */
do_redirect(KU_WEBPATH);
}
// {{{ Expired ban removal, and then existing ban check on the current user
$bans_class->RemoveExpiredBans();
$bans_class->BanCheck($_SERVER['REMOTE_ADDR'], $board_class->board_dir);
// }}}
$oekaki = $posting_class->CheckOekaki();
if ($oekaki == '') {
$is_oekaki = false;
} else {
$is_oekaki = true;
}
/* Ensure that UTF-8 is used on some of the post variables */
$posting_class->UTF8Strings();
/* Check if the user sent a valid post (image for thread, image/message for reply, etc) */
if ($posting_class->CheckValidPost($is_oekaki)) {
$tc_db->Execute("START TRANSACTION");
$posting_class->CheckReplyTime();
$posting_class->CheckNewThreadTime();
$posting_class->CheckMessageLength();
$posting_class->CheckCaptcha();
$posting_class->CheckBannedHash();
$posting_class->CheckBlacklistedText();
$post_isreply = $posting_class->CheckIsReply();
$imagefile_name = isset($_FILES['imagefile']) ? $_FILES['imagefile']['name'] : '';
if ($post_isreply) {
list($thread_replies, $thread_locked, $thread_replyto) = $posting_class->GetThreadInfo($_POST['replythread']);
} else {
if ($board_class->board_type != 1 && ($board_class->board_uploadtype == '1' || $board_class->board_uploadtype == '2')) {
if (isset($_POST['embed'])) {
if ($_POST['embed'] == '') {
if (($board_class->board_uploadtype == '1' && $imagefile_name == '') || $board_class->board_uploadtype == '2') {
exitWithErrorPage('Please enter an embed ID.');
}
}
} else {
exitWithErrorPage('Please enter an embed ID.');
}
}
$thread_replies = 0;
$thread_locked = 0;
$thread_replyto = 0;
}
list($post_name, $post_email, $post_subject) = $posting_class->GetFields();
$post_password = isset($_POST['postpassword']) ? $_POST['postpassword'] : '';
if ($board_class->board_type == 1) {
if ($post_isreply) {
$post_subject = '';
} else {
$posting_class->CheckNotDuplicateSubject($post_subject);
}
}
list($user_authority, $flags) = $posting_class->GetUserAuthority();
$post_fileused = false;
$post_autosticky = false;
$post_autolock = false;
$post_displaystaffstatus = false;
$file_is_special = false;
if (isset($_POST['formatting'])) {
if ($_POST['formatting'] == 'aa') {
$_POST['message'] = '[aa]' . $_POST['message'] . '[/aa]';
}
if (isset($_POST['rememberformatting'])) {
setcookie('kuformatting', urldecode($_POST['formatting']), time() + 31556926, '/', KU_DOMAIN);
}
}
$results = $tc_db->GetAll("SHOW TABLE STATUS LIKE '".KU_DBPREFIX."posts_".$board_class->board_dir."'");
$nextid = $results[0]['Auto_increment'];
$parse_class->id = $nextid;
/* If they are just a normal user, or vip... */
if ($user_authority == 0 || $user_authority == 3) {
/* If the thread is locked */
if ($thread_locked == 1) {
/* Don't let the user post */
exitWithErrorPage(_gettext('Sorry, this thread is locked and can not be replied to.'));
}
$post_message = $parse_class->ParsePost($_POST['message'], $board_class->board_dir, $board_class->board_type, $thread_replyto);
/* Or, if they are a moderator/administrator... */
} elseif ($user_authority == 1 || $user_authority == 2) {
/* If they checked the D checkbox, set the variable to tell the script to display their staff status (Admin/Mod) on the post during insertion */
if (isset($_POST['displaystaffstatus'])) {
$post_displaystaffstatus = true;
}
/* If they checked the RH checkbox, set the variable to tell the script to insert the post as-is... */
if (isset($_POST['rawhtml'])) {
$post_message = $_POST['message'];
/* Otherwise, parse it as usual... */
} else {
$post_message = $parse_class->ParsePost($_POST['message'], $board_class->board_dir, $board_class->board_type, $thread_replyto);
}
/* If they checked the L checkbox, set the variable to tell the script to lock the post after insertion */
if (isset($_POST['lockonpost'])) {
$post_autolock = true;
}
/* If they checked the S checkbox, set the variable to tell the script to sticky the post after insertion */
if (isset($_POST['stickyonpost'])) {
$post_autosticky = true;
}
if (isset($_POST['usestaffname'])) {
$_POST['name'] = md5_decrypt($_POST['modpassword'], KU_RANDOMSEED);
$post_name = md5_decrypt($_POST['modpassword'], KU_RANDOMSEED);
}
}
$posting_class->CheckBadUnicode($post_name, $post_email, $post_subject, $post_message);
$post_tag = $posting_class->GetPostTag();
if ($post_isreply) {
if ($imagefile_name == '' && !$is_oekaki && $post_message == '') {
exitWithErrorPage(_gettext('An image, or message, is required for a reply.'));
}
} else {
if ($imagefile_name == '' && !$is_oekaki && ((!isset($_POST['nofile'])&&$board_class->board_enablenofile==1) || $board_class->board_enablenofile==0) && ($board_class->board_type == 0 || $board_class->board_type == 2 || $board_class->board_type == 3)) {
if (!isset($_POST['embed']) && $board_class->board_uploadtype != 1) {
exitWithErrorPage(_gettext('A file is required for a new thread. If embedding is allowed, either a file or embed ID is required.'));
}
}
}
if (isset($_POST['nofile'])&&$board_class->board_enablenofile==1) {
if ($post_message == '') {
exitWithErrorPage('A message is required to post without a file.');
}
}
if ($board_class->board_type == 1 && !$post_isreply && $post_subject == '') {
exitWithErrorPage('A subject is required to make a new thread.');
}
if ($board_class->board_locked == 0 || ($user_authority > 0 && $user_authority != 3)) {
require_once(KU_ROOTDIR . 'inc/classes/upload.class.php');
$upload_class = new Upload();
if ($post_isreply) {
$upload_class->isreply = true;
}
if ((!isset($_POST['nofile']) && $board_class->board_enablenofile == 1) || $board_class->board_enablenofile == 0) {
$upload_class->HandleUpload();
}
if ($board_class->board_forcedanon == '1') {
if ($user_authority == 0 || $user_authority == 3) {
$post_name = '';
}
}
$nameandtripcode = calculateNameAndTripcode($post_name);
if (is_array($nameandtripcode)) {
$name = $nameandtripcode[0];
$tripcode = $nameandtripcode[1];
} else {
$name = $post_name;
$tripcode = '';
}
$filetype_withoutdot = substr($upload_class->file_type, 1);
$post_passwordmd5 = ($post_password == '') ? '' : md5($post_password);
if ($post_autosticky == true) {
if ($thread_replyto == 0) {
$sticky = 1;
} else {
$result = $tc_db->Execute("UPDATE `" . KU_DBPREFIX . "posts_" . $board_class->board_dir . "` SET `stickied` = '1' WHERE `id` = '" . $thread_replyto . "'");
$sticky = 0;
}
} else {
$sticky = 0;
}
if ($post_autolock == true) {
if ($thread_replyto == 0) {
$lock = 1;
} else {
$tc_db->Execute("UPDATE `" . KU_DBPREFIX . "posts_" . $board_class->board_dir . "` SET `locked` = '1' WHERE `id` = '" . $thread_replyto . "'");
$lock = 0;
}
} else {
$lock = 0;
}
if (!$post_displaystaffstatus && $user_authority > 0 && $user_authority != 3) {
$user_authority_display = 0;
} elseif ($user_authority > 0) {
$user_authority_display = $user_authority;
} else {
$user_authority_display = 0;
}
if ((file_exists(KU_BOARDSDIR . $board_class->board_dir . '/src/' . $upload_class->file_name . $upload_class->file_type) && file_exists(KU_BOARDSDIR . $board_class->board_dir . '/thumb/' . $upload_class->file_name . 's' . $upload_class->file_type)) || ($file_is_special && file_exists(KU_BOARDSDIR . $board_class->board_dir . '/src/' . $upload_class->file_name . $upload_class->file_type)) || $post_fileused == false) {
$post = array();
$post['board'] = $board_class->board_dir;
$post['name'] = substr($name, 0, 100);
$post['name_save'] = true;
$post['tripcode'] = $tripcode;
$post['email'] = substr($post_email, 0, 100);
/* First array is the converted form of the japanese characters meaning sage, second meaning age */
$ords_email = unistr_to_ords($post_email);
if (strtolower($_POST['em']) != 'sage' && $ords_email != array(19979, 12370) && strtolower($_POST['em']) != 'age' && $ords_email != array(19978, 12370) && $_POST['em'] != 'return' && $_POST['em'] != 'noko') {
$post['email_save'] = true;
} else {
$post['email_save'] = false;
}
$post['subject'] = substr($post_subject, 0, 100);
$post['message'] = $post_message;
$post['tag'] = $post_tag;
$post = hook_process('posting', $post);
if ($is_oekaki) {
if (file_exists(KU_BOARDSDIR . $board_class->board_dir . '/src/' . $upload_class->file_name . '.pch')) {
$post['message'] .= '<br><small><a href="' . KU_CGIPATH . '/animation.php?board=' . $board_class->board_dir . '&id=' . $upload_class->file_name . '">' . _gettext('View animation') . '</a></small>';
}
}
if ($thread_replyto != '0') {
if ($post['message'] == '' && KU_NOMESSAGEREPLY != '') {
$post['message'] = KU_NOMESSAGEREPLY;
}
} else {
if ($post['message'] == '' && KU_NOMESSAGETHREAD != '') {
$post['message'] = KU_NOMESSAGETHREAD;
}
}
$post_class = new Post(0, $board_class->board_dir, true);
$post_id = $post_class->Insert($thread_replyto, $post['name'], $post['tripcode'], $post['email'], $post['subject'], addslashes($post['message']), $upload_class->file_name, $upload_class->original_file_name, $filetype_withoutdot, $upload_class->file_md5, $upload_class->imgWidth, $upload_class->imgHeight, $upload_class->file_size, $upload_class->imgWidth_thumb, $upload_class->imgHeight_thumb, $post_passwordmd5, time(), time(), $_SERVER['REMOTE_ADDR'], $user_authority_display, $post['tag'], $sticky, $lock);
if ($user_authority > 0 && $user_authority != 3) {
$modpost_message = 'Modposted #<a href="' . KU_BOARDSFOLDER . $board_class->board_dir . '/res/';
if ($post_isreply) {
$modpost_message .= $thread_replyto;
} else {
$modpost_message .= $post_id;
}
$modpost_message .= '.html#' . $post_id . '">' . $post_id . '</a> in /'.$_POST['board'].'/ with flags: ' . $flags . '.';
management_addlogentry($modpost_message, 1, md5_decrypt($_POST['modpassword'], KU_RANDOMSEED));
}
if ($post['name_save'] && isset($_POST['name'])) {
setcookie('name', urldecode($_POST['name']), time() + 31556926, '/', KU_DOMAIN);
}
if ($post['email_save']) {
setcookie('email', urldecode($post['email']), time() + 31556926, '/', KU_DOMAIN);
}
setcookie('postpassword', urldecode($_POST['postpassword']), time() + 31556926, '/');
} else {
exitWithErrorPage(_gettext('Could not copy uploaded image.'));
}
/* If the user replied to a thread, and they weren't sage-ing it... */
if ($thread_replyto != '0' && strtolower($_POST['em']) != 'sage' && unistr_to_ords($_POST['em']) != array(19979, 12370)) {
/* And if the number of replies already in the thread are less than the maximum thread replies before perma-sage... */
if ($thread_replies <= $board_class->board_maxreplies) {
/* Bump the thread */
$tc_db->Execute("UPDATE `" . KU_DBPREFIX . "posts_" . $board_class->board_dir . "` SET `lastbumped` = '" . time() . "' WHERE `id` = '" . $thread_replyto . "'");
}
}
/* If the user replied to a thread he is watching, update it so it doesn't count his reply as unread */
if (KU_WATCHTHREADS && $thread_replyto != '0') {
$viewing_thread_is_watched = $tc_db->GetOne("SELECT COUNT(*) FROM `" . KU_DBPREFIX . "watchedthreads` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' AND `board` = '" . $board_class->board_dir . "' AND `threadid` = '" . $thread_replyto . "'");
if ($viewing_thread_is_watched > 0) {
$newestreplyid = $tc_db->GetOne('SELECT `id` FROM `'.KU_DBPREFIX.'posts_'.$board_class->board_dir.'` WHERE `IS_DELETED` = 0 AND `parentid` = '.$thread_replyto.' ORDER BY `id` DESC LIMIT 1');
$tc_db->Execute("UPDATE `" . KU_DBPREFIX . "watchedthreads` SET `lastsawreplyid` = " . $newestreplyid . " WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' AND `board` = '" . $board_class->board_dir . "' AND `threadid` = '" . $thread_replyto . "'");
}
}
$tc_db->Execute("COMMIT");
/* Trim any threads which have been pushed past the limit, or exceed the maximum age limit */
$board_class->TrimToPageLimit();
/* Regenerate board pages */
$board_class->RegeneratePages();
if ($thread_replyto == '0') {
/* Regenerate the thread */
$board_class->RegenerateThread($post_id);
} else {
/* Regenerate the thread */
$board_class->RegenerateThread($thread_replyto);
}
} else {
exitWithErrorPage(_gettext('Sorry, this board is locked and can not be posted in.'));
}
} elseif (isset($_POST['delete']) || isset($_POST['reportpost'])) {
/* Initialize the post class */
$post_class = new Post(mysql_real_escape_string($_POST['delete']), $board_class->board_dir);
if (isset($_POST['reportpost'])) {
/* They clicked the Report button */
if ($board_class->board_enablereporting == 1) {
$post_reported = $post_class->post_isreported;
if ($post_reported === 'cleared') {
echo _gettext('That post has been cleared as not requiring any deletion.');
} elseif ($post_reported) {
echo _gettext('That post is already in the report list.');
} else {
if ($post_class->Report()) {
echo _gettext('Post successfully reported.') . '<br>';
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/');
} else {
echo _gettext('Unable to report post. Please go back and try again.');
}
}
} else {
echo _gettext('This board does not allow post reporting.');
}
} elseif (isset($_POST['postpassword'])) {
/* They clicked the Delete button */
if ($_POST['postpassword'] != '') {
if (md5($_POST['postpassword']) == $post_class->post_password) {
if (isset($_POST['fileonly'])) {
if ($post_class->post_file != '' && $post_class->post_file != 'removed') {
$post_class->DeleteImage();
$board_class->RegeneratePages();
if ($post_class->post_parentid != 0) {
$board_class->RegenerateThread($post_class->post_parentid);
}
echo _gettext('Image successfully deleted from your post.') . '<br>';
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/');
} else {
echo _gettext('Your post already doesn\'t have an image!');
}
} else {
if ($post_class->Delete()) {
if ($post_class->post_parentid != '0') {
$board_class->RegenerateThread($post_class->post_parentid);
}
$board_class->RegeneratePages();
echo _gettext('Post successfully deleted.') . '<br>';
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/');
} else {
echo _gettext('There was an error in trying to delete your post');
}
}
} else {
echo _gettext('Incorrect password.');
}
} else {
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/');
}
}
die();
} elseif (isset($_GET['postoek'])) {
$board_class->OekakiHeader($_GET['replyto'], $_GET['postoek']);
die();
} else {
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/');
}
if (KU_RSS) {
require_once(KU_ROOTDIR . 'inc/classes/rss.class.php');
$rss_class = new RSS();
print_page(KU_BOARDSDIR.$_POST['board'].'/rss.xml',$rss_class->GenerateRSS($_POST['board']),$_POST['board']);
}
if ($board_class->board_redirecttothread == 1 || $_POST['em'] == 'return' || $_POST['em'] == 'noko') {
if ($thread_replyto == "0") {
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/res/' . $post_id . '.html', true, $imagefile_name);
} else {
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/res/' . $thread_replyto . '.html', true, $imagefile_name);
}
} else {
do_redirect(KU_BOARDSPATH . '/' . $board_class->board_dir . '/', true, $imagefile_name);
}
?>