diff --git a/.gitignore b/.gitignore index 93cac6d4..3205c64b 100644 --- a/.gitignore +++ b/.gitignore @@ -70,9 +70,6 @@ tf/ /mod/ /random/ -# Banners -static/banners/* - #Fonts stylesheets/fonts diff --git a/README.md b/README.md index e5f8ead0..e0f985fe 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Requirements PHP 8.0 is explicitly supported. PHP 7.x should be compatable. 2. MySQL/MariaDB server >= 5.5.3 3. [Composer](https://getcomposer.org/) (To install various packages) -4. [mbstring](http://www.php.net/manual/en/mbstring.installation.php) +4. [mbstring](http://www.php.net/manual/en/mbstring.installation.php) 5. [PHP GD](http://www.php.net/manual/en/intro.image.php) 6. [PHP PDO](http://www.php.net/manual/en/intro.pdo.php) @@ -44,7 +44,7 @@ Installation development version with: git clone git://git.leftypol.org/leftypol/leftypol.git - + 2. run ```composer install``` inside the directory 3. Navigate to ```install.php``` in your web browser and follow the prompts. @@ -80,7 +80,7 @@ find support from a variety of sources: * For support, reply to the sticky on our [/tech/](https://leftypol.org/tech/) board. ### Tinyboard support -vichan, and by extension lainchan and leftypol, is based on a Tinyboard, so both engines have very much in common. These links may be helpful for you as well: +vichan, and by extension lainchan and leftypol, is based on a Tinyboard, so both engines have very much in common. These links may be helpful for you as well: * Tinyboard documentation can be found [here](https://web.archive.org/web/20121016074303/http://tinyboard.org/docs/?p=Main_Page). diff --git a/compose.yml b/compose.yml index c04c85f9..526e18c6 100644 --- a/compose.yml +++ b/compose.yml @@ -28,8 +28,6 @@ services: #MySQL Service db: image: mysql:8.0.35 - restart: unless-stopped - tty: true ports: - "3306:3306" environment: diff --git a/composer.json b/composer.json index d0345e3b..21fff51a 100644 --- a/composer.json +++ b/composer.json @@ -25,6 +25,7 @@ "inc/polyfill.php", "inc/error.php", "inc/functions.php", + "inc/functions/hide.php", "inc/functions/net.php" ] }, diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index a884650c..fffd868d 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -18,6 +18,8 @@ RUN apk add --no-cache \ graphicsmagick \ gifsicle \ ffmpeg \ + djvulibre \ + ghostscript \ bind-tools \ gettext \ gettext-dev \ diff --git a/docker/php/www.conf b/docker/php/www.conf index d9d84760..f96329c8 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -1,5 +1,7 @@ [www] access.log = /proc/self/fd/2 +php_admin_value[error_log] = /proc/self/fd/2 +php_admin_flag[log_errors] = on ; Ensure worker stdout and stderr are sent to the main error log. catch_workers_output = yes diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 00000000..a86a91a6 Binary files /dev/null and b/favicon.ico differ diff --git a/favicon.png b/favicon.png deleted file mode 100644 index 8028966e..00000000 Binary files a/favicon.png and /dev/null differ diff --git a/inc/Data/Driver/ApcuCacheDriver.php b/inc/Data/Driver/Cache/ApcuCacheDriver.php similarity index 93% rename from inc/Data/Driver/ApcuCacheDriver.php rename to inc/Data/Driver/Cache/ApcuCacheDriver.php index a39bb656..4aeb64cd 100644 --- a/inc/Data/Driver/ApcuCacheDriver.php +++ b/inc/Data/Driver/Cache/ApcuCacheDriver.php @@ -1,5 +1,5 @@ inner = new \Memcached(); + if (!$this->inner->setOption(\Memcached::OPT_BINARY_PROTOCOL, true)) { + $err = $this->inner->getResultMessage(); + throw new \RuntimeException("Unable to set the memcached protocol: '$err'"); + } + if (!$this->inner->setOption(\Memcached::OPT_PREFIX_KEY, $prefix)) { + $err = $this->inner->getResultMessage(); + throw new \RuntimeException("Unable to set the memcached prefix: '$err'"); + } + + $maybe_unix_path = self::asUnixSocketPath($server_uri); + $is_unix = $maybe_unix_path !== null; + if ($is_unix) { + $server_uri = $maybe_unix_path; + } + + // Memcached keeps the server connections open across requests. + $current_servers = $this->inner->getServerList(); + $found_in_curr = false; + foreach ($current_servers as $curr) { + // Ignore the port if the server is connected with a unix socket. + if ($curr['host'] === $server_uri && ($is_unix || $curr['port'] === $server_port)) { + $found_in_curr = true; + } + } + + if (!$found_in_curr) { + if (!empty($current_servers)) { + if (!$this->inner->resetServerList()) { + $err = $this->inner->getResultMessage(); + throw new \RuntimeException("Unable to reset the memcached server list: '$err'"); + } + } + if (!$this->inner->addServer($server_uri, $server_port, $server_weight)) { + $err = $this->inner->getResultMessage(); + throw new \RuntimeException("Unable to add memcached servers: '$err'"); + } + } + } + + public function get(string $key): mixed { + $ret = $this->inner->get($key); + // If the returned value is false but the retrival was a success, then the value stored was a boolean false. + if ($ret === false && $this->inner->getResultCode() !== \Memcached::RES_SUCCESS) { + return null; + } + return $ret; + } + + public function set(string $key, mixed $value, mixed $expires = false): void { + $this->inner->set($key, $value, (int)$expires); + } + + public function delete(string $key): void { + $this->inner->delete($key); + } + + public function flush(): void { + $this->inner->flush(); + } +} diff --git a/inc/Data/Driver/NoneCacheDriver.php b/inc/Data/Driver/Cache/NoneCacheDriver.php similarity index 91% rename from inc/Data/Driver/NoneCacheDriver.php rename to inc/Data/Driver/Cache/NoneCacheDriver.php index 8b260a50..92d0394b 100644 --- a/inc/Data/Driver/NoneCacheDriver.php +++ b/inc/Data/Driver/Cache/NoneCacheDriver.php @@ -1,5 +1,5 @@ inner = new \Redis(); - if (str_starts_with($host, 'unix:') || str_starts_with($host, ':')) { - $ret = \explode(':', $host); - if (count($ret) < 2) { - throw new \RuntimeException("Invalid unix socket path $host"); - } - // Unix socket. - $this->inner->connect($ret[1]); + $maybe_unix = self::asUnixSocketPath($host); + + if ($maybe_unix !== null) { + $this->inner->connect($maybe_unix); } elseif ($port === null) { $this->inner->connect($host); } else { diff --git a/inc/Data/Driver/Log/ErrorLogLogDriver.php b/inc/Data/Driver/Log/ErrorLogLogDriver.php new file mode 100644 index 00000000..cca5d88b --- /dev/null +++ b/inc/Data/Driver/Log/ErrorLogLogDriver.php @@ -0,0 +1,28 @@ +name = $name; + $this->level = $level; + } + + public function log(int $level, string $message): void { + if ($level <= $this->level) { + $lv = $this->levelToString($level); + $line = "{$this->name} $lv: $message"; + \error_log($line, 0, null, null); + } + } +} diff --git a/inc/Data/Driver/Log/FileLogDriver.php b/inc/Data/Driver/Log/FileLogDriver.php new file mode 100644 index 00000000..985a7726 --- /dev/null +++ b/inc/Data/Driver/Log/FileLogDriver.php @@ -0,0 +1,61 @@ +fd = \fopen($file_path, 'a'); + if ($this->fd === false) { + throw new \RuntimeException("Unable to open log file at $file_path"); + } + + $this->name = $name; + $this->level = $level; + + // In some cases PHP does not run the destructor. + \register_shutdown_function([$this, 'close']); + } + + public function __destruct() { + $this->close(); + } + + public function log(int $level, string $message): void { + if ($level <= $this->level) { + $lv = $this->levelToString($level); + $line = "{$this->name} $lv: $message\n"; + \flock($this->fd, LOCK_EX); + \fwrite($this->fd, $line); + \fflush($this->fd); + \flock($this->fd, LOCK_UN); + } + } + + public function close() { + \flock($this->fd, LOCK_UN); + \fclose($this->fd); + } +} diff --git a/inc/Data/Driver/Log/LogDriver.php b/inc/Data/Driver/Log/LogDriver.php new file mode 100644 index 00000000..aecdfe64 --- /dev/null +++ b/inc/Data/Driver/Log/LogDriver.php @@ -0,0 +1,22 @@ +name = $name; + $this->level = $level; + } + + public function log(int $level, string $message): void { + if ($level <= $this->level) { + $lv = $this->levelToString($level); + \fwrite(\STDERR, "{$this->name} $lv: $message\n"); + } + } +} diff --git a/inc/Data/Driver/Log/SyslogLogDriver.php b/inc/Data/Driver/Log/SyslogLogDriver.php new file mode 100644 index 00000000..56269f2f --- /dev/null +++ b/inc/Data/Driver/Log/SyslogLogDriver.php @@ -0,0 +1,35 @@ +level = $level; + } + + public function log(int $level, string $message): void { + if ($level <= $this->level) { + if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) { + // CGI + \syslog($level, "$message - client: {$_SERVER['REMOTE_ADDR']}, request: \"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}\""); + } else { + \syslog($level, $message); + } + } + } +} diff --git a/inc/Data/Driver/MemcacheCacheDriver.php b/inc/Data/Driver/MemcacheCacheDriver.php deleted file mode 100644 index 04f62895..00000000 --- a/inc/Data/Driver/MemcacheCacheDriver.php +++ /dev/null @@ -1,43 +0,0 @@ -inner = new \Memcached(); - if (!$this->inner->setOption(\Memcached::OPT_BINARY_PROTOCOL, true)) { - throw new \RuntimeException('Unable to set the memcached protocol!'); - } - if (!$this->inner->setOption(\Memcached::OPT_PREFIX_KEY, $prefix)) { - throw new \RuntimeException('Unable to set the memcached prefix!'); - } - if (!$this->inner->addServers($memcached_server)) { - throw new \RuntimeException('Unable to add the memcached server!'); - } - } - - public function get(string $key): mixed { - $ret = $this->inner->get($key); - // If the returned value is false but the retrival was a success, then the value stored was a boolean false. - if ($ret === false && $this->inner->getResultCode() !== \Memcached::RES_SUCCESS) { - return null; - } - return $ret; - } - - public function set(string $key, mixed $value, mixed $expires = false): void { - $this->inner->set($key, $value, (int)$expires); - } - - public function delete(string $key): void { - $this->inner->delete($key); - } - - public function flush(): void { - $this->inner->flush(); - } -} diff --git a/inc/Data/IpNoteQueries.php b/inc/Data/IpNoteQueries.php new file mode 100644 index 00000000..835b50c2 --- /dev/null +++ b/inc/Data/IpNoteQueries.php @@ -0,0 +1,76 @@ +pdo = $pdo; + $this->cache = $cache; + } + + /** + * Get all the notes relative to an IP. + * + * @param string $ip The IP of the notes. THE STRING IS NOT VALIDATED. + * @return array Returns an array of notes sorted by the most recent. Includes the username of the mods. + */ + public function getByIp(string $ip) { + $ret = $this->cache->get("ip_note_queries_$ip"); + if ($ret !== null) { + return $ret; + } + + $query = $this->pdo->prepare('SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip ORDER BY `time` DESC'); + $query->bindValue(':ip', $ip); + $query->execute(); + $ret = $query->fetchAll(\PDO::FETCH_ASSOC); + + $this->cache->set("ip_note_queries_$ip", $ret); + return $ret; + } + + /** + * Creates a new note relative to the given ip. + * + * @param string $ip The IP of the note. THE STRING IS NOT VALIDATED. + * @param int $mod_id The id of the mod who created the note. + * @param string $body The text of the note. + * @return void + */ + public function add(string $ip, int $mod_id, string $body) { + $query = $this->pdo->prepare('INSERT INTO `ip_notes` (`ip`, `mod`, `time`, `body`) VALUES (:ip, :mod, :time, :body)'); + $query->bindValue(':ip', $ip); + $query->bindValue(':mod', $mod_id); + $query->bindValue(':time', time()); + $query->bindValue(':body', $body); + $query->execute(); + + $this->cache->delete("ip_note_queries_$ip"); + } + + /** + * Delete a note only if it's of a particular IP address. + * + * @param int $id The id of the note. + * @param int $ip The expected IP of the note. THE STRING IS NOT VALIDATED. + * @return bool True if any note was deleted. + */ + public function deleteWhereIp(int $id, string $ip): bool { + $query = $this->pdo->prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id'); + $query->bindValue(':ip', $ip); + $query->bindValue(':id', $id); + $query->execute(); + $any = $query->rowCount() != 0; + + if ($any) { + $this->cache->delete("ip_note_queries_$ip"); + } + return $any; + } +} diff --git a/inc/Data/Model/FiltersParseResult.php b/inc/Data/Model/FiltersParseResult.php new file mode 100644 index 00000000..89881c46 --- /dev/null +++ b/inc/Data/Model/FiltersParseResult.php @@ -0,0 +1,13 @@ +> + */ + public array $body = []; + /** + * @var array + */ + public array $subject = []; + /** + * @var array + */ + public array $name = []; + /** + * @var ?string + */ + public ?string $board = null; + /** + * @var array + */ + public array $flag = []; + public ?int $id = null; + public ?int $thread = null; + public float $weight = 0; +} diff --git a/inc/Data/ReportQueries.php b/inc/Data/ReportQueries.php index bfd78990..156a6ccc 100644 --- a/inc/Data/ReportQueries.php +++ b/inc/Data/ReportQueries.php @@ -89,7 +89,7 @@ class ReportQueries { // Get the reports without a post. $invalid = []; foreach ($raw_reports as $report) { - if (isset($report_posts[$report['board']][$report['post']])) { + if (!isset($report_posts[$report['board']][$report['post']])) { $invalid[] = $report; } } @@ -129,7 +129,7 @@ class ReportQueries { $query = $this->pdo->prepare('SELECT `board`, `post`, `id` FROM `reports`'); $query->execute(); $raw_reports = $query->fetchAll(\PDO::FETCH_ASSOC); - $valid_reports = $this->filterReports($raw_reports, false, null); + $valid_reports = $this->filterReports($raw_reports, false); $count = \count($valid_reports); return $count; @@ -176,7 +176,7 @@ class ReportQueries { $query = $this->pdo->prepare('SELECT `board`, `post`, `id` FROM `reports`'); $query->execute(); $raw_reports = $query->fetchAll(\PDO::FETCH_ASSOC); - $invalid_reports = $this->filterReports($raw_reports, true, null); + $invalid_reports = $this->filterReports($raw_reports, true); foreach ($invalid_reports as $report) { $this->deleteReportImpl($report['board'], $report['post']); diff --git a/inc/Data/SearchQueries.php b/inc/Data/SearchQueries.php new file mode 100644 index 00000000..7aa7cbad --- /dev/null +++ b/inc/Data/SearchQueries.php @@ -0,0 +1,98 @@ +pdo->prepare("SELECT COUNT(2) FROM `search_queries` WHERE `ip` = :ip AND `time` > :time"); + $query->bindValue(':ip', $ip); + $query->bindValue(':time', $now - $this->range_for_single, \PDO::PARAM_INT); + $query->execute(); + if ($query->fetchColumn() > $this->queries_for_single) { + return true; + } + + $query = $this->pdo->prepare("SELECT COUNT(2) FROM `search_queries` WHERE `time` > :time"); + $query->bindValue(':time', $now - $this->range_for_all, \PDO::PARAM_INT); + $query->execute(); + if ($query->fetchColumn() > $this->queries_for_all) { + return true; + } + + $query = $this->pdo->prepare("INSERT INTO `search_queries` VALUES (:ip, :time, :query)"); + $query->bindValue(':ip', $ip); + $query->bindValue(':time', $now, \PDO::PARAM_INT); + $query->bindValue(':query', $phrase); + $query->execute(); + + if ($this->auto_gc) { + $this->purgeExpired(); + } + + return false; + } + + /** + * @param \PDO $pdo PDO to access the DB. + * @param int $queries_for_single Maximum number of queries for a single IP, in seconds. + * @param int $range_for_single Maximum age of the oldest query to consider from a single IP. + * @param int $queries_for_all Maximum number of queries for all IPs. + * @param int $range_for_all Maximum age of the oldest query to consider from all IPs, in seconds. + * @param bool $auto_gc If to run the cleanup at every check. Must be invoked from the outside otherwise. + */ + public function __construct( + \PDO $pdo, + int $queries_for_single, + int $range_for_single, + int $queries_for_all, + int $range_for_all, + bool $auto_gc + ) { + $this->pdo = $pdo; + $this->queries_for_single = $queries_for_single; + $this->range_for_single = $range_for_single; + $this->queries_for_all = $queries_for_all; + $this->range_for_all = $range_for_all; + $this->auto_gc = $auto_gc; + } + + /** + * Check if the IP-query pair overflows the limit. + * + * @param string $ip Source IP. + * @param string $phrase The search query. + * @return bool True if the request goes over the limit. + */ + public function checkFlood(string $ip, string $phrase): bool { + $this->pdo->beginTransaction(); + try { + $ret = $this->checkFloodImpl($ip, $phrase); + $this->pdo->commit(); + return $ret; + } catch (\Exception $e) { + $this->pdo->rollBack(); + throw $e; + } + } + + public function purgeExpired(): int { + // Cleanup search queries table. + $query = $this->pdo->prepare("DELETE FROM `search_queries` WHERE `time` <= :expiry_limit"); + $query->bindValue(':expiry_limit', \time() - $this->range_for_all, \PDO::PARAM_INT); + $query->execute(); + return $query->rowCount(); + } +} diff --git a/inc/Data/UserPostQueries.php b/inc/Data/UserPostQueries.php new file mode 100644 index 00000000..072157ea --- /dev/null +++ b/inc/Data/UserPostQueries.php @@ -0,0 +1,275 @@ += 1. + * @return array + */ + private static function arrayOfFragments(string $prefix, int $fragments_count): array { + $args = [ "'%'" ]; + for ($i = 0; $i < $fragments_count; $i++) { + $args[] = ":$prefix$i"; + $args[] = "'%'"; + } + return $args; + } + + public function __construct(\PDO $pdo) { + $this->pdo = $pdo; + } + + private function paginate(array $board_uris, int $page_size, ?string $cursor, callable $callback): PageFetchResult { + // Decode the cursor. + if ($cursor !== null) { + list($cursor_type, $uri_id_cursor_map) = Net\decode_cursor($cursor); + } else { + // Defaults if $cursor is an invalid string. + $cursor_type = null; + $uri_id_cursor_map = []; + } + $next_cursor_map = []; + $prev_cursor_map = []; + $rows = []; + + foreach ($board_uris as $uri) { + // Extract the cursor relative to the board. + $start_id = null; + if ($cursor_type !== null && isset($uri_id_cursor_map[$uri])) { + $value = $uri_id_cursor_map[$uri]; + if (\is_numeric($value)) { + $start_id = (int)$value; + } + } + + $posts = $callback($uri, $cursor_type, $start_id, $page_size); + + $posts_count = \count($posts); + + // By fetching one extra post bellow and/or above the limit, we know if there are any posts beside the current page. + if ($posts_count === $page_size + 2) { + $has_extra_prev_post = true; + $has_extra_end_post = true; + } else { + /* + * If the id we start fetching from is also the first id fetched from the DB, then we exclude it from + * the results, noting that we fetched 1 more posts than we needed, and it was before the current page. + * Hence, we have no extra post at the end and no next page. + */ + $has_extra_prev_post = $start_id !== null && $start_id === (int)$posts[0]['id']; + $has_extra_end_post = !$has_extra_prev_post && $posts_count > $page_size; + } + + // Get the previous cursor, if any. + if ($has_extra_prev_post) { + \array_shift($posts); + $posts_count--; + // Select the most recent post. + $prev_cursor_map[$uri] = $posts[0]['id']; + } + // Get the next cursor, if any. + if ($has_extra_end_post) { + \array_pop($posts); + // Select the oldest post. + $next_cursor_map[$uri] = $posts[$posts_count - 2]['id']; + } + + $rows[$uri] = $posts; + } + + $res = new PageFetchResult(); + $res->by_uri = $rows; + $res->cursor_prev = !empty($prev_cursor_map) ? Net\encode_cursor(self::CURSOR_TYPE_PREV, $prev_cursor_map) : null; + $res->cursor_next = !empty($next_cursor_map) ? Net\encode_cursor(self::CURSOR_TYPE_NEXT, $next_cursor_map) : null; + + return $res; + } + + /** + * Fetch a page of user posts. + * + * @param array $board_uris The uris of the boards that should be included. + * @param string $ip The IP of the target user. + * @param integer $page_size The Number of posts that should be fetched. + * @param string|null $cursor The directional cursor to fetch the next or previous page. Null to start from the beginning. + * @return PageFetchResult + */ + public function fetchPaginatedByIp(array $board_uris, string $ip, int $page_size, ?string $cursor = null): PageFetchResult { + return $this->paginate($board_uris, $page_size, $cursor, function($uri, $cursor_type, $start_id, $page_size) use ($ip) { + if ($cursor_type === null) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); + $query->bindValue(':ip', $ip); + $query->bindValue(':limit', $page_size + 1, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return $query->fetchAll(\PDO::FETCH_ASSOC); + } elseif ($cursor_type === self::CURSOR_TYPE_NEXT) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip AND `id` <= :start_id ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); + $query->bindValue(':ip', $ip); + $query->bindValue(':start_id', $start_id, \PDO::PARAM_INT); + $query->bindValue(':limit', $page_size + 2, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return $query->fetchAll(\PDO::FETCH_ASSOC); + } elseif ($cursor_type === self::CURSOR_TYPE_PREV) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip AND `id` >= :start_id ORDER BY `sticky` ASC, `id` ASC LIMIT :limit', $uri)); + $query->bindValue(':ip', $ip); + $query->bindValue(':start_id', $start_id, \PDO::PARAM_INT); + $query->bindValue(':limit', $page_size + 2, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return \array_reverse($query->fetchAll(\PDO::FETCH_ASSOC)); + } else { + throw new \RuntimeException("Unknown cursor type '$cursor_type'"); + } + }); + } + + /** + * Fetch a page of user posts. + * + * @param array $board_uris The uris of the boards that should be included. + * @param string $password The password of the target user. + * @param integer $page_size The Number of posts that should be fetched. + * @param string|null $cursor The directional cursor to fetch the next or previous page. Null to start from the beginning. + * @return PageFetchResult + */ + public function fetchPaginateByPassword(array $board_uris, string $password, int $page_size, ?string $cursor = null): PageFetchResult { + return $this->paginate($board_uris, $page_size, $cursor, function($uri, $cursor_type, $start_id, $page_size) use ($password) { + if ($cursor_type === null) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `password` = :password ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); + $query->bindValue(':password', $password); + $query->bindValue(':limit', $page_size + 1, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return $query->fetchAll(\PDO::FETCH_ASSOC); + } elseif ($cursor_type === self::CURSOR_TYPE_NEXT) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `password` = :password AND `id` <= :start_id ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); + $query->bindValue(':password', $password); + $query->bindValue(':start_id', $start_id, \PDO::PARAM_INT); + $query->bindValue(':limit', $page_size + 2, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return $query->fetchAll(\PDO::FETCH_ASSOC); + } elseif ($cursor_type === self::CURSOR_TYPE_PREV) { + $query = $this->pdo->prepare(sprintf('SELECT * FROM `posts_%s` WHERE `password` = :password AND `id` >= :start_id ORDER BY `sticky` ASC, `id` ASC LIMIT :limit', $uri)); + $query->bindValue(':password', $password); + $query->bindValue(':start_id', $start_id, \PDO::PARAM_INT); + $query->bindValue(':limit', $page_size + 2, \PDO::PARAM_INT); // Always fetch more. + $query->execute(); + return \array_reverse($query->fetchAll(\PDO::FETCH_ASSOC)); + } else { + throw new \RuntimeException("Unknown cursor type '$cursor_type'"); + } + }); + } + + /** + * Search among the user posts with the given filters. + * The subject, name and elements of the bodies filters are fragments which are joined together with wildcards, to + * allow for more flexible filtering. + * + * @param string $board The board where to search in. + * @param array $subject Fragments of the subject filter. + * @param array $name Fragments of the name filter. + * @param array $flags An array of the flag names to search among the HTML. + * @param ?int $id Post id filter. + * @param ?int $thread Thread id filter. + * @param array> $bodies An array whose element are arrays containing the fragments of multiple body filters, each + * searched independently from the others + * @param integer $limit The maximum number of results. + * @throws PDOException On error. + * @return array + */ + public function searchPosts(string $board, array $subject, array $name, array $flags, ?int $id, ?int $thread, array $bodies, int $limit): array { + $where_acc = []; + + if (!empty($subject)) { + $like_arg = self::arrayOfFragments('subj', \count($subject)); + $where_acc[] = 'subject LIKE CONCAT(' . \implode(', ', $like_arg) . ')'; + } + if (!empty($name)) { + $like_arg = self::arrayOfFragments('name', \count($name)); + $where_acc[] = 'name LIKE CONCAT(' . \implode(', ', $like_arg) . ')'; + } + if (!empty($flags)) { + $flag_acc = []; + for ($i = 0; $i < \count($flags); $i++) { + // Yes, vichan stores the flag inside the generated HTML. Now you know why it's slow as shit. + // English lacks the words to express my feelings about it in a satisfying manner. + $flag_acc[] = "CONCAT('%', :flag$i, '%')"; + } + $where_acc[] = 'body_nomarkup LIKE (' . \implode(' OR ', $flag_acc) . ')'; + } + if ($id !== null) { + $where_acc[] = 'id = :id'; + } + if ($thread !== null) { + $where_acc[] = 'thread = :thread'; + } + for ($i = 0; $i < \count($bodies); $i++) { + $body = $bodies[$i]; + $like_arg = self::arrayOfFragments("body_{$i}_", \count($body)); + $where_acc[] = 'body_nomarkup LIKE CONCAT(' . \implode(', ', $like_arg) . ')'; + } + + if (empty($where_acc)) { + return []; + } + + $sql = "SELECT * FROM `posts_$board` WHERE " . \implode(' AND ', $where_acc) . ' ORDER BY `time` DESC LIMIT :limit'; + $query = $this->pdo->prepare($sql); + + for ($i = 0; $i < \count($subject); $i++) { + $query->bindValue(":subj$i", self::escapeLike($subject[$i])); + } + for ($i = 0; $i < \count($name); $i++) { + $query->bindValue(":name$i", self::escapeLike($name[$i])); + } + for ($i = 0; $i < \count($flags); $i++) { + $query->bindValue(":flag$i", self::escapeLike($flags[$i])); + } + if ($id !== null) { + $query->bindValue(':id', $id, \PDO::PARAM_INT); + } + if ($thread !== null) { + $query->bindValue(':thread', $thread, \PDO::PARAM_INT); + } + for ($body_i = 0; $body_i < \count($bodies); $body_i++) { + $body = $bodies[$body_i]; + + for ($i = 0; $i < \count($body); $i++) { + $query->bindValue(":body_{$body_i}_{$i}", self::escapeLike($body[$i])); + } + } + + $query->bindValue(':limit', $limit, \PDO::PARAM_INT); + + $query->execute(); + return $query->fetchAll(\PDO::FETCH_ASSOC); + } +} diff --git a/inc/Service/SearchService.php b/inc/Service/SearchService.php new file mode 100644 index 00000000..c57d96a9 --- /dev/null +++ b/inc/Service/SearchService.php @@ -0,0 +1,432 @@ + '\\', + '\\*' => '*', + '\\"' => '"' + ]); + } + + /** + * Split the filter into fragments along the wildcards, handling escaping. + * + * @param string $str The full filter. + * @return array + */ + private static function split(string $str): array { + // Split the fragments + return \preg_split('/(?:\\\\\\\\)*\\\\\*|(?:\\\\\\\\)*\*+/', $str); + } + + private static function weightByContent(array $fragments): float { + $w = 0; + + foreach ($fragments as $fragment) { + $short = \strlen($fragment) < 4; + if (\in_array($fragment, self::COMMON_WORDS)) { + $w += $short ? 16 : 6; + } elseif ($short) { + $w += 6; + } + } + + return $w; + } + + private static function filterAndWeight(string $filter): array { + $fragments = self::split($filter); + $acc = []; + $total_len = 0; + + foreach ($fragments as $fragment) { + $fragment = self::trim(self::unescape($fragment)); + + if (!empty($fragment)) { + $total_len += \strlen($fragment); + $acc[] = $fragment; + } + } + + $wildcard_weight = 0; + if (!empty($acc) && $total_len >= 0) { + // Interword wildcards + $interword = \min(\count($fragments) - 1, 0); + // Wildcards over the total length of the word. Ergo the number of fragments minus 1. + $perc = $interword / $total_len * 100; + $wildcard_weight = $perc + \count($fragments) * 2; + } + + return [ $acc, $total_len, $wildcard_weight ]; + } + + /** + * Gets a subset of the given strings which match every filter. + * + * @param array $fragments User provided fragments to search in the flags. + * @param array $strings An array of strings. + * @return array An array of strings, subset of $strings. + */ + private static function matchStrings(array $strings, array $fragments): array { + return \array_filter($strings, function ($str) use ($fragments) { + // Saves the last position. We use this to ensure the fragments are one after the other. + $last_ret = -1; + foreach ($fragments as $fragment) { + if ($last_ret + 1 > \strlen($fragment)) { + // Cannot possibly match. + return false; + } + + $last_ret = \stripos($str, $fragment, $last_ret + 1); + if ($last_ret === false) { + // Exclude flags that don't match even a single fragment. + return false; + } + } + return true; + }); + } + + /** + * Parses a raw search query. + * + * @param string $raw_query Raw user query. Phrases are searched in the post bodies. The user can specify also + * additional filters in the : format. + * Available filters: + * - board: the board, value can be quoted + * - subject: post subject, value can be quoted, supports wildcards + * - name: post name, value can be quoted, supports wildcards + * - flag: post flag, value can be quoted, supports wildcards + * - id: post id, must be numeric + * - thread: thread id, must be numeric + * The remaining text is split into chunks and searched in the post body. + * @return FiltersParseResult + */ + public function parse(string $raw_query): FiltersParseResult{ + $tres = self::truncateQuery($raw_query, $this->max_query_length); + if ($tres === null) { + throw new \RuntimeException('Could not truncate query'); + } + + $pres = \preg_match_all( + '/(?: + \b(board): + (?: + "([^"]+)" # [2] board: "quoted" + | + ([^\s"]+) # [3] board: unquoted + ) + | + \b(subject|name|flag): + (?: + "((?:\\\\\\\\|\\\\\"|\\\\\*|[^"\\\\])*)" # [5] quoted with wildcards + | + ((?:\\\\\\\\|\\\\\*|[^\s\\\\])++) # [6] unquoted with wildcards + ) + | + \b(id|thread): + (\d+) # [8] numeric only + | + "((?:\\\\\\\\|\\\\\"|\\\\\*|[^"\\\\])*)" # [9] quoted free text + | + ([^"\s]++) # [10] unquoted free text block + )/iux', + $tres, + $matches, + \PREG_SET_ORDER + ); + if ($pres === false) { + throw new \RuntimeException('Could not decode the query'); + } + + $filters = new FiltersParseResult(); + + foreach ($matches as $m) { + if (!empty($m[1])) { + // board (no wildcards). + $value = \trim(!empty($m[2]) ? $m[2] : $m[3], '/'); + + $filters->board = $value; + } elseif (!empty($m[4])) { + // subject, name, flag (with wildcards). + $key = \strtolower($m[4]); + $value = !empty($m[5]) ? $m[5] : $m[6]; + + if ($key === 'name') { + $filters->name = $value; + } elseif ($key === 'subject') { + $filters->subject = $value; + } else { + $filters->flag = $value; + } + } elseif (!empty($m[7])) { + $key = \strtolower($m[7]); + $value = (int)$m[8]; + + if ($key === 'id') { + $filters->id = $value; + } else { + $filters->thread = $value; + } + } elseif (!empty($m[9]) || !empty($m[10])) { + $value = !empty($m[9]) ? $m[9] : $m[10]; + + $filters->body[] = $value; + } + } + + return $filters; + } + + /** + * @param LogDriver $log Log river. + * @param UserPostQueries $user_queries User posts queries. + * @param SearchQueries $search_queries Search queries for flood detection. + * @param ?array $flag_map The key-value map of user flags, or null to disable flag search. + * @param float $max_weight The maximum weight of the parsed user query. Body filters that go beyond this limit are discarded. + * @param int $max_query_length Maximum length of the raw input query before it's truncated. + * @param int $post_limit Maximum number of results. + * @param ?array $searchable_board_uris The uris of the board that can be searched. Null to search all the boards. + */ + public function __construct( + LogDriver $log, + UserPostQueries $user_queries, + SearchQueries $search_queries, + ?array $flag_map, + float $max_weight, + int $max_query_length, + int $post_limit, + ?array $searchable_board_uris + ) { + $this->log = $log; + $this->user_queries = $user_queries; + $this->search_queries = $search_queries; + $this->flag_map = $flag_map; + $this->max_weight = $max_weight; + $this->max_query_length = $max_query_length; + $this->post_limit = $post_limit; + $this->searchable_board_uris = $searchable_board_uris ?? listBoards(true); + } + + /** + * Reduces the user provided filters and assigns them a total weight. + * + * @param FiltersParseResult $filters The filters to sanitize, reduce and weight. + * @return SearchFilters + */ + public function reduceAndWeight(FiltersParseResult $filters): SearchFilters { + $weighted = new SearchFilters(); + + if ($filters->subject !== null) { + list($fragments, $total_len, $wildcard_weight) = self::filterAndWeight($filters->subject); + + if (!empty($fragments) && $total_len >= 0) { + if ($total_len <= self::MAX_LENGTH_SUBJECT) { + $weighted->subject = $fragments; + $weighted->weight += $wildcard_weight; + } + } + } + if ($filters->name !== null) { + list($fragments, $total_len, $wildcard_weight) = self::filterAndWeight($filters->name); + + if (!empty($fragments) && $total_len >= 0) { + if ($total_len <= self::MAX_LENGTH_NAME) { + $weighted->name = $fragments; + $weighted->weight += $wildcard_weight; + } + } + } + // No wildcard support, and obligatory anyway so it weights 0. + $weighted->board = $filters->board; + if ($filters->flag !== null) { + $weighted->flag = []; + + if (!empty($this->flag_map)) { + $max_flag_length = \array_reduce($this->flag_map, fn($max, $str) => \max($max, \strlen($str)), 0); + + list($fragments, $total_len, $wildcard_weight) = self::filterAndWeight($filters->flag); + + if (!empty($fragments) && $total_len >= 0) { + // Add 2 to account for possible wildcards on the ends. + if ($total_len <= $max_flag_length + 2) { + $weighted->flag = $fragments; + $weighted->weight += $wildcard_weight; + } + } + } + } + $weighted->id = $filters->id; + $weighted->thread = $filters->thread; + if (!empty($filters->body)) { + foreach ($filters->body as $keyword) { + list($fragments, $total_len, $wildcard_weight) = self::filterAndWeight($keyword); + + if (!empty($fragments) && $total_len >= 0) { + $content_weight = self::weightByContent($fragments); + $str_weight = $content_weight + $wildcard_weight; + + if ($str_weight + $weighted->weight <= $this->max_weight) { + $weighted->weight += $str_weight; + $weighted->body[] = $fragments; + } + } + } + } + + return $weighted; + } + + /** + * Run a search on user posts with the given filters. + * + * @param SearchFilters $filters An array of filters made by {@see self::parse()}. + * @param ?string $fallback_board Fallback board if there isn't a board filter. + * @return ?array Data array straight from the PDO, with all the fields in posts.sql, or null if the query was too broad. + */ + public function search(string $ip, string $raw_query, SearchFilters $filters, ?string $fallback_board): ?array { + $board = !empty($filters->board) ? $filters->board : $fallback_board; + if ($board === null) { + return []; + } + + // Only board is specified. + if (empty($filters->subject) && + empty($filters->name) && + empty($filters->flag) && + $filters->id === null && + $filters->thread === null && + empty($filters->body) + ) { + return null; + } + + if (!\in_array($board, $this->searchable_board_uris)) { + return []; + } + + $weight_perc = ($filters->weight / $this->max_weight) * 100; + if ($weight_perc > 85) { + /// Over 85 of the weight. + $this->log->log(LogDriver::NOTICE, "$ip search: weight {$weight_perc}% ({$filters->weight}) query '$raw_query'"); + } else { + $this->log->log(LogDriver::INFO, "$ip search: weight {$weight_perc}% ({$filters->weight}) query '$raw_query'"); + } + + $flags = []; + if (!empty($filters->flag) && !empty($this->flag_map)) { + // A double array_values is necessary in order to re-index the array, otherwise it's left with random indexes. + $reverse_flags = \array_values($this->flag_map); + $flags = \array_values($this->matchStrings($reverse_flags, $filters->flag)); + if (empty($flags)) { + // The query doesn't match any flags so it will always fail anyway. + return []; + } + } + + return $this->user_queries->searchPosts( + $board, + $filters->subject, + $filters->name, + $flags, + $filters->id, + $filters->thread, + $filters->body, + $this->post_limit + ); + } + + /** + * Check if the IP-query pair passes the limit. + * + * @param string $ip Source IP. + * @param string $phrase The search query. + * @return bool True if the request goes over the limit. + */ + public function checkFlood(string $ip, string $raw_query) { + return $this->search_queries->checkFlood($ip, $raw_query); + } + + /** + * Returns the uris of the boards that may be searched. + */ + public function getSearchableBoards(): array { + return $this->searchable_board_uris; + } + + /** + * @return bool True if the flag filter is enabled. + */ + public function isFlagFilterEnabled(): bool { + return !empty($this->flag_map); + } +} diff --git a/inc/anti-bot.php b/inc/anti-bot.php index 1f1c885b..cf82dcc8 100644 --- a/inc/anti-bot.php +++ b/inc/anti-bot.php @@ -196,49 +196,56 @@ function _create_antibot($pdo, $board, $thread) { $antibot = new AntiBot(array($board, $thread)); try { - $pdo->beginTransaction(); + retry_on_deadlock(3, function() use ($config, $pdo, $thread, $board, $antibot, $purged_old_antispam) { + try { + $pdo->beginTransaction(); - // Delete old expired antispam, skipping those with NULL expiration timestamps (infinite lifetime). - if (!isset($purged_old_antispam) && $config['auto_maintenance']) { - $purged_old_antispam = true; - purge_old_antispam(); - } + // Delete old expired antispam, skipping those with NULL expiration timestamps (infinite lifetime). + if (!isset($purged_old_antispam) && $config['auto_maintenance']) { + $purged_old_antispam = true; + purge_old_antispam(); + } - // Keep the now invalid timestamps around for a bit to enable users to post if they're still on an old version of - // the HTML page. - // By virtue of existing, we know that we're making a new version of the page, and the user from now on may just reload. - if ($thread) { - $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL'); - } else { - $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL'); - } + // Keep the now invalid timestamps around for a bit to enable users to post if they're still on an old version of + // the HTML page. + // By virtue of existing, we know that we're making a new version of the page, and the user from now on may just reload. + if ($thread) { + $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL'); + } else { + $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL'); + } - $query->bindValue(':board', $board); - if ($thread) { - $query->bindValue(':thread', $thread); - } - $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); - // Throws on error. - $query->execute(); + $query->bindValue(':board', $board); + if ($thread) { + $query->bindValue(':thread', $thread); + } + $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); + // Throws on error. + $query->execute(); - $hash = $antibot->hash(); + $hash = $antibot->hash(); - // Insert an antispam with infinite life as the HTML page of a thread might last well beyond the expiry date. - $query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)'); - $query->bindValue(':board', $board); - $query->bindValue(':thread', $thread); - $query->bindValue(':hash', $hash); - // Throws on error. - $query->execute(); + // Insert an antispam with infinite life as the HTML page of a thread might last well beyond the expiry date. + $query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)'); + $query->bindValue(':board', $board); + $query->bindValue(':thread', $thread); + $query->bindValue(':hash', $hash); + // Throws on error. + $query->execute(); - $pdo->commit(); + $pdo->commit(); + } catch (\Exception $e) { + $pdo->rollBack(); + throw $e; + } + }); } catch (\PDOException $e) { $pdo->rollBack(); if ($e->errorInfo === null || $e->errorInfo[1] != MYSQL_ER_LOCK_DEADLOCK) { throw $e; } else { - error_log('Deadlock on _create_antibot while inserting, skipping'); + \error_log('5 or more deadlocks on _create_antibot while inserting, skipping'); } } diff --git a/inc/bans.php b/inc/bans.php index 9ee41339..d97451cf 100644 --- a/inc/bans.php +++ b/inc/bans.php @@ -285,68 +285,68 @@ class Bans { } } - static public function stream_json($out = false, $filter_ips = false, $filter_staff = false, $board_access = false, $hide_regexes = []) { - $query = query("SELECT ``bans``.*, `username` FROM ``bans`` - LEFT JOIN ``mods`` ON ``mods``.`id` = `creator` - ORDER BY `created` DESC") or error(db_error()); - $bans = $query->fetchAll(PDO::FETCH_ASSOC); - + static public function stream_json($filter_ips = false, $filter_staff = false, $board_access = false, $hide_message = false) { if ($board_access && $board_access[0] == '*') { $board_access = false; } - $out ? fputs($out, "[") : print("["); + $query = query("SELECT ``bans``.*, `username` FROM ``bans`` + LEFT JOIN ``mods`` ON ``mods``.`id` = `creator` + ORDER BY `created` DESC") or error(db_error()); - $end = end($bans); + print('['); - foreach ($bans as &$ban) { - $ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]); + $has_previous = false; - $hide_message = false; - foreach ($hide_regexes as $regex) { - if(preg_match($regex, $ban['reason'])) { - $hide_message = true; - break; + while (true) { + $ban = $query->fetch(PDO::FETCH_ASSOC); + + if (\is_array($ban)) { + $ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]); + + if ($ban['post'] && !$hide_message) { + $post = \json_decode($ban['post']); + $ban['message'] = isset($post->body) ? $post->body : 0; } - } + unset($ban['ipstart'], $ban['ipend'], $ban['post'], $ban['creator']); - if ($ban['post'] && !$hide_message) { - $post = json_decode($ban['post']); - $ban['message'] = isset($post->body) ? $post->body : 0; - } - unset($ban['ipstart'], $ban['ipend'], $ban['post'], $ban['creator']); - - if ($board_access === false || in_array ($ban['board'], $board_access)) { - $ban['access'] = true; - } - - if (filter_var($ban['mask'], FILTER_VALIDATE_IP) !== false) { - $ban['single_addr'] = true; - } - if ($filter_staff || ($board_access !== false && !in_array($ban['board'], $board_access))) { - $ban['username'] = '?'; - } - if ($filter_ips || ($board_access !== false && !in_array($ban['board'], $board_access))) { - @list($ban['mask'], $subnet) = explode("/", $ban['mask']); - $ban['mask'] = preg_split("/[\.:]/", $ban['mask']); - $ban['mask'] = array_slice($ban['mask'], 0, 2); - $ban['mask'] = implode(".", $ban['mask']); - $ban['mask'] .= ".x.x"; - if (isset ($subnet)) { - $ban['mask'] .= "/$subnet"; + if ($board_access === false || in_array ($ban['board'], $board_access)) { + $ban['access'] = true; } - $ban['masked'] = true; - } - $json = json_encode($ban); - $out ? fputs($out, $json) : print($json); + if (filter_var($ban['mask'], FILTER_VALIDATE_IP) !== false) { + $ban['single_addr'] = true; + } + if ($filter_staff || ($board_access !== false && !\in_array($ban['board'], $board_access))) { + $ban['username'] = '?'; + } + if ($filter_ips || ($board_access !== false && !\in_array($ban['board'], $board_access))) { + @list($ban['mask'], $subnet) = explode("/", $ban['mask']); + $ban['mask'] = \preg_split("/[\.:]/", $ban['mask']); + $ban['mask'] = \array_slice($ban['mask'], 0, 2); + $ban['mask'] = \implode(".", $ban['mask']); + $ban['mask'] .= ".x.x"; + if (isset($subnet)) { + $ban['mask'] .= "/$subnet"; + } + $ban['masked'] = true; + } - if ($ban['id'] != $end['id']) { - $out ? fputs($out, ",") : print(","); + $json = \json_encode($ban); + + // Add a comma if there's a previous row. + if ($has_previous) { + print(','); + } + $has_previous = true; + + print($json); + } else { + break; } } - $out ? fputs($out, "]") : print("]"); + print(']'); } static public function seen($ban_id) { diff --git a/inc/cache.php b/inc/cache.php index d26f9201..56cf90e2 100644 --- a/inc/cache.php +++ b/inc/cache.php @@ -4,7 +4,7 @@ * Copyright (c) 2010-2013 Tinyboard Development Group */ -use Vichan\Data\Driver\{CacheDriver, ApcuCacheDriver, ArrayCacheDriver, FsCacheDriver, MemcachedCacheDriver, NoneCacheDriver, RedisCacheDriver}; +use Vichan\Data\Driver\Cache\{CacheDriver, ApcuCacheDriver, ArrayCacheDriver, FsCacheDriver, MemcachedCacheDriver, NoneCacheDriver, RedisCacheDriver}; defined('TINYBOARD') or exit; @@ -15,10 +15,18 @@ class Cache { switch ($config['cache']['enabled']) { case 'memcached': - return new MemcachedCacheDriver( - $config['cache']['prefix'], - $config['cache']['memcached'] - ); + $prefix = $config['cache']['prefix']; + $uri = $config['cache']['memcached'][0]; + $port = 0; + $weight = 0; + if (isset($config['cache']['memcached'][1]) && $config['cache']['memcached'][1] !== null) { + $port = \intval($config['cache']['memcached'][1]); + } + if (isset($config['cache']['memcached'][2]) && $config['cache']['memcached'][2] !== null) { + $weight = \intval($config['cache']['memcached'][2]); + } + + return new MemcachedCacheDriver($prefix, $uri, $port, $weight); case 'redis': $port = $config['cache']['redis'][1]; $port = empty($port) ? null : intval($port); diff --git a/inc/config.php b/inc/config.php index 633cdd33..9ac73a1f 100644 --- a/inc/config.php +++ b/inc/config.php @@ -63,9 +63,29 @@ // been generated. This keeps the script from querying the database and causing strain when not needed. $config['has_installed'] = '.installed'; - // Use syslog() for logging all error messages and unauthorized login attempts. + // Deprecated, use 'log_system'. $config['syslog'] = false; + $config['log_system'] = [ + /* + * Log all error messages and unauthorized login attempts. + * Can be "syslog", "error_log" (default), "file", or "stderr". + */ + 'type' => 'error_log', + // The application name used by the logging system. Defaults to "tinyboard" for backwards compatibility. + 'name' => 'tinyboard', + /* + * Only relevant if 'log_system' is set to "syslog". If true, double print the logs also in stderr. Defaults to + * false. + */ + 'syslog_stderr' => false, + /* + * Only relevant if "log_system" is set to `file`. Sets the file that vichan will log to. Defaults to + * '/var/log/vichan.log'. + */ + 'file_path' => '/var/log/vichan.log', + ]; + // Use `host` via shell_exec() to lookup hostnames, avoiding query timeouts. May not work on your system. // Requires safe_mode to be disabled. $config['dns_system'] = false; @@ -200,6 +220,9 @@ // Used to salt secure tripcodes ("##trip") and poster IDs (if enabled). $config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba'; + // Used to salt poster passwords. + $config['secure_password_salt'] = 'wKJSb7M5SyzMcFWD2gPO3j2RYUSO9B789!@#$%^&*()'; + /* * ==================== * Flood/spam settings @@ -920,10 +943,6 @@ // Location of thumbnail to use for deleted images. $config['image_deleted'] = 'static/deleted.png'; - // When a thumbnailed image is going to be the same (in dimension), just copy the entire file and use - // that as a thumbnail instead of resizing/redrawing. - $config['minimum_copy_resize'] = false; - // Maximum image upload size in bytes. $config['max_filesize'] = 10 * 1024 * 1024; // 10MB // Maximum image dimensions. @@ -962,15 +981,6 @@ // Set this to true if you're using Linux and you can execute `md5sum` binary. $config['gnu_md5'] = false; - // Use Tesseract OCR to retrieve text from images, so you can use it as a spamfilter. - $config['tesseract_ocr'] = false; - - // Tesseract parameters - $config['tesseract_params'] = ''; - - // Tesseract preprocess command - $config['tesseract_preprocess_command'] = 'convert -monochrome %s -'; - // Number of posts in a "View Last X Posts" page $config['noko50_count'] = 50; // Number of posts a thread needs before it gets a "View Last X Posts" page. @@ -1192,10 +1202,22 @@ // Custom embedding (YouTube, vimeo, etc.) // It's very important that you match the entire input (with ^ and $) or things will not work correctly. $config['embedding'] = array( - array( - '/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})(&.+)?$/i', - '' - ), + [ + '/^(?:(?:https?:)?\/\/)?((?:www|m)\.)?(?:(?:youtube(?:-nocookie)?\.com|youtu\.be))(?:\/(?:[\w\-]+\?v=|embed\/|live\/|v\/)?)([\w\-]{11})((?:\?|\&)\S+)?$/i', + '
+ + + +
' + ], + [ + '/^https?:\/\/(\w+\.)?youtube\.com\/shorts\/([a-zA-Z0-9\-_]{10,11})(\?.*)?$/i', + '
+ + + +
' + ], array( '/^https?:\/\/(\w+\.)?vimeo\.com\/(\d{2,10})(\?.+)?$/i', '' @@ -1212,10 +1234,18 @@ '/^https?:\/\/video\.google\.com\/videoplay\?docid=(\d+)([&#](.+)?)?$/i', '' ), - array( + [ '/^https?:\/\/(\w+\.)?vocaroo\.com\/i\/([a-zA-Z0-9]{2,15})$/i', - '' - ) + '' + ], + [ + '/^https?:\/\/(\w+\.)?voca\.ro\/([a-zA-Z0-9]{2,15})$/i', + '' + ], + [ + '/^https?:\/\/(\w+\.)?vocaroo\.com\/([a-zA-Z0-9]{2,15})#?$/i', + '' + ] ); // Embedding width and height. @@ -1268,6 +1298,7 @@ $config['error']['pendingappeal'] = _('There is already a pending appeal for this ban.'); $config['error']['invalidpassword'] = _('Wrong password…'); $config['error']['invalidimg'] = _('Invalid image.'); + $config['error']['invalidfile'] = _('Invalid file.'); $config['error']['unknownext'] = _('Unknown file extension.'); $config['error']['filesize'] = _('Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes'); $config['error']['maxsize'] = _('The file was too big.'); @@ -1521,8 +1552,8 @@ // Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x). $config['mod']['dns_lookup'] = true; - // How many recent posts, per board, to show in each page of ?/IP/x.x.x.x. - $config['mod']['ip_recentposts'] = 5; + // How many recent posts, per board, to show in ?/user_posts/ip/x.x.x.x. and ?/user_posts/passwd/xxxxxxxx + $config['mod']['recent_user_posts'] = 5; // Number of posts to display on the reports page. $config['mod']['recent_reports'] = 10; @@ -1825,7 +1856,18 @@ // Limit of search results $config['search']['search_limit'] = 100; - // Boards for searching + // Maximum weigth of the search query. + // Body search filters are discarded if they make the query heavier than this. + $config['search']['max_weight'] = 100; + + // Maximum length of the user sent search query. + // Characters beyond the limit are truncated and ignored. + $config['search']['max_length'] = 768; + + // Enable the flag search filter. + $config['search']['flag_filter'] = false; + + // Uncomment to limit the search feature to the given boards by uri. //$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e'); // Enable public logs? 0: NO, 1: YES, 2: YES, but drop names @@ -1865,45 +1907,6 @@ // Example: Adding the pre-markup post body to the API as "com_nomarkup". // $config['api']['extra_fields'] = array('body_nomarkup' => 'com_nomarkup'); -/* - * ================== - * NNTPChan settings - * ================== - */ - -/* - * Please keep in mind that NNTPChan support in vichan isn't finished yet / is in an experimental - * state. Please join #nntpchan on Rizon in order to peer with someone. - */ - - $config['nntpchan'] = array(); - - // Enable NNTPChan integration - $config['nntpchan']['enabled'] = false; - - // NNTP server - $config['nntpchan']['server'] = "localhost:1119"; - - // Global dispatch array. Add your boards to it to enable them. Please make - // sure that this setting is set in a global context. - $config['nntpchan']['dispatch'] = array(); // 'overchan.test' => 'test' - - // Trusted peer - an IP address of your NNTPChan instance. This peer will have - // increased capabilities, eg.: will evade spamfilter. - $config['nntpchan']['trusted_peer'] = '127.0.0.1'; - - // Salt for message ID generation. Keep it long and secure. - $config['nntpchan']['salt'] = 'change_me+please'; - - // A local message ID domain. Make sure to change it. - $config['nntpchan']['domain'] = 'example.vichan.net'; - - // An NNTPChan group name. - // Please set this setting in your board/config.php, not globally. - $config['nntpchan']['group'] = false; // eg. 'overchan.test' - - - /* * ==================== * Other/uncategorized @@ -2000,12 +2003,6 @@ // is the absolute maximum, because MySQL cannot handle table names greater than 64 characters. $config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}'; - // Youtube.js embed HTML code - $config['youtube_js_html'] = '
'. - ''. - ''. - '
'; - // Slack Report Notification $config['slack'] = false; $config['slack_channel'] = ""; @@ -2024,7 +2021,7 @@ // Password hashing method version // If set to 0, it won't upgrade hashes using old password encryption schema, only create new. // You can set it to a higher value, to further migrate to other password hashing function. - $config['password_crypt_version'] = 1; + $config['password_crypt_version'] = 2; // Use CAPTCHA for reports? $config['report_captcha'] = false; @@ -2044,9 +2041,16 @@ // Enable auto IP note generation of moderator deleted posts $config['autotagging'] = false; - // Enable PDF file thumbnail generation + // Enable PDF thumbnail generation. + // Requires a working installation of ghostscript and imagemagick. + // Imagemagick support of PDF files is not required. $config['pdf_file_thumbnail'] = false; + // Enable djvu thumbnail generation. + // Requires djvulibre's tools and imagemagick. + // Imagemagick support of djvu files is not required. + $config['djvu_file_thumbnail'] = false; + // Enable TXT file thumbnail $config['txt_file_thumbnail'] = false; diff --git a/inc/context.php b/inc/context.php index b9e768e1..ae6caa17 100644 --- a/inc/context.php +++ b/inc/context.php @@ -1,8 +1,11 @@ $config, + LogDriver::class => function($c) { + $config = $c->get('config'); + + $name = $config['log_system']['name']; + $level = $config['debug'] ? LogDriver::DEBUG : LogDriver::NOTICE; + $backend = $config['log_system']['type']; + + $legacy_syslog = isset($config['syslog']) && $config['syslog']; + + // Check 'syslog' for backwards compatibility. + if ($legacy_syslog || $backend === 'syslog') { + $log_driver = new SyslogLogDriver($name, $level, $config['log_system']['syslog_stderr']); + if ($legacy_syslog) { + $log_driver->log(LogDriver::NOTICE, 'The configuration setting \'syslog\' is deprecated. Please use \'log_system\' instead'); + } + return $log_driver; + } elseif ($backend === 'file') { + return new FileLogDriver($name, $level, $config['log_system']['file_path']); + } elseif ($backend === 'stderr') { + return new StderrLogDriver($name, $level); + } elseif ($backend === 'error_log') { + return new ErrorLogLogDriver($name, $level); + } else { + $log_driver = new ErrorLogLogDriver($name, $level); + $log_driver->log(LogDriver::ERROR, "Unknown 'log_system' value '$backend', using 'error_log' default"); + return $log_driver; + } + }, CacheDriver::class => function($c) { // Use the global for backwards compatibility. return \cache::getCache(); @@ -41,10 +72,53 @@ function build_context(array $config): Context { sql_open(); return $pdo; }, + SearchService::class => function($c) { + $config = $c->get('config'); + + $flags = null; + if ($config['search']['flag_filter']) { + if ($config['user_flag']) { + $flags = $config['user_flags']; + } elseif ($config['country_flags']) { + $flags = Flags::EMBEDDED_FLAGS; + } + } + + $board_uris = $config['search']['boards'] ?? null; + + return new SearchService( + $c->get(LogDriver::class), + $c->get(UserPostQueries::class), + $c->get(SearchQueries::class), + $flags, + $config['search']['max_weight'], + $config['search']['max_length'], + $config['search']['search_limit'], + $board_uris + ); + }, ReportQueries::class => function($c) { $auto_maintenance = (bool)$c->get('config')['auto_maintenance']; $pdo = $c->get(\PDO::class); return new ReportQueries($pdo, $auto_maintenance); + }, + UserPostQueries::class => function($c) { + return new UserPostQueries($c->get(\PDO::class)); + }, + IpNoteQueries::class => fn($c) => new IpNoteQueries($c->get(\PDO::class), $c->get(CacheDriver::class)), + SearchQueries::class => function($c) { + $config = $c->get('config'); + list($queries_for_single, $range_for_single_min) = $config['search']['queries_per_minutes']; + list($queries_for_all, $range_for_all_min) = $config['search']['queries_per_minutes_all']; + + return new SearchQueries( + $c->get(\PDO::class), + $queries_for_single, + $range_for_single_min * 60, + $queries_for_all, + $range_for_all_min * 60, + (bool)$config['auto_maintenance'] + ); } ]); } diff --git a/inc/database.php b/inc/database.php index f5ea73bd..4b0bb6c3 100644 --- a/inc/database.php +++ b/inc/database.php @@ -66,7 +66,7 @@ function sql_open() { $dsn = $config['db']['type'] . ':' . ($unix_socket ? 'unix_socket=' . $unix_socket : 'host=' . $config['db']['server']) . - ';dbname=' . $config['db']['database']; + ';charset=utf8mb4;dbname=' . $config['db']['database']; if (!empty($config['db']['dsn'])) $dsn .= ';' . $config['db']['dsn']; try { @@ -85,7 +85,7 @@ function sql_open() { if ($config['debug']) { $debug['time']['db_connect'] = '~' . round((microtime(true) - $start) * 1000, 2) . 'ms'; if ($config['db']['type'] == "mysql") { - query('SET NAMES utf8') or error(db_error()); + query('SET NAMES utf8mb4') or error(db_error()); } } return $pdo; diff --git a/inc/filters.php b/inc/filters.php index 2a66cd2a..97cbc524 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -4,23 +4,26 @@ * Copyright (c) 2010-2013 Tinyboard Development Group */ +use Vichan\Context; +use Vichan\Data\IpNoteQueries; + defined('TINYBOARD') or exit; class Filter { public $flood_check; private $condition; private $post; - + public function __construct(array $arr) { foreach ($arr as $key => $value) - $this->$key = $value; + $this->$key = $value; } - + public function match($condition, $match) { $condition = strtolower($condition); $post = &$this->post; - + switch($condition) { case 'custom': if (!is_callable($match)) @@ -29,11 +32,11 @@ class Filter { case 'flood-match': if (!is_array($match)) error('Filter condition "flood-match" must be an array.'); - + // Filter out "flood" table entries which do not match this filter. - + $flood_check_matched = array(); - + foreach ($this->flood_check as $flood_post) { foreach ($match as $flood_match_arg) { switch ($flood_match_arg) { @@ -69,10 +72,10 @@ class Filter { } $flood_check_matched[] = $flood_post; } - + // is there any reason for this assignment? $this->flood_check = $flood_check_matched; - + return !empty($this->flood_check); case 'flood-time': foreach ($this->flood_check as $flood_post) { @@ -135,46 +138,42 @@ class Filter { error('Unknown filter condition: ' . $condition); } } - - public function action() { + + public function action(Context $ctx) { global $board; $this->add_note = isset($this->add_note) ? $this->add_note : false; if ($this->add_note) { - $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':mod', -1); - $query->bindValue(':time', time()); - $query->bindValue(':body', "Autoban message: ".$this->post['body']); - $query->execute() or error(db_error($query)); - } + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($_SERVER['REMOTE_ADDR'], -1, 'Autoban message: ' . $this->post['body']); + } if (isset ($this->action)) switch($this->action) { case 'reject': error(isset($this->message) ? $this->message : 'Posting blocked by filter.'); case 'ban': if (!isset($this->reason)) error('The ban action requires a reason.'); - + $this->expires = isset($this->expires) ? $this->expires : false; $this->reject = isset($this->reject) ? $this->reject : true; $this->all_boards = isset($this->all_boards) ? $this->all_boards : false; - + Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1); if ($this->reject) { if (isset($this->message)) error($message); - + checkBan($board['uri']); exit; } - + break; default: error('Unknown filter action: ' . $this->action); } } - + public function check(array $post) { $this->post = $post; foreach ($this->condition as $condition => $value) { @@ -184,7 +183,7 @@ class Filter { } else { $NOT = false; } - + if ($this->match($condition, $value) == $NOT) return false; } @@ -194,11 +193,11 @@ class Filter { function purge_flood_table() { global $config; - + // Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not // aware of flood filters in other board configurations. You can solve this problem by settings the // config variable $config['flood_cache'] (seconds). - + if (isset($config['flood_cache'])) { $max_time = &$config['flood_cache']; } else { @@ -208,18 +207,18 @@ function purge_flood_table() { $max_time = max($max_time, $filter['condition']['flood-time']); } } - + $time = time() - $max_time; - + query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error()); } -function do_filters(array $post) { +function do_filters(Context $ctx, array $post) { global $config; if (!isset($config['filters']) || empty($config['filters'])) return; - + foreach ($config['filters'] as $filter) { if (isset($filter['condition']['flood-match'])) { $has_flood = true; @@ -232,15 +231,15 @@ function do_filters(array $post) { } else { $flood_check = false; } - + foreach ($config['filters'] as $filter_array) { $filter = new Filter($filter_array); $filter->flood_check = $flood_check; if ($filter->check($post)) { - $filter->action(); + $filter->action($ctx); } } - + purge_flood_table(); } diff --git a/inc/functions.php b/inc/functions.php index a355e53c..e6ce4bb2 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -11,6 +11,7 @@ if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) { $microtime_start = microtime(true); +use Vichan\Functions\Hide; use Lifo\IP\IP; // for expanding IPv6 address in DNSBL() // the user is not currently logged in as a moderator @@ -646,13 +647,14 @@ function file_write($path, $data, $simple = false, $skip_purge = false) { if ($config['gzip_static']) { $gzpath = "$path.gz"; - if ($bytes & ~0x3ff) { // if ($bytes >= 1024) - if (file_put_contents($gzpath, gzencode($data), $simple ? 0 : LOCK_EX) === false) - error("Unable to write to file: $gzpath"); - //if (!touch($gzpath, filemtime($path), fileatime($path))) - // error("Unable to touch file: $gzpath"); - } - else { + // 12KBs (2 left for headers etc) to stay within the 14 KBs of the standard initial TCP packet. + if ($bytes >= 12288) { + if (\file_put_contents($gzpath, \gzencode($data), $simple ? 0 : LOCK_EX) === false) { + // Do not fail completely if the write fails. + \error_log("Unable to write to file: $gzpath"); + @unlink($gzpath); + } + } else { @unlink($gzpath); } } @@ -745,24 +747,23 @@ function hasPermission($action = null, $board = null, $_mod = null) { function listBoards($just_uri = false) { global $config; - $just_uri ? $cache_name = 'all_boards_uri' : $cache_name = 'all_boards'; + $cache_name = $just_uri ? 'all_boards_uri' : 'all_boards'; - if ($config['cache']['enabled'] && ($boards = cache::get($cache_name))) + if ($config['cache']['enabled'] && ($boards = cache::get($cache_name))) { return $boards; - - if (!$just_uri) { - $query = query("SELECT * FROM ``boards`` ORDER BY `uri`") or error(db_error()); - $boards = $query->fetchAll(); - } else { - $boards = array(); - $query = query("SELECT `uri` FROM ``boards``") or error(db_error()); - while ($board = $query->fetchColumn()) { - $boards[] = $board; - } } - if ($config['cache']['enabled']) + if (!$just_uri) { + $query = query('SELECT * FROM ``boards`` ORDER BY `uri`'); + $boards = $query->fetchAll(); + } else { + $query = query('SELECT `uri` FROM ``boards``'); + $boards = $query->fetchAll(\PDO::FETCH_COLUMN); + } + + if ($config['cache']['enabled']) { cache::set($cache_name, $boards); + } return $boards; } @@ -1692,7 +1693,7 @@ function checkSpam(array $extra_salt = array()) { $_hash = sha1($_hash . $extra_salt); if ($hash != $_hash) { - return true; + return true; } $query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash'); @@ -2070,7 +2071,7 @@ function remove_modifiers($body) { return preg_replace('@(.+?)@usm', '', $body); } -function markup(&$body, $track_cites = false, $op = false) { +function markup(&$body, $track_cites = false) { global $board, $config, $markup_urls; $modifiers = extract_modifiers($body); @@ -2169,12 +2170,15 @@ function markup(&$body, $track_cites = false, $op = false) { link_for(array('id' => $cite, 'thread' => $cited_posts[$cite])) . '#' . $cite . '">' . '>>' . $cite . ''; + } else { + $replacement = ">>$cite"; + } - $body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[3][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0])); - $skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[3][0]) - mb_strlen($matches[0][0]); + $body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[3][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0])); + $skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[3][0]) - mb_strlen($matches[0][0]); - if ($track_cites && $config['track_cites']) - $tracked_cites[] = array($board['uri'], $cite); + if ($track_cites && $config['track_cites']) { + $tracked_cites[] = array($board['uri'], $cite); } } } @@ -2225,20 +2229,15 @@ function markup(&$body, $track_cites = false, $op = false) { $clauses = array_unique($clauses); if ($board['uri'] != $_board) { - if (!openBoard($_board)){ - if (in_array($_board,array_keys($config['boards_alias']))){ - $_board = $config['boards_alias'][$_board]; - if (openBoard($_board)){ - - } - else { + if (!openBoard($_board)) { + if (\in_array($_board, \array_keys($config['boards_alias']))) { + $_board = $config['boards_alias'][$_board]; + if (!openBoard($_board)) { continue; // Unknown board - } - } - else { + } + } else { continue; // Unknown board } - } } @@ -2279,38 +2278,31 @@ function markup(&$body, $track_cites = false, $op = false) { if ($cite) { if (isset($cited_posts[$_board][$cite])) { $link = $cited_posts[$_board][$cite]; - if (isset($original_board)){ - $replacement = '' . - '>>>/' . $original_board . '/' . $cite . + '>>>/' . $replacement_board . '/' . $cite . ''; + if ($track_cites && $config['track_cites']) { + $tracked_cites[] = [ $_board, $cite ]; } - else { - $replacement = '' . - '>>>/' . $_board . '/' . $cite . - ''; - - } - - $body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[4][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0])); - $skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[4][0]) - mb_strlen($matches[0][0]); - - if ($track_cites && $config['track_cites']) - $tracked_cites[] = array($_board, $cite); + } else { + $replacement = ">>>/$_board/$cite"; } - } elseif(isset($crossboard_indexes[$_board])) { + } elseif (isset($crossboard_indexes[$_board])) { $replacement = '' . '>>>/' . $_board . '/' . ''; - $body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[4][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0])); - $skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[4][0]) - mb_strlen($matches[0][0]); + } else { + $replacement = ">>>/$_board/$cite"; } + + $body = mb_substr_replace($body, $matches[1][0] . $replacement . $matches[4][0], $matches[0][1] + $skip_chars, mb_strlen($matches[0][0])); + $skip_chars += mb_strlen($matches[1][0] . $replacement . $matches[4][0]) - mb_strlen($matches[0][0]); } } @@ -2581,11 +2573,11 @@ function rrmdir($dir) { function poster_id($ip, $thread) { global $config; - if ($id = event('poster-id', $ip, $thread)) + if ($id = event('poster-id', $ip, $thread)) { return $id; + } - // Confusing, hard to brute-force, but simple algorithm - return substr(sha1(sha1($ip . $config['secure_trip_salt'] . $thread) . $config['secure_trip_salt']), 0, $config['poster_id_length']); + return \substr(Hide\secure_hash($ip . $config['secure_trip_salt'] . $thread . $config['secure_trip_salt'], false), 0, $config['poster_id_length']); } function generate_tripcode($name) { @@ -2613,7 +2605,7 @@ function generate_tripcode($name) { if (isset($config['custom_tripcode']["##{$trip}"])) $trip = $config['custom_tripcode']["##{$trip}"]; else - $trip = '!!' . substr(crypt($trip, str_replace('+', '.', '_..A.' . substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 4))), -10); + $trip = '!!' . substr(crypt($trip, str_replace('+', '.', '_..A.' . substr(Hide\secure_hash($trip . $config['secure_trip_salt'], false), 0, 4))), -10); } else { if (isset($config['custom_tripcode']["#{$trip}"])) $trip = $config['custom_tripcode']["#{$trip}"]; @@ -3083,3 +3075,8 @@ function strategy_first($fun, $array) { return array('defer'); } } + +function hashPassword($password) { + global $config; + return hash('sha3-256', $password . $config['secure_password_salt']); +} diff --git a/inc/functions/hide.php b/inc/functions/hide.php new file mode 100644 index 00000000..bf972751 --- /dev/null +++ b/inc/functions/hide.php @@ -0,0 +1,6 @@ + - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ -namespace Lifo\IP; - -/** - * BCMath helper class. - * - * Provides a handful of BCMath routines that are not included in the native - * PHP library. - * - * Note: The Bitwise functions operate on fixed byte boundaries. For example, - * comparing the following numbers uses X number of bits: - * 0xFFFF and 0xFF will result in comparison of 16 bits. - * 0xFFFFFFFF and 0xF will result in comparison of 32 bits. - * etc... - * - */ -abstract class BC -{ - // Some common (maybe useless) constants - const MAX_INT_32 = '2147483647'; // 7FFFFFFF - const MAX_UINT_32 = '4294967295'; // FFFFFFFF - const MAX_INT_64 = '9223372036854775807'; // 7FFFFFFFFFFFFFFF - const MAX_UINT_64 = '18446744073709551615'; // FFFFFFFFFFFFFFFF - const MAX_INT_96 = '39614081257132168796771975167'; // 7FFFFFFFFFFFFFFFFFFFFFFF - const MAX_UINT_96 = '79228162514264337593543950335'; // FFFFFFFFFFFFFFFFFFFFFFFF - const MAX_INT_128 = '170141183460469231731687303715884105727'; // 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - const MAX_UINT_128 = '340282366920938463463374607431768211455'; // FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - - /** - * BC Math function to convert a HEX string into a DECIMAL - */ - public static function bchexdec($hex) - { - if (strlen($hex) == 1) { - return hexdec($hex); - } - - $remain = substr($hex, 0, -1); - $last = substr($hex, -1); - return bcadd(bcmul(16, self::bchexdec($remain), 0), hexdec($last), 0); - } - - /** - * BC Math function to convert a DECIMAL string into a BINARY string - */ - public static function bcdecbin($dec, $pad = null) - { - $bin = ''; - while ($dec) { - $m = bcmod($dec, 2); - $dec = bcdiv($dec, 2, 0); - $bin = abs($m) . $bin; - } - return $pad ? sprintf("%0{$pad}s", $bin) : $bin; - } - - /** - * BC Math function to convert a BINARY string into a DECIMAL string - */ - public static function bcbindec($bin) - { - $dec = '0'; - for ($i=0, $j=strlen($bin); $i<$j; $i++) { - $dec = bcmul($dec, '2', 0); - $dec = bcadd($dec, $bin[$i], 0); - } - return $dec; - } - - /** - * BC Math function to convert a BINARY string into a HEX string - */ - public static function bcbinhex($bin, $pad = 0) - { - return self::bcdechex(self::bcbindec($bin)); - } - - /** - * BC Math function to convert a DECIMAL into a HEX string - */ - public static function bcdechex($dec) - { - $last = bcmod($dec, 16); - $remain = bcdiv(bcsub($dec, $last, 0), 16, 0); - return $remain == 0 ? dechex($last) : self::bcdechex($remain) . dechex($last); - } - - /** - * Bitwise AND two arbitrarily large numbers together. - */ - public static function bcand($left, $right) - { - $len = self::_bitwise($left, $right); - - $value = ''; - for ($i=0; $i<$len; $i++) { - $value .= (($left[$i] + 0) & ($right[$i] + 0)) ? '1' : '0'; - } - return self::bcbindec($value != '' ? $value : '0'); - } - - /** - * Bitwise OR two arbitrarily large numbers together. - */ - public static function bcor($left, $right) - { - $len = self::_bitwise($left, $right); - - $value = ''; - for ($i=0; $i<$len; $i++) { - $value .= (($left[$i] + 0) | ($right[$i] + 0)) ? '1' : '0'; - } - return self::bcbindec($value != '' ? $value : '0'); - } - - /** - * Bitwise XOR two arbitrarily large numbers together. - */ - public static function bcxor($left, $right) - { - $len = self::_bitwise($left, $right); - - $value = ''; - for ($i=0; $i<$len; $i++) { - $value .= (($left[$i] + 0) ^ ($right[$i] + 0)) ? '1' : '0'; - } - return self::bcbindec($value != '' ? $value : '0'); - } - - /** - * Bitwise NOT two arbitrarily large numbers together. - */ - public static function bcnot($left, $bits = null) - { - $right = 0; - $len = self::_bitwise($left, $right, $bits); - $value = ''; - for ($i=0; $i<$len; $i++) { - $value .= $left[$i] == '1' ? '0' : '1'; - } - return self::bcbindec($value); - } - - /** - * Shift number to the left - * - * @param integer $bits Total bits to shift - */ - public static function bcleft($num, $bits) { - return bcmul($num, bcpow('2', $bits)); - } - - /** - * Shift number to the right - * - * @param integer $bits Total bits to shift - */ - public static function bcright($num, $bits) { - return bcdiv($num, bcpow('2', $bits)); - } - - /** - * Determine how many bits are needed to store the number rounded to the - * nearest bit boundary. - */ - public static function bits_needed($num, $boundary = 4) - { - $bits = 0; - while ($num > 0) { - $num = bcdiv($num, '2', 0); - $bits++; - } - // round to nearest boundrary - return $boundary ? ceil($bits / $boundary) * $boundary : $bits; - } - - /** - * BC Math function to return an arbitrarily large random number. - */ - public static function bcrand($min, $max = null) - { - if ($max === null) { - $max = $min; - $min = 0; - } - - // swap values if $min > $max - if (bccomp($min, $max) == 1) { - list($min,$max) = array($max,$min); - } - - return bcadd( - bcmul( - bcdiv( - mt_rand(0, mt_getrandmax()), - mt_getrandmax(), - strlen($max) - ), - bcsub( - bcadd($max, '1'), - $min - ) - ), - $min - ); - } - - /** - * Computes the natural logarithm using a series. - * @author Thomas Oldbury. - * @license Public domain. - */ - public static function bclog($num, $iter = 10, $scale = 100) - { - $log = "0.0"; - for($i = 0; $i < $iter; $i++) { - $pow = 1 + (2 * $i); - $mul = bcdiv("1.0", $pow, $scale); - $fraction = bcmul($mul, bcpow(bcsub($num, "1.0", $scale) / bcadd($num, "1.0", $scale), $pow, $scale), $scale); - $log = bcadd($fraction, $log, $scale); - } - return bcmul("2.0", $log, $scale); - } - - /** - * Computes the base2 log using baseN log. - */ - public static function bclog2($num, $iter = 10, $scale = 100) - { - return bcdiv(self::bclog($num, $iter, $scale), self::bclog("2", $iter, $scale), $scale); - } - - public static function bcfloor($num) - { - if (substr($num, 0, 1) == '-') { - return bcsub($num, 1, 0); - } - return bcadd($num, 0, 0); - } - - public static function bcceil($num) - { - if (substr($num, 0, 1) == '-') { - return bcsub($num, 0, 0); - } - return bcadd($num, 1, 0); - } - - /** - * Compare two numbers and return -1, 0, 1 depending if the LEFT number is - * < = > the RIGHT. - * - * @param string|integer $left Left side operand - * @param string|integer $right Right side operand - * @return integer Return -1,0,1 for <=> comparison - */ - public static function cmp($left, $right) - { - // @todo could an optimization be done to determine if a normal 32bit - // comparison could be done instead of using bccomp? But would - // the number verification cause too much overhead to be useful? - return bccomp($left, $right, 0); - } - - /** - * Internal function to prepare for bitwise operations - */ - private static function _bitwise(&$left, &$right, $bits = null) - { - if ($bits === null) { - $bits = max(self::bits_needed($left), self::bits_needed($right)); - } - - $left = self::bcdecbin($left); - $right = self::bcdecbin($right); - - $len = max(strlen($left), strlen($right), (int)$bits); - - $left = sprintf("%0{$len}s", $left); - $right = sprintf("%0{$len}s", $right); - - return $len; - } - -} diff --git a/inc/lib/IP/Lifo/IP/CIDR.php b/inc/lib/IP/Lifo/IP/CIDR.php deleted file mode 100755 index e8fe32ce..00000000 --- a/inc/lib/IP/Lifo/IP/CIDR.php +++ /dev/null @@ -1,706 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ -namespace Lifo\IP; - -/** - * CIDR Block helper class. - * - * Most routines can be used statically or by instantiating an object and - * calling its methods. - * - * Provides routines to do various calculations on IP addresses and ranges. - * Convert to/from CIDR to ranges, etc. - */ -class CIDR -{ - const INTERSECT_NO = 0; - const INTERSECT_YES = 1; - const INTERSECT_LOW = 2; - const INTERSECT_HIGH = 3; - - protected $start; - protected $end; - protected $prefix; - protected $version; - protected $istart; - protected $iend; - - private $cache; - - /** - * Create a new CIDR object. - * - * The IP range can be arbitrary and does not have to fall on a valid CIDR - * range. Some methods will return different values depending if you ignore - * the prefix or not. By default all prefix sensitive methods will assume - * the prefix is used. - * - * @param string $cidr An IP address (1.2.3.4), CIDR block (1.2.3.4/24), - * or range "1.2.3.4-1.2.3.10" - * @param string $end Ending IP in range if no cidr/prefix is given - */ - public function __construct($cidr, $end = null) - { - if ($end !== null) { - $this->setRange($cidr, $end); - } else { - $this->setCidr($cidr); - } - } - - /** - * Returns the string representation of the CIDR block. - */ - public function __toString() - { - // do not include the prefix if its a single IP - try { - if ($this->isTrueCidr() && ( - ($this->version == 4 and $this->prefix != 32) || - ($this->version == 6 and $this->prefix != 128) - ) - ) { - return $this->start . '/' . $this->prefix; - } - } catch (\Exception $e) { - // isTrueCidr() calls getRange which can throw an exception - } - if (strcmp($this->start, $this->end) == 0) { - return $this->start; - } - return $this->start . ' - ' . $this->end; - } - - public function __clone() - { - // do not clone the cache. No real reason why. I just want to keep the - // memory foot print as low as possible, even though this is trivial. - $this->cache = array(); - } - - /** - * Set an arbitrary IP range. - * The closest matching prefix will be calculated but the actual range - * stored in the object can be arbitrary. - * @param string $start Starting IP or combination "start-end" string. - * @param string $end Ending IP or null. - */ - public function setRange($ip, $end = null) - { - if (strpos($ip, '-') !== false) { - list($ip, $end) = array_map('trim', explode('-', $ip, 2)); - } - - if (false === filter_var($ip, FILTER_VALIDATE_IP) || - false === filter_var($end, FILTER_VALIDATE_IP)) { - throw new \InvalidArgumentException("Invalid IP range \"$ip-$end\""); - } - - // determine version (4 or 6) - $this->version = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; - - $this->istart = IP::inet_ptod($ip); - $this->iend = IP::inet_ptod($end); - - // fix order - if (bccomp($this->istart, $this->iend) == 1) { - list($this->istart, $this->iend) = array($this->iend, $this->istart); - list($ip, $end) = array($end, $ip); - } - - $this->start = $ip; - $this->end = $end; - - // calculate real prefix - $len = $this->version == 4 ? 32 : 128; - $this->prefix = $len - strlen(BC::bcdecbin(BC::bcxor($this->istart, $this->iend))); - } - - /** - * Returns true if the current IP is a true cidr block - */ - public function isTrueCidr() - { - return $this->start == $this->getNetwork() && $this->end == $this->getBroadcast(); - } - - /** - * Set the CIDR block. - * - * The prefix length is optional and will default to 32 ot 128 depending on - * the version detected. - * - * @param string $cidr CIDR block string, eg: "192.168.0.0/24" or "2001::1/64" - * @throws \InvalidArgumentException If the CIDR block is invalid - */ - public function setCidr($cidr) - { - if (strpos($cidr, '-') !== false) { - return $this->setRange($cidr); - } - - list($ip, $bits) = array_pad(array_map('trim', explode('/', $cidr, 2)), 2, null); - if (false === filter_var($ip, FILTER_VALIDATE_IP)) { - throw new \InvalidArgumentException("Invalid IP address \"$cidr\""); - } - - // determine version (4 or 6) - $this->version = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; - - $this->start = $ip; - $this->istart = IP::inet_ptod($ip); - - if ($bits !== null and $bits !== '') { - $this->prefix = $bits; - } else { - $this->prefix = $this->version == 4 ? 32 : 128; - } - - if (($this->prefix < 0) - || ($this->prefix > 32 and $this->version == 4) - || ($this->prefix > 128 and $this->version == 6)) { - throw new \InvalidArgumentException("Invalid IP address \"$cidr\""); - } - - $this->end = $this->getBroadcast(); - $this->iend = IP::inet_ptod($this->end); - - $this->cache = array(); - } - - /** - * Get the IP version. 4 or 6. - * - * @return integer - */ - public function getVersion() - { - return $this->version; - } - - /** - * Get the prefix. - * - * Always returns the "proper" prefix, even if the IP range is arbitrary. - * - * @return integer - */ - public function getPrefix() - { - return $this->prefix; - } - - /** - * Return the starting presentational IP or Decimal value. - * - * Ignores prefix - */ - public function getStart($decimal = false) - { - return $decimal ? $this->istart : $this->start; - } - - /** - * Return the ending presentational IP or Decimal value. - * - * Ignores prefix - */ - public function getEnd($decimal = false) - { - return $decimal ? $this->iend : $this->end; - } - - /** - * Return the next presentational IP or Decimal value (following the - * broadcast address of the current CIDR block). - */ - public function getNext($decimal = false) - { - $next = bcadd($this->getEnd(true), '1'); - return $decimal ? $next : new self(IP::inet_dtop($next)); - } - - /** - * Returns true if the IP is an IPv4 - * - * @return boolean - */ - public function isIPv4() - { - return $this->version == 4; - } - - /** - * Returns true if the IP is an IPv6 - * - * @return boolean - */ - public function isIPv6() - { - return $this->version == 6; - } - - /** - * Get the cidr notation for the subnet block. - * - * This is useful for when you want a string representation of the IP/prefix - * and the starting IP is not on a valid network boundrary (eg: Displaying - * an IP from an interface). - * - * @return string IP in CIDR notation "ipaddr/prefix" - */ - public function getCidr() - { - return $this->start . '/' . $this->prefix; - } - - /** - * Get the [low,high] range of the CIDR block - * - * Prefix sensitive. - * - * @param boolean $ignorePrefix If true the arbitrary start-end range is - * returned. default=false. - */ - public function getRange($ignorePrefix = false) - { - $range = $ignorePrefix - ? array($this->start, $this->end) - : self::cidr_to_range($this->start, $this->prefix); - // watch out for IP '0' being converted to IPv6 '::' - if ($range[0] == '::' and strpos($range[1], ':') == false) { - $range[0] = '0.0.0.0'; - } - return $range; - } - - /** - * Return the IP in its fully expanded form. - * - * For example: 2001::1 == 2007:0000:0000:0000:0000:0000:0000:0001 - * - * @see IP::inet_expand - */ - public function getExpanded() - { - return IP::inet_expand($this->start); - } - - /** - * Get network IP of the CIDR block - * - * Prefix sensitive. - * - * @param boolean $ignorePrefix If true the arbitrary start-end range is - * returned. default=false. - */ - public function getNetwork($ignorePrefix = false) - { - // micro-optimization to prevent calling getRange repeatedly - $k = $ignorePrefix ? 1 : 0; - if (!isset($this->cache['range'][$k])) { - $this->cache['range'][$k] = $this->getRange($ignorePrefix); - } - return $this->cache['range'][$k][0]; - } - - /** - * Get broadcast IP of the CIDR block - * - * Prefix sensitive. - * - * @param boolean $ignorePrefix If true the arbitrary start-end range is - * returned. default=false. - */ - public function getBroadcast($ignorePrefix = false) - { - // micro-optimization to prevent calling getRange repeatedly - $k = $ignorePrefix ? 1 : 0; - if (!isset($this->cache['range'][$k])) { - $this->cache['range'][$k] = $this->getRange($ignorePrefix); - } - return $this->cache['range'][$k][1]; - } - - /** - * Get the network mask based on the prefix. - * - */ - public function getMask() - { - return self::prefix_to_mask($this->prefix, $this->version); - } - - /** - * Get total hosts within CIDR range - * - * Prefix sensitive. - * - * @param boolean $ignorePrefix If true the arbitrary start-end range is - * returned. default=false. - */ - public function getTotal($ignorePrefix = false) - { - // micro-optimization to prevent calling getRange repeatedly - $k = $ignorePrefix ? 1 : 0; - if (!isset($this->cache['range'][$k])) { - $this->cache['range'][$k] = $this->getRange($ignorePrefix); - } - return bcadd(bcsub(IP::inet_ptod($this->cache['range'][$k][1]), - IP::inet_ptod($this->cache['range'][$k][0])), '1'); - } - - public function intersects($cidr) - { - return self::cidr_intersect((string)$this, $cidr); - } - - /** - * Determines the intersection between an IP (with optional prefix) and a - * CIDR block. - * - * The IP will be checked against the CIDR block given and will either be - * inside or outside the CIDR completely, or partially. - * - * NOTE: The caller should explicitly check against the INTERSECT_* - * constants because this method will return a value > 1 even for partial - * matches. - * - * @param mixed $ip The IP/cidr to match - * @param mixed $cidr The CIDR block to match within - * @return integer Returns an INTERSECT_* constant - * @throws \InvalidArgumentException if either $ip or $cidr is invalid - */ - public static function cidr_intersect($ip, $cidr) - { - // use fixed length HEX strings so we can easily do STRING comparisons - // instead of using slower bccomp() math. - list($lo,$hi) = array_map(function($v){ return sprintf("%032s", IP::inet_ptoh($v)); }, CIDR::cidr_to_range($ip)); - list($min,$max) = array_map(function($v){ return sprintf("%032s", IP::inet_ptoh($v)); }, CIDR::cidr_to_range($cidr)); - - /** visualization of logic used below - lo-hi = $ip to check - min-max = $cidr block being checked against - --- --- --- lo --- --- hi --- --- --- --- --- IP/prefix to check - --- min --- --- max --- --- --- --- --- --- --- Partial "LOW" match - --- --- --- --- --- min --- --- max --- --- --- Partial "HIGH" match - --- --- --- --- min max --- --- --- --- --- --- No match "NO" - --- --- --- --- --- --- --- --- min --- max --- No match "NO" - min --- max --- --- --- --- --- --- --- --- --- No match "NO" - --- --- min --- --- --- --- max --- --- --- --- Full match "YES" - */ - - // IP is exact match or completely inside the CIDR block - if ($lo >= $min and $hi <= $max) { - return self::INTERSECT_YES; - } - - // IP is completely outside the CIDR block - if ($max < $lo or $min > $hi) { - return self::INTERSECT_NO; - } - - // @todo is it useful to return LOW/HIGH partial matches? - - // IP matches the lower end - if ($max <= $hi and $min <= $lo) { - return self::INTERSECT_LOW; - } - - // IP matches the higher end - if ($min >= $lo and $max >= $hi) { - return self::INTERSECT_HIGH; - } - - return self::INTERSECT_NO; - } - - /** - * Converts an IPv4 or IPv6 CIDR block into its range. - * - * @todo May not be the fastest way to do this. - * - * @static - * @param string $cidr CIDR block or IP address string. - * @param integer|null $bits If /bits is not specified on string they can be - * passed via this parameter instead. - * @return array A 2 element array with the low, high range - */ - public static function cidr_to_range($cidr, $bits = null) - { - if (strpos($cidr, '/') !== false) { - list($ip, $_bits) = array_pad(explode('/', $cidr, 2), 2, null); - } else { - $ip = $cidr; - $_bits = $bits; - } - - if (false === filter_var($ip, FILTER_VALIDATE_IP)) { - throw new \InvalidArgumentException("IP address \"$cidr\" is invalid"); - } - - // force bit length to 32 or 128 depending on type of IP - $bitlen = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 128 : 32; - - if ($bits === null) { - // if no prefix is given use the length of the binary string which - // will give us 32 or 128 and result in a single IP being returned. - $bits = $_bits !== null ? $_bits : $bitlen; - } - - if ($bits > $bitlen) { - throw new \InvalidArgumentException("IP address \"$cidr\" is invalid"); - } - - $ipdec = IP::inet_ptod($ip); - $ipbin = BC::bcdecbin($ipdec, $bitlen); - - // calculate network - $netmask = BC::bcbindec(str_pad(str_repeat('1',$bits), $bitlen, '0')); - $ip1 = BC::bcand($ipdec, $netmask); - - // calculate "broadcast" (not technically a broadcast in IPv6) - $ip2 = BC::bcor($ip1, BC::bcnot($netmask)); - - return array(IP::inet_dtop($ip1), IP::inet_dtop($ip2)); - } - - /** - * Return the CIDR string from the range given - */ - public static function range_to_cidr($start, $end) - { - $cidr = new CIDR($start, $end); - return (string)$cidr; - } - - /** - * Return the maximum prefix length that would fit the IP address given. - * - * This is useful to determine how my bit would be needed to store the IP - * address when you don't already have a prefix for the IP. - * - * @example 216.240.32.0 would return 27 - * - * @param string $ip IP address without prefix - * @param integer $bits Maximum bits to check; defaults to 32 for IPv4 and 128 for IPv6 - */ - public static function max_prefix($ip, $bits = null) - { - static $mask = array(); - - $ver = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; - $max = $ver == 6 ? 128 : 32; - if ($bits === null) { - $bits = $max; - - } - - $int = IP::inet_ptod($ip); - while ($bits > 0) { - // micro-optimization; calculate mask once ... - if (!isset($mask[$ver][$bits-1])) { - // 2^$max - 2^($max - $bits); - if ($ver == 4) { - $mask[$ver][$bits-1] = pow(2, $max) - pow(2, $max - ($bits-1)); - } else { - $mask[$ver][$bits-1] = bcsub(bcpow(2, $max), bcpow(2, $max - ($bits-1))); - } - } - - $m = $mask[$ver][$bits-1]; - //printf("%s/%d: %s & %s == %s\n", $ip, $bits-1, BC::bcdecbin($m, 32), BC::bcdecbin($int, 32), BC::bcdecbin(BC::bcand($int, $m))); - //echo "$ip/", $bits-1, ": ", IP::inet_dtop($m), " ($m) & $int == ", BC::bcand($int, $m), "\n"; - if (bccomp(BC::bcand($int, $m), $int) != 0) { - return $bits; - } - $bits--; - } - return $bits; - } - - /** - * Return a contiguous list of true CIDR blocks that span the range given. - * - * Note: It's not a good idea to call this with IPv6 addresses. While it may - * work for certain ranges this can be very slow. Also an IPv6 list won't be - * as accurate as an IPv4 list. - * - * @example - * range_to_cidrlist(192.168.0.0, 192.168.0.15) == - * 192.168.0.0/28 - * range_to_cidrlist(192.168.0.0, 192.168.0.20) == - * 192.168.0.0/28 - * 192.168.0.16/30 - * 192.168.0.20/32 - */ - public static function range_to_cidrlist($start, $end) - { - $ver = (false === filter_var($start, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; - $start = IP::inet_ptod($start); - $end = IP::inet_ptod($end); - - $len = $ver == 4 ? 32 : 128; - $log2 = $ver == 4 ? log(2) : BC::bclog(2); - - $list = array(); - while (BC::cmp($end, $start) >= 0) { // $end >= $start - $prefix = self::max_prefix(IP::inet_dtop($start), $len); - if ($ver == 4) { - $diff = $len - floor( log($end - $start + 1) / $log2 ); - } else { - // this is not as accurate due to the bclog function - $diff = bcsub($len, BC::bcfloor(bcdiv(BC::bclog(bcadd(bcsub($end, $start), '1')), $log2))); - } - - if ($prefix < $diff) { - $prefix = $diff; - } - - $list[] = IP::inet_dtop($start) . "/" . $prefix; - - if ($ver == 4) { - $start += pow(2, $len - $prefix); - } else { - $start = bcadd($start, bcpow(2, $len - $prefix)); - } - } - return $list; - } - - /** - * Return an list of optimized CIDR blocks by collapsing adjacent CIDR - * blocks into larger blocks. - * - * @param array $cidrs List of CIDR block strings or objects - * @param integer $maxPrefix Maximum prefix to allow - * @return array Optimized list of CIDR objects - */ - public static function optimize_cidrlist($cidrs, $maxPrefix = 32) - { - // all indexes must be a CIDR object - $cidrs = array_map(function($o){ return $o instanceof CIDR ? $o : new CIDR($o); }, $cidrs); - // sort CIDR blocks in proper order so we can easily loop over them - $cidrs = self::cidr_sort($cidrs); - - $list = array(); - while ($cidrs) { - $c = array_shift($cidrs); - $start = $c->getStart(); - - $max = bcadd($c->getStart(true), $c->getTotal()); - - // loop through each cidr block until its ending range is more than - // the current maximum. - while (!empty($cidrs) and $cidrs[0]->getStart(true) <= $max) { - $b = array_shift($cidrs); - $newmax = bcadd($b->getStart(true), $b->getTotal()); - if ($newmax > $max) { - $max = $newmax; - } - } - - // add the new cidr range to the optimized list - $list = array_merge($list, self::range_to_cidrlist($start, IP::inet_dtop(bcsub($max, '1')))); - } - - return $list; - } - - /** - * Sort the list of CIDR blocks, optionally with a custom callback function. - * - * @param array $cidrs A list of CIDR blocks (strings or objects) - * @param Closure $callback Optional callback to perform the sorting. - * See PHP usort documentation for more details. - */ - public static function cidr_sort($cidrs, $callback = null) - { - // all indexes must be a CIDR object - $cidrs = array_map(function($o){ return $o instanceof CIDR ? $o : new CIDR($o); }, $cidrs); - - if ($callback === null) { - $callback = function($a, $b) { - if (0 != ($o = BC::cmp($a->getStart(true), $b->getStart(true)))) { - return $o; // < or > - } - if ($a->getPrefix() == $b->getPrefix()) { - return 0; - } - return $a->getPrefix() < $b->getPrefix() ? -1 : 1; - }; - } elseif (!($callback instanceof \Closure) or !is_callable($callback)) { - throw new \InvalidArgumentException("Invalid callback in CIDR::cidr_sort, expected Closure, got " . gettype($callback)); - } - - usort($cidrs, $callback); - return $cidrs; - } - - /** - * Return the Prefix bits from the IPv4 mask given. - * - * This is only valid for IPv4 addresses since IPv6 addressing does not - * have a concept of network masks. - * - * Example: 255.255.255.0 == 24 - * - * @param string $mask IPv4 network mask. - */ - public static function mask_to_prefix($mask) - { - if (false === filter_var($mask, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - throw new \InvalidArgumentException("Invalid IP netmask \"$mask\""); - } - return strrpos(IP::inet_ptob($mask, 32), '1') + 1; - } - - /** - * Return the network mask for the prefix given. - * - * Normally this is only useful for IPv4 addresses but you can generate a - * mask for IPv6 addresses as well, only because its mathematically - * possible. - * - * @param integer $prefix CIDR prefix bits (0-128) - * @param integer $version IP version. If null the version will be detected - * based on the prefix length given. - */ - public static function prefix_to_mask($prefix, $version = null) - { - if ($version === null) { - $version = $prefix > 32 ? 6 : 4; - } - if ($prefix < 0 or $prefix > 128) { - throw new \InvalidArgumentException("Invalid prefix length \"$prefix\""); - } - if ($version != 4 and $version != 6) { - throw new \InvalidArgumentException("Invalid version \"$version\". Must be 4 or 6"); - } - - if ($version == 4) { - return long2ip($prefix == 0 ? 0 : (0xFFFFFFFF >> (32 - $prefix)) << (32 - $prefix)); - } else { - return IP::inet_dtop($prefix == 0 ? 0 : BC::bcleft(BC::bcright(BC::MAX_UINT_128, 128-$prefix), 128-$prefix)); - } - } - - /** - * Return true if the $ip given is a true CIDR block. - * - * A true CIDR block is one where the $ip given is the actual Network - * address and broadcast matches the prefix appropriately. - */ - public static function cidr_is_true($ip) - { - $ip = new CIDR($ip); - return $ip->isTrueCidr(); - } -} diff --git a/inc/lib/IP/Lifo/IP/IP.php b/inc/lib/IP/Lifo/IP/IP.php deleted file mode 100755 index 4d22aa76..00000000 --- a/inc/lib/IP/Lifo/IP/IP.php +++ /dev/null @@ -1,207 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ -namespace Lifo\IP; - -/** - * IP Address helper class. - * - * Provides routines to translate IPv4 and IPv6 addresses between human readable - * strings, decimal, hexidecimal and binary. - * - * Requires BCmath extension and IPv6 PHP support - */ -abstract class IP -{ - /** - * Convert a human readable (presentational) IP address string into a decimal string. - */ - public static function inet_ptod($ip) - { - // shortcut for IPv4 addresses - if (strpos($ip, ':') === false && strpos($ip, '.') !== false) { - return sprintf('%u', ip2long($ip)); - } - - // remove any cidr block notation - if (($o = strpos($ip, '/')) !== false) { - $ip = substr($ip, 0, $o); - } - - // unpack into 4 32bit integers - $parts = unpack('N*', inet_pton($ip)); - foreach ($parts as &$part) { - if ($part < 0) { - // convert signed int into unsigned - $part = sprintf('%u', $part); - //$part = bcadd($part, '4294967296'); - } - } - - // add each 32bit integer to the proper bit location in our big decimal - $decimal = $parts[4]; // << 0 - $decimal = bcadd($decimal, bcmul($parts[3], '4294967296')); // << 32 - $decimal = bcadd($decimal, bcmul($parts[2], '18446744073709551616')); // << 64 - $decimal = bcadd($decimal, bcmul($parts[1], '79228162514264337593543950336')); // << 96 - - return $decimal; - } - - /** - * Convert a decimal string into a human readable IP address. - */ - public static function inet_dtop($decimal, $expand = false) - { - $parts = array(); - $parts[1] = bcdiv($decimal, '79228162514264337593543950336', 0); // >> 96 - $decimal = bcsub($decimal, bcmul($parts[1], '79228162514264337593543950336')); - $parts[2] = bcdiv($decimal, '18446744073709551616', 0); // >> 64 - $decimal = bcsub($decimal, bcmul($parts[2], '18446744073709551616')); - $parts[3] = bcdiv($decimal, '4294967296', 0); // >> 32 - $decimal = bcsub($decimal, bcmul($parts[3], '4294967296')); - $parts[4] = $decimal; // >> 0 - - foreach ($parts as &$part) { - if (bccomp($part, '2147483647') == 1) { - $part = bcsub($part, '4294967296'); - } - $part = (int) $part; - } - - // if the first 96bits is all zeros then we can safely assume we - // actually have an IPv4 address. Even though it's technically possible - // you're not really ever going to see an IPv6 address in the range: - // ::0 - ::ffff - // It's feasible to see an IPv6 address of "::", in which case the - // caller is going to have to account for that on their own. - if (($parts[1] | $parts[2] | $parts[3]) == 0) { - $ip = long2ip($parts[4]); - } else { - $packed = pack('N4', $parts[1], $parts[2], $parts[3], $parts[4]); - $ip = inet_ntop($packed); - } - - // Turn IPv6 to IPv4 if it's IPv4 - if (preg_match('/^::\d+\./', $ip)) { - return substr($ip, 2); - } - - return $expand ? self::inet_expand($ip) : $ip; - } - - /** - * Convert a human readable (presentational) IP address into a HEX string. - */ - public static function inet_ptoh($ip) - { - return bin2hex(inet_pton($ip)); - //return BC::bcdechex(self::inet_ptod($ip)); - } - - /** - * Convert a human readable (presentational) IP address into a BINARY string. - */ - public static function inet_ptob($ip, $bits = 128) - { - return BC::bcdecbin(self::inet_ptod($ip), $bits); - } - - /** - * Convert a binary string into an IP address (presentational) string. - */ - public static function inet_btop($bin) - { - return self::inet_dtop(BC::bcbindec($bin)); - } - - /** - * Convert a HEX string into a human readable (presentational) IP address - */ - public static function inet_htop($hex) - { - return self::inet_dtop(BC::bchexdec($hex)); - } - - /** - * Expand an IP address. IPv4 addresses are returned as-is. - * - * Example: - * 2001::1 expands to 2001:0000:0000:0000:0000:0000:0000:0001 - * ::127.0.0.1 expands to 0000:0000:0000:0000:0000:0000:7f00:0001 - * 127.0.0.1 expands to 127.0.0.1 - */ - public static function inet_expand($ip) - { - // strip possible cidr notation off - if (($pos = strpos($ip, '/')) !== false) { - $ip = substr($ip, 0, $pos); - } - $bytes = unpack('n*', inet_pton($ip)); - if (count($bytes) > 2) { - return implode(':', array_map(function ($b) { - return sprintf("%04x", $b); - }, $bytes)); - } - return $ip; - } - - /** - * Convert an IPv4 address into an IPv6 address. - * - * One use-case for this is IP 6to4 tunnels used in networking. - * - * @example - * to_ipv4("10.10.10.10") == a0a:a0a - * - * @param string $ip IPv4 address. - * @param boolean $mapped If true a Full IPv6 address is returned within the - * official ipv4to6 mapped space "0:0:0:0:0:ffff:x:x" - */ - public static function to_ipv6($ip, $mapped = false) - { - if (!self::isIPv4($ip)) { - throw new \InvalidArgumentException("Invalid IPv4 address \"$ip\""); - } - - $num = IP::inet_ptod($ip); - $o1 = dechex($num >> 16); - $o2 = dechex($num & 0x0000FFFF); - - return $mapped ? "0:0:0:0:0:ffff:$o1:$o2" : "$o1:$o2"; - } - - /** - * Returns true if the IP address is a valid IPv4 address - */ - public static function isIPv4($ip) - { - return $ip === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - - /** - * Returns true if the IP address is a valid IPv6 address - */ - public static function isIPv6($ip) - { - return $ip === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); - } - - /** - * Compare two IP's (v4 or v6) and return -1, 0, 1 if the first is < = > - * the second. - * - * @param string $ip1 IP address - * @param string $ip2 IP address to compare against - * @return integer Return -1,0,1 depending if $ip1 is <=> $ip2 - */ - public static function cmp($ip1, $ip2) - { - return bccomp(self::inet_ptod($ip1), self::inet_ptod($ip2), 0); - } -} diff --git a/inc/lib/twig/extensions/Extension/Tinyboard.php b/inc/lib/twig/extensions/Extension/Tinyboard.php index 97fecb20..5fb99b11 100644 --- a/inc/lib/twig/extensions/Extension/Tinyboard.php +++ b/inc/lib/twig/extensions/Extension/Tinyboard.php @@ -32,7 +32,7 @@ class Twig_Extensions_Extension_Tinyboard extends Twig_Extension new Twig_SimpleFilter('addslashes', 'addslashes'), ); } - + /** * Returns a list of functions to add to the existing list. * @@ -52,7 +52,7 @@ class Twig_Extensions_Extension_Tinyboard extends Twig_Extension new Twig_SimpleFunction('link_for', 'link_for') ); } - + /** * Returns the name of the extension. * @@ -88,7 +88,7 @@ function twig_hasPermission_filter($mod, $permission, $board = null) { function twig_extension_filter($value, $case_insensitive = true) { $ext = mb_substr($value, mb_strrpos($value, '.') + 1); if($case_insensitive) - $ext = mb_strtolower($ext); + $ext = mb_strtolower($ext); return $ext; } @@ -113,7 +113,7 @@ function twig_filename_truncate_filter($value, $length = 30, $separator = '…') $value = strrev($value); $array = array_reverse(explode(".", $value, 2)); $array = array_map("strrev", $array); - + $filename = &$array[0]; $extension = isset($array[1]) ? $array[1] : false; @@ -127,11 +127,11 @@ function twig_filename_truncate_filter($value, $length = 30, $separator = '…') function twig_ratio_function($w, $h) { return fraction($w, $h, ':'); } -function twig_secure_link_confirm($text, $title, $confirm_message, $href) { - global $config; +function twig_secure_link_confirm($text, $title, $confirm_message, $href) { return '' . $text . ''; } + function twig_secure_link($href) { return $href . '/' . make_secure_link_token($href); } diff --git a/inc/mod/auth.php b/inc/mod/auth.php index 01b234a1..610e2e7c 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -5,108 +5,106 @@ */ use Vichan\Context; -use Vichan\Functions\Net; +use Vichan\Functions\{Hide, Net}; defined('TINYBOARD') or exit; // create a hash/salt pair for validate logins -function mkhash($username, $password, $salt = false) { +function mkhash(string $username, ?string $password, mixed $salt = false): array|string { global $config; if (!$salt) { - // create some sort of salt for the hash - $salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15); - + // Create some salt for the hash. + $salt = \bin2hex(\random_bytes(15)); // 20 characters. $generated_salt = true; + } else { + $generated_salt = false; } // generate hash (method is not important as long as it's strong) - $hash = substr( - base64_encode( - md5( - $username . $config['cookies']['salt'] . sha1( - $username . $password . $salt . ( - $config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : '' - ), true - ) . sha1($config['password_crypt_version']) // Log out users being logged in with older password encryption schema - , true - ) - ), 0, 20 + $hash = \substr( + Hide\secure_hash( + $username . $config['cookies']['salt'] . Hide\secure_hash( + $username . $password . $salt . ( + $config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : '' + ), true + ) . Hide\secure_hash($config['password_crypt_version'], true), // Log out users being logged in with older password encryption schema + false + ), + 0, + 40 ); - if (isset($generated_salt)) - return array($hash, $salt); - else + if ($generated_salt) { + return [ $hash, $salt ]; + } else { return $hash; + } } -function crypt_password($password) { +function crypt_password(string $password): array { global $config; // `salt` database field is reused as a version value. We don't want it to be 0. $version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1; - $new_salt = generate_salt(); - $password = crypt($password, $config['password_crypt'] . $new_salt . "$"); - return array($version, $password); -} - -function test_password($password, $salt, $test) { - global $config; - - // Version = 0 denotes an old password hashing schema. In the same column, the - // password hash was kept previously - $version = (strlen($salt) <= 8) ? (int) $salt : 0; - - if ($version == 0) { - $comp = hash('sha256', $salt . sha1($test)); + $pre_hash = \hash('tiger160,3', $password, false); // Note that it's truncated to 72 in the next line. + $r = \password_hash($pre_hash, \PASSWORD_BCRYPT, [ 'cost' => 12 ]); + if ($r === false) { + throw new \RuntimeException("Could not hash password"); } - else { - $comp = crypt($test, $password); + + return [ $version, $r ]; +} + +function test_password(string $db_hash, string|int $version, string $input_password): bool { + $version = (int)$version; + if ($version < 2) { + $ok = \hash_equals($db_hash, \crypt($input_password, $db_hash)); + } else { + $pre_hash = \hash('tiger160,3', $input_password, false); + $ok = \password_verify($pre_hash, $db_hash); } - return array($version, hash_equals($password, $comp)); + return $ok; } -function generate_salt() { - return strtr(base64_encode(random_bytes(16)), '+', '.'); -} - -function login($username, $password) { - global $mod, $config; +function login(string $username, string $password): array|false { + global $mod; $query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username"); $query->bindValue(':username', $username); - $query->execute() or error(db_error($query)); + $query->execute(); if ($user = $query->fetch(PDO::FETCH_ASSOC)) { - list($version, $ok) = test_password($user['password'], $user['version'], $password); + $ok = test_password($user['password'], $user['version'], $password); if ($ok) { - if ($config['password_crypt_version'] > $version) { + if ((int)$user['version'] < 2) { // It's time to upgrade the password hashing method! list ($user['version'], $user['password']) = crypt_password($password); $query = prepare("UPDATE ``mods`` SET `password` = :password, `version` = :version WHERE `id` = :id"); $query->bindValue(':password', $user['password']); $query->bindValue(':version', $user['version']); $query->bindValue(':id', $user['id']); - $query->execute() or error(db_error($query)); + $query->execute(); } - return $mod = array( + return $mod = [ 'id' => $user['id'], 'type' => $user['type'], 'username' => $username, 'hash' => mkhash($username, $user['password']), 'boards' => explode(',', $user['boards']) - ); + ]; } } return false; } -function setCookies() { +function setCookies(): void { global $mod, $config; - if (!$mod) + if (!$mod) { error('setCookies() was called for a non-moderator!'); + } $is_https = Net\is_connection_https(); @@ -119,14 +117,14 @@ function setCookies() { time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $is_https, $config['cookies']['httponly']); } -function destroyCookies() { +function destroyCookies(): void { global $config; $is_https = Net\is_connection_https(); // Delete the cookies setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $is_https, true); } -function modLog($action, $_board=null) { +function modLog(string $action, ?string $_board = null): void { global $mod, $board, $config; $query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)"); $query->bindValue(':id', (isset($mod['id']) ? $mod['id'] : -1), PDO::PARAM_INT); @@ -141,16 +139,18 @@ function modLog($action, $_board=null) { $query->bindValue(':board', null, PDO::PARAM_NULL); $query->execute() or error(db_error($query)); - if ($config['syslog']) + if ($config['syslog']) { _syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action); + } } -function create_pm_header() { +function create_pm_header(): mixed { global $mod, $config; if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) { - if ($header === true) + if ($header === true) { return false; + } return $header; } @@ -159,26 +159,29 @@ function create_pm_header() { $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - if ($pm = $query->fetch(PDO::FETCH_ASSOC)) - $header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1); - else + if ($pm = $query->fetch(PDO::FETCH_ASSOC)) { + $header = [ 'id' => $pm['id'], 'waiting' => $query->rowCount() - 1 ]; + } else { $header = true; + } - if ($config['cache']['enabled']) + if ($config['cache']['enabled']) { cache::set('pm_unread_' . $mod['id'], $header); + } - if ($header === true) + if ($header === true) { return false; + } return $header; } -function make_secure_link_token($uri) { +function make_secure_link_token(string $uri): string { global $mod, $config; return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8); } -function check_login(Context $ctx, $prompt = false) { +function check_login(Context $ctx, bool $prompt = false): void { global $config, $mod; // Validate session @@ -188,7 +191,9 @@ function check_login(Context $ctx, $prompt = false) { if (count($cookie) != 3) { // Malformed cookies destroyCookies(); - if ($prompt) mod_login($ctx); + if ($prompt) { + mod_login($ctx); + } exit; } @@ -201,7 +206,9 @@ function check_login(Context $ctx, $prompt = false) { if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) { // Malformed cookies destroyCookies(); - if ($prompt) mod_login($ctx); + if ($prompt) { + mod_login($ctx); + } exit; } diff --git a/inc/mod/pages.php b/inc/mod/pages.php index bcb324b0..477eeec2 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -3,21 +3,30 @@ * Copyright (c) 2010-2013 Tinyboard Development Group */ use Vichan\Context; -use Vichan\Data\ReportQueries; -use Vichan\Functions\Format; +use Vichan\Data\{IpNoteQueries, UserPostQueries, ReportQueries}; +use Vichan\Data\Driver\LogDriver; use Vichan\Functions\Net; -use function Vichan\Functions\Net\decode_cursor; -use function Vichan\Functions\Net\encode_cursor; - defined('TINYBOARD') or exit; -function _link_or_copy(string $target, string $link): bool { - if (!link($target, $link)) { - error_log("Failed to link() $target to $link. FAlling back to copy()"); - return copy($target, $link); +function _link_or_copy_factory(Context $ctx): callable { + return function(string $target, string $link) use ($ctx) { + if (!\link($target, $link)) { + $ctx->get(LogDriver::class)->log(LogDriver::NOTICE, "Failed to link() $target to $link. FAlling back to copy()"); + return \copy($target, $link); + } + return true; + }; +} + +function _trim_str_param(array $arr, string $key): ?string { + if (isset($arr[$key])) { + $trimmed = \trim($arr[$key]); + if (!empty($trimmed)) { + return $trimmed; + } } - return true; + return null; } function mod_page($title, $template, $args, $subtitle = false) { @@ -47,7 +56,7 @@ function clone_wrapped_with_exist_check($clonefn, $src, $dest) { } function mod_login(Context $ctx, $redirect = false) { - global $config; + $config = $ctx->get('config'); $args = []; @@ -58,8 +67,7 @@ function mod_login(Context $ctx, $redirect = false) { if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') { $args['error'] = $config['error']['invalid']; } elseif (!login($_POST['username'], $_POST['password'])) { - if ($config['syslog']) - _syslog(LOG_WARNING, 'Unauthorized login attempt!'); + $ctx->get(LogDriver::class)->log(LogDriver::INFO, 'Unauthorized login attempt!'); $args['error'] = $config['error']['invalid']; } else { @@ -91,15 +99,16 @@ function mod_confirm(Context $ctx, $request) { } function mod_logout(Context $ctx) { - global $config; + $config = $ctx->get('config'); destroyCookies(); header('Location: ?/', true, $config['redirect_http']); } function mod_dashboard(Context $ctx) { - global $config, $mod; + global $mod; + $config = $ctx->get('config'); $report_queries = $ctx->get(ReportQueries::class); $args = []; @@ -193,7 +202,7 @@ function mod_dashboard(Context $ctx) { } function mod_search_redirect(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['search'])) error($config['error']['noaccess']); @@ -473,7 +482,9 @@ function mod_edit_board(Context $ctx, $boardName) { } function mod_new_board(Context $ctx) { - global $config, $board; + global $board; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']); @@ -539,7 +550,9 @@ function mod_new_board(Context $ctx) { } function mod_noticeboard(Context $ctx, $page_no = 1) { - global $config, $pdo, $mod; + global $pdo, $mod; + + $config = $ctx->get('config'); if ($page_no < 1) error($config['error']['404']); @@ -594,7 +607,7 @@ function mod_noticeboard(Context $ctx, $page_no = 1) { } function mod_noticeboard_delete(Context $ctx, $id) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); @@ -612,7 +625,9 @@ function mod_noticeboard_delete(Context $ctx, $id) { } function mod_news(Context $ctx, $page_no = 1) { - global $config, $pdo, $mod; + global $pdo, $mod; + + $config = $ctx->get('config'); if ($page_no < 1) error($config['error']['404']); @@ -659,7 +674,7 @@ function mod_news(Context $ctx, $page_no = 1) { } function mod_news_delete(Context $ctx, $id) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['news_delete'])) error($config['error']['noaccess']); @@ -674,7 +689,7 @@ function mod_news_delete(Context $ctx, $id) { } function mod_log(Context $ctx, $page_no = 1) { - global $config; + $config = $ctx->get('config'); if ($page_no < 1) error($config['error']['404']); @@ -699,7 +714,7 @@ function mod_log(Context $ctx, $page_no = 1) { } function mod_user_log(Context $ctx, $username, $page_no = 1) { - global $config; + $config = $ctx->get('config'); if ($page_no < 1) error($config['error']['404']); @@ -736,7 +751,7 @@ function protect_ip($entry) { } function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false, $public = false) { - global $config; + $config = $ctx->get('config'); if ($page_no < 1) error($config['error']['404']); @@ -769,7 +784,10 @@ function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false, } function mod_view_catalog(Context $ctx, $boardName) { - global $config; + global $mod; + + $config = $ctx->get('config'); + require_once($config['dir']['themes'].'/catalog/theme.php'); $settings = []; $settings['boards'] = $boardName; @@ -801,7 +819,9 @@ function mod_view_catalog(Context $ctx, $boardName) { } function mod_view_board(Context $ctx, $boardName, $page_no = 1) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!openBoard($boardName)){ require "templates/themes/overboards/overboards.php"; @@ -832,208 +852,142 @@ function mod_view_board(Context $ctx, $boardName, $page_no = 1) { } function mod_view_thread(Context $ctx, $boardName, $thread) { - global $config, $mod; + global $mod; - if (!openBoard($boardName)) + if (!openBoard($boardName)) { + $config = $ctx->get('config'); error($config['error']['noboard']); + } $page = buildThread($thread, true, $mod); echo $page; } function mod_view_thread50(Context $ctx, $boardName, $thread) { - global $config, $mod; + global $mod; - if (!openBoard($boardName)) + if (!openBoard($boardName)) { + $config = $ctx->get('config'); error($config['error']['noboard']); + } $page = buildThread50($thread, true, $mod); echo $page; } function mod_ip_remove_note(Context $ctx, $ip, $id) { - global $config; + $config = $ctx->get('config'); - if (!hasPermission($config['mod']['remove_notes'])) - error($config['error']['noaccess']); + if (!hasPermission($config['mod']['remove_notes'])) { + error($config['error']['noaccess']); + } - if (filter_var($ip, FILTER_VALIDATE_IP) === false) - error("Invalid IP address."); + if (filter_var($ip, \FILTER_VALIDATE_IP) === false) { + error('Invalid IP address'); + } - $query = prepare('DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id'); - $query->bindValue(':ip', $ip); - $query->bindValue(':id', $id); - $query->execute() or error(db_error($query)); + if (!is_numeric($id)) { + error('Invalid note ID'); + } - modLog("Removed a note for {$ip}"); + $queries = $ctx->get(IpNoteQueries::class); + $deleted = $queries->deleteWhereIp((int)$id, $ip); - header('Location: ?/IP/' . $ip . '#notes', true, $config['redirect_http']); + if (!$deleted) { + error("Note $id does not exist for $ip"); + } + + modLog("Removed a note for {$ip}"); + + \header("Location: ?/user_posts/ip/$ip#notes", true, $config['redirect_http']); } -function mod_ip(Context $ctx, $ip, string $encoded_cursor = '') { - global $config, $mod; +function mod_ip(Context $ctx, $ip, string $encoded_cursor = null) { + global $mod; + $config = $ctx->get('config'); - if (filter_var($ip, FILTER_VALIDATE_IP) === false) - error("Invalid IP address."); + if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + error('Invalid IP address'); + } if (isset($_POST['ban_id'], $_POST['unban'])) { - if (!hasPermission($config['mod']['unban'])) + if (!hasPermission($config['mod']['unban'])) { error($config['error']['noaccess']); + } Bans::delete($_POST['ban_id'], true, $mod['boards']); if (empty($encoded_cursor)) { - header("Location: ?/IP/$ip#bans", true, $config['redirect_http']); + \header("Location: ?/user_posts/ip/$ip#bans", true, $config['redirect_http']); } else { - header("Location: ?/IP/$ip/cursor/$encoded_cursor#bans", true, $config['redirect_http']); + \header("Location: ?/user_posts/ip/$ip/cursor/$encoded_cursor#bans", true, $config['redirect_http']); } return; } if (isset($_POST['note'])) { - if (!hasPermission($config['mod']['create_notes'])) + if (!hasPermission($config['mod']['create_notes'])) { error($config['error']['noaccess']); + } $_POST['note'] = escape_markup_modifiers($_POST['note']); markup($_POST['note']); - $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query->bindValue(':ip', $ip); - $query->bindValue(':mod', $mod['id']); - $query->bindValue(':time', time()); - $query->bindValue(':body', $_POST['note']); - $query->execute() or error(db_error($query)); + + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($ip, $mod['id'], $_POST['note']); Cache::delete("mod_page_ip_view_notes_$ip"); - modLog("Added a note for {$ip}"); + modLog("Added a note for {$ip}"); if (empty($encoded_cursor)) { - header("Location: ?/IP/$ip#notes", true, $config['redirect_http']); + \header("Location: ?/user_posts/ip/$ip#notes", true, $config['redirect_http']); } else { - header("Location: ?/IP/$ip/cursor/$encoded_cursor#notes", true, $config['redirect_http']); + \header("Location: ?/user_posts/ip/$ip/cursor/$encoded_cursor#notes", true, $config['redirect_http']); } return; } + // Temporary Redirect so to not to break the note and unban system. + if (empty($encoded_cursor)) { + \header("Location: ?/user_posts/ip/$ip", true, 307); + } else { + \header("Location: ?/user_posts/ip/$ip/cursor/$encoded_cursor", true, 307); + } +} + +function mod_user_posts_by_ip(Context $ctx, string $ip, string $encoded_cursor = null) { + global $mod; + + if (\filter_var($ip, \FILTER_VALIDATE_IP) === false){ + error('Invalid IP address'); + } + + $config = $ctx->get('config'); + $args = [ 'ip' => $ip, 'posts' => [] ]; + if (isset($config['mod']['ip_recentposts'])) { + // TODO log to migrate. + $page_size = $config['mod']['ip_recentposts']; + } else { + $page_size = $config['mod']['recent_user_posts']; + } + if ($config['mod']['dns_lookup']) { $args['hostname'] = rDNS($ip); } - // Decode the cursor. - list($cursor_type, $board_id_cursor_map) = decode_cursor($encoded_cursor); - $post_per_page = $config['mod']['ip_recentposts']; - $next_cursor_map = []; - $prev_cursor_map = []; - - $boards = listBoards(); - foreach ($boards as $board) { - $uri = $board['uri']; - openBoard($uri); - if (hasPermission($config['mod']['show_ip'], $uri)) { - // Extract the cursor relative to the board. - $id_cursor = false; - if (isset($board_id_cursor_map[$uri])) { - $value = $board_id_cursor_map[$uri]; - if (is_numeric($value)) { - $id_cursor = (int)$value; - } - } - - if ($id_cursor === false) { - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); - $query->bindValue(':ip', $ip); - $query->bindValue(':limit', $post_per_page + 1, PDO::PARAM_INT); // Always fetch more. - $query->execute(); - $posts = $query->fetchAll(PDO::FETCH_ASSOC); - } elseif ($cursor_type === 'n') { - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip AND `id` <= :start_id ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $uri)); - $query->bindValue(':ip', $ip); - $query->bindValue(':start_id', $id_cursor, PDO::PARAM_INT); - $query->bindValue(':limit', $post_per_page + 2, PDO::PARAM_INT); // Always fetch more. - $query->execute(); - $posts = $query->fetchAll(PDO::FETCH_ASSOC); - } elseif ($cursor_type === 'p') { - // FIXME - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip AND `id` >= :start_id ORDER BY `sticky` ASC, `id` ASC LIMIT :limit', $uri)); - $query->bindValue(':ip', $ip); - $query->bindValue(':start_id', $id_cursor, PDO::PARAM_INT); - $query->bindValue(':limit', $post_per_page + 2, PDO::PARAM_INT); // Always fetch more. - $query->execute(); - $posts = array_reverse($query->fetchAll(PDO::FETCH_ASSOC)); - } else { - throw new RuntimeException("Unknown cursor type '$cursor_type'"); - } - - $posts_count = count($posts); - - if ($posts_count === $post_per_page + 2) { - $has_extra_prev_post = true; - $has_extra_end_post = true; - } elseif ($posts_count === $post_per_page + 1) { - $has_extra_prev_post = $id_cursor !== false && $posts[0]['id'] == $id_cursor; - $has_extra_end_post = !$has_extra_prev_post; - } else { - $has_extra_prev_post = false; - $has_extra_end_post = false; - } - - // Get the previous cursor, if any. - if ($has_extra_prev_post) { - // Select the most recent post. - $prev_cursor_map[$uri] = $posts[1]['id']; - array_shift($posts); - $posts_count--; - } - // Get the next cursor, if any. - if ($has_extra_end_post) { - // Since we fetched 1 above the limit, we always know if there are any posts after the current page. - // Query orders by DESC, so the SECOND last post has the lowest ID. - array_pop($posts); - $next_cursor_map[$uri] = $posts[$posts_count - 2]['id']; - } - - // Finally load the post contents and build them. - foreach ($posts as $post) { - if (!$post['thread']) { - $po = new Thread($post, '?/', $mod, false); - } else { - $po = new Post($post, '?/', $mod); - } - - if (!isset($args['posts'][$uri])) { - $args['posts'][$uri] = [ 'board' => $board, 'posts' => [] ]; - } - $args['posts'][$uri]['posts'][] = $po->build(true); - } - } - } - - // Build the cursors. - $args['cursor_prev'] = !empty($encoded_cursor) ? encode_cursor('p', $prev_cursor_map) : false; - $args['cursor_next'] = !empty($next_cursor_map) ? encode_cursor('n', $next_cursor_map) : false; - - $args['boards'] = $boards; - $args['token'] = make_secure_link_token('ban'); - if (hasPermission($config['mod']['view_ban'])) { $args['bans'] = Bans::find($ip, false, true, $config['auto_maintenance']); } if (hasPermission($config['mod']['view_notes'])) { - $ret = Cache::get("mod_page_ip_view_notes_$ip"); - if (!$ret) { - $query = prepare("SELECT ``ip_notes``.*, `username` FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip ORDER BY `time` DESC"); - $query->bindValue(':ip', $ip); - $query->execute() or error(db_error($query)); - $ret = $query->fetchAll(PDO::FETCH_ASSOC); - Cache::set("mod_page_ip_view_notes_$ip", $ret, 900); - } - $args['notes'] = $ret; + $note_queries = $ctx->get(IpNoteQueries::class); + $args['notes'] = $note_queries->getByIp($ip); } if (hasPermission($config['mod']['modlog_ip'])) { @@ -1050,29 +1004,138 @@ function mod_ip(Context $ctx, $ip, string $encoded_cursor = '') { $args['logs'] = []; } + $boards = listBoards(); + + $queryable_uris = []; + foreach ($boards as $board) { + $uri = $board['uri']; + if (hasPermission($config['mod']['show_ip'], $uri)) { + $queryable_uris[] = $uri; + } + } + + $queries = $ctx->get(UserPostQueries::class); + $result = $queries->fetchPaginatedByIp($queryable_uris, $ip, $page_size, $encoded_cursor); + + $args['cursor_prev'] = $result->cursor_prev; + $args['cursor_next'] = $result->cursor_next; + + foreach($boards as $board) { + $uri = $board['uri']; + // The Thread and Post classes rely on some implicit board parameter set by openBoard. + openBoard($uri); + + // Finally load the post contents and build them. + foreach ($result->by_uri[$uri] as $post) { + if (!$post['thread']) { + $po = new Thread($post, '?/', $mod, false); + } else { + $po = new Post($post, '?/', $mod); + } + + if (!isset($args['posts'][$uri])) { + $args['posts'][$uri] = [ 'board' => $board, 'posts' => [] ]; + } + $args['posts'][$uri]['posts'][] = $po->build(true); + } + } + + $args['boards'] = $boards; + $args['token'] = make_secure_link_token('ban'); + + // Since the security token is only used to send requests to create notes and remove bans, use "?/IP/" as the url. if (empty($encoded_cursor)) { $args['security_token'] = make_secure_link_token("IP/$ip"); } else { $args['security_token'] = make_secure_link_token("IP/$ip/cursor/$encoded_cursor"); } - mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($ip)), 'mod/view_ip.html', $args, $args['hostname']); + mod_page(\sprintf('%s: %s', _('IP'), \htmlspecialchars($ip)), 'mod/view_ip.html', $args, $args['hostname']); +} + +function mod_user_posts_by_passwd(Context $ctx, string $passwd, string $encoded_cursor = null) { + global $mod; + + // The current hashPassword implementation uses sha3-256, which has a 64 character output in non-binary mode. + if (\strlen($passwd) != 64) { + error('Invalid password'); + } + + $config = $ctx->get('config'); + + $args = [ + 'passwd' => $passwd, + 'posts' => [] + ]; + + if (isset($config['mod']['ip_recentposts'])) { + // TODO log to migrate. + $page_size = $config['mod']['ip_recentposts']; + } else { + $page_size = $config['mod']['recent_user_posts']; + } + + $boards = listBoards(); + + $queryable_uris = []; + foreach ($boards as $board) { + $uri = $board['uri']; + if (hasPermission($config['mod']['show_ip'], $uri)) { + $queryable_uris[] = $uri; + } + } + + $queries = $ctx->get(UserPostQueries::class); + $result = $queries->fetchPaginateByPassword($queryable_uris, $passwd, $page_size, $encoded_cursor); + + $args['cursor_prev'] = $result->cursor_prev; + $args['cursor_next'] = $result->cursor_next; + + foreach($boards as $board) { + $uri = $board['uri']; + // The Thread and Post classes rely on some implicit board parameter set by openBoard. + openBoard($uri); + + // Finally load the post contents and build them. + foreach ($result->by_uri[$uri] as $post) { + if (!$post['thread']) { + $po = new Thread($post, '?/', $mod, false); + } else { + $po = new Post($post, '?/', $mod); + } + + if (!isset($args['posts'][$uri])) { + $args['posts'][$uri] = [ 'board' => $board, 'posts' => [] ]; + } + $args['posts'][$uri]['posts'][] = $po->build(true); + } + } + + $args['boards'] = $boards; + $args['token'] = make_secure_link_token('ban'); + + mod_page(\sprintf('%s: %s', _('Password'), \htmlspecialchars($passwd)), 'mod/view_passwd.html', $args); } function mod_ban(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); - if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) { + $ip = _trim_str_param($_POST, 'ip' ); + $reason = _trim_str_param($_POST, 'reason'); + $length = _trim_str_param($_POST, 'length'); + $board = _trim_str_param($_POST, 'board'); + + if (!isset($ip, $reason, $length, $board)) { mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban'))); return; } require_once 'inc/mod/ban.php'; - Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board']); + Bans::new_ban($ip, $reason, $length, $board == '*' ? false : $board); if (isset($_POST['redirect'])) header('Location: ' . $_POST['redirect'], true, $config['redirect_http']); @@ -1081,7 +1144,7 @@ function mod_ban(Context $ctx) { } function mod_warning(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['warning'])) error($config['error']['noaccess']); @@ -1098,9 +1161,10 @@ function mod_warning(Context $ctx) { } function mod_bans(Context $ctx) { - global $config; global $mod; + $config = $ctx->get('config'); + if (!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); @@ -1133,19 +1197,20 @@ function mod_bans(Context $ctx) { } function mod_bans_json(Context $ctx) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']); - // Compress the json for faster loads - if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) ob_start("ob_gzhandler"); - - Bans::stream_json(false, false, !hasPermission($config['mod']['view_banstaff']), $mod['boards']); + Bans::stream_json(false, !hasPermission($config['mod']['view_banstaff']), $mod['boards']); } function mod_ban_appeals(Context $ctx) { - global $config, $board; + global $board; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['view_ban_appeals'])) error($config['error']['noaccess']); @@ -1227,7 +1292,7 @@ function mod_ban_appeals(Context $ctx) { } function mod_lock(Context $ctx, $board, $unlock, $post) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -1263,7 +1328,7 @@ function mod_lock(Context $ctx, $board, $unlock, $post) { } function mod_sticky(Context $ctx, $board, $unsticky, $post) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -1287,7 +1352,7 @@ function mod_sticky(Context $ctx, $board, $unsticky, $post) { } function mod_cycle(Context $ctx, $board, $uncycle, $post) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -1309,7 +1374,7 @@ function mod_cycle(Context $ctx, $board, $uncycle, $post) { } function mod_bumplock(Context $ctx, $board, $unbumplock, $post) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -1456,8 +1521,9 @@ function mod_move(Context $ctx, $originBoard, $postID) { if ($targetBoard === $originBoard) error(_('Target and source board are the same.')); + $_link_or_copy = _link_or_copy_factory($ctx); // link() if leaving a shadow thread behind; else, rename(). - $clone = $shadow ? '_link_or_copy' : 'rename'; + $clone = $shadow ? $_link_or_copy : 'rename'; // indicate that the post is a thread $post['op'] = true; @@ -1751,7 +1817,8 @@ function mod_merge(Context $ctx, $originBoard, $postID) { $op = $post; $op['id'] = $newID; - $clone = $shadow ? '_link_or_copy' : 'rename'; + $_link_or_copy = _link_or_copy_factory($ctx); + $clone = $shadow ? $_link_or_copy : 'rename'; if ($post['has_file']) { // copy image @@ -1890,7 +1957,9 @@ function mod_merge(Context $ctx, $originBoard, $postID) { } function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -1913,25 +1982,41 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) { if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) { require_once 'inc/mod/ban.php'; - if (isset($_POST['ip'])) - $ip = $_POST['ip']; + if (isset($_POST['ip'])) { + $ip_trim = \trim($_POST['ip']); + if (!empty($ip_trim)) { + $ip = $ip_trim; + } + } - Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board'], + $target_ip = \trim($_POST['ip']); + $reason = \trim($_POST['reason']); + $length = \trim($_POST['length']); + $target_board = \trim($_POST['board']); + + Bans::new_ban($target_ip, $reason, $length, $target_board == '*' ? false : $target_board, false, $config['ban_show_post'] ? $_post : false); - if (isset($_POST['public_message'], $_POST['message'])) { + $message = _trim_str_param($_POST, 'message'); + $public_message = _trim_str_param($_POST, 'public_message'); + + if (isset($public_message, $message)) { // public ban message - $length_english = Bans::parse_time($_POST['length']) ? 'for ' . until(Bans::parse_time($_POST['length'])) : 'permanently'; - $_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']); - $_POST['message'] = str_replace('%length%', $length_english, $_POST['message']); - $_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']); + $length_parsed = Bans::parse_time($length); + $length_english = $length_parsed ? 'for ' . until($length_parsed) : 'permanently'; + + $message = \trim($_POST['message']); + $message = \preg_replace('/[\r\n]/', '', $message); + $message = \str_replace('%length%', $length_english, $message); + $message = \str_replace('%LENGTH%', \strtoupper($length_english), $message); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board)); $query->bindValue(':id', $post); - $query->bindValue(':body_nomarkup', sprintf("\n%s", utf8tohtml($_POST['message']))); + $query->bindValue(':body_nomarkup', sprintf("\n%s", utf8tohtml($message))); $query->execute() or error(db_error($query)); rebuildPost($post); - modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message'])); + modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($message)); buildThread($thread ? $thread : $post); buildIndex(); } elseif (isset($_POST['delete']) && (int) $_POST['delete']) { @@ -1967,14 +2052,10 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) { $autotag .= "/${board}/" . " " . $filehash . " " . $filename ."\r\n"; $autotag .= $body . "\r\n"; $autotag = escape_markup_modifiers($autotag); - markup($autotag); - $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query->bindValue(':ip', $ip); - $query->bindValue(':mod', $mod['id']); - $query->bindValue(':time', time()); - $query->bindValue(':body', $autotag); - $query->execute() or error(db_error($query)); - modLog("Added a note for {$ip}"); + + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($ip, $mod['id'], $autotag); + modLog("Added a note for {$ip}"); } } deletePost($post); @@ -2013,7 +2094,9 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) { } function mod_warning_post(Context $ctx, $board, $post, $token = false) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -2031,19 +2114,25 @@ function mod_warning_post(Context $ctx, $board, $post, $token = false) { $ip = $_post['ip']; if (isset($_POST['new_warning'])) { - if (isset($_POST['ip'])) - $ip = $_POST['ip']; + if (isset($_POST['ip'])) { + $ip_trim = \trim($_POST['ip']); + if (!empty($ip_trim)) { + $ip = $ip_trim; + } + } - if (isset($_POST['public_message'], $_POST['message'])) { + $message = _trim_str_param($_POST, 'message'); + $public_message = _trim_str_param($_POST, 'public_message'); + + if (isset($public_message, $message)) { // public warning message - $_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']); $query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board)); $query->bindValue(':id', $post); - $query->bindValue(':body_nomarkup', sprintf("\n%s", utf8tohtml($_POST['message']))); + $query->bindValue(':body_nomarkup', sprintf("\n%s", utf8tohtml($message))); $query->execute() or error(db_error($query)); rebuildPost($post); - modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($_POST['message'])); + modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($message)); buildThread($thread ? $thread : $post); buildIndex(); @@ -2079,13 +2168,10 @@ function mod_warning_post(Context $ctx, $board, $post, $token = false) { $autotag .= $body . "\r\n"; $autotag = escape_markup_modifiers($autotag); markup($autotag); - $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query->bindValue(':ip', $ip); - $query->bindValue(':mod', $mod['id']); - $query->bindValue(':time', time()); - $query->bindValue(':body', $autotag); - $query->execute() or error(db_error($query)); - modLog("Added a note for {$ip}"); + + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($ip, $mod['id'], $autotag); + modLog("Added a note for {$ip}"); } } } @@ -2113,7 +2199,7 @@ function mod_warning_post(Context $ctx, $board, $post, $token = false) { } function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -2190,7 +2276,9 @@ function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) { } function mod_delete(Context $ctx, $board, $post) { - global $config; + global $mod; + + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -2231,13 +2319,10 @@ function mod_delete(Context $ctx, $board, $post) { $autotag .= $body . "\r\n"; $autotag = escape_markup_modifiers($autotag); markup($autotag); - $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query->bindValue(':ip', $ip); - $query->bindValue(':mod', $mod['id']); - $query->bindValue(':time', time()); - $query->bindValue(':body', $autotag); - $query->execute() or error(db_error($query)); - modLog("Added a note for {$ip}"); + + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($ip, $mod['id'], $autotag); + modLog("Added a note for {$ip}"); } } deletePost($post); @@ -2256,7 +2341,7 @@ function mod_delete(Context $ctx, $board, $post) { } function mod_deletefile(Context $ctx, $board, $post, $file) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -2279,7 +2364,7 @@ function mod_deletefile(Context $ctx, $board, $post, $file) { } function mod_spoiler_image(Context $ctx, $board, $post, $file) { - global $config; + $config = $ctx->get('config'); if (!openBoard($board)) error($config['error']['noboard']); @@ -2324,8 +2409,9 @@ function mod_spoiler_image(Context $ctx, $board, $post, $file) { } function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) { - global $config, $board; + global $board, $mod; + $config = $ctx->get('config'); $global = (bool)$global; if (!openBoard($boardName)) @@ -2402,13 +2488,10 @@ function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) { $autotag .= $body . "\r\n"; $autotag = escape_markup_modifiers($autotag); markup($autotag); - $query2 = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); - $query2->bindValue(':ip', $ip); - $query2->bindValue(':mod', $mod['id']); - $query2->bindValue(':time', time()); - $query2->bindValue(':body', $autotag); - $query2->execute() or error(db_error($query2)); - modLog("Added a note for {$ip}"); + + $note_queries = $ctx->get(IpNoteQueries::class); + $note_queries->add($ip, $mod['id'], $autotag); + modLog("Added a note for {$ip}"); } } @@ -2439,14 +2522,16 @@ function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) { } // Record the action - modLog("Deleted all posts by IP address: $ip"); + modLog("Deleted all posts by IP address: $ip"); // Redirect header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']); } function mod_user(Context $ctx, $uid) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id'])) error($config['error']['noaccess']); @@ -2624,7 +2709,7 @@ function mod_user_new(Context $ctx) { function mod_users(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); @@ -2645,7 +2730,7 @@ function mod_users(Context $ctx) { } function mod_user_promote(Context $ctx, $uid, $action) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); @@ -2743,7 +2828,7 @@ function mod_pm(Context $ctx, $id, $reply = false) { } function mod_inbox(Context $ctx) { - global $config, $mod; + global $mod; $query = prepare('SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC'); $query->bindValue(':mod', $mod['id']); @@ -2767,7 +2852,9 @@ function mod_inbox(Context $ctx) { function mod_new_pm(Context $ctx, $username) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); @@ -2815,7 +2902,9 @@ function mod_new_pm(Context $ctx, $username) { } function mod_rebuild(Context $ctx) { - global $config, $twig; + global $twig; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']); @@ -2887,7 +2976,9 @@ function mod_rebuild(Context $ctx) { } function mod_reports(Context $ctx) { - global $config, $mod; + global $mod; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); @@ -2916,8 +3007,10 @@ function mod_reports(Context $ctx) { $po = new Post($post, '?/', $mod); } + $body .= $po->build(true); + // A little messy and inefficient. - $append_html = Element('mod/report.html', array( + $report_html = Element('mod/report.html', array( 'report' => $report, 'config' => $config, 'mod' => $mod, @@ -2925,22 +3018,7 @@ function mod_reports(Context $ctx) { 'token_all' => make_secure_link_token('reports/' . $report['id'] . '/dismissall') )); - // Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21 - $po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '
')); - - if (\mb_strlen($po->body) + \mb_strlen($append_html) > $config['body_truncate_char']) { - // still too long; temporarily increase limit in the config - $__old_body_truncate_char = $config['body_truncate_char']; - $config['body_truncate_char'] = \mb_strlen($po->body) + \mb_strlen($append_html); - } - - $po->body .= $append_html; - - $body .= $po->build(true) . '
'; - - if (isset($__old_body_truncate_char)) { - $config['body_truncate_char'] = $__old_body_truncate_char; - } + $body .= $report_html . '
'; } $count = \count($report_rows); @@ -2954,7 +3032,7 @@ function mod_reports(Context $ctx) { } function mod_report_dismiss(Context $ctx, $id, $all = false) { - global $config; + $config = $ctx->get('config'); $report_queries = $ctx->get(ReportQueries::class); $report = $report_queries->getReportById($id); @@ -2976,7 +3054,7 @@ function mod_report_dismiss(Context $ctx, $id, $all = false) { if ($all) { $report_queries->deleteByIp($ip); - modLog("Dismissed all reports by $ip"); + modLog("Dismissed all reports by $ip"); } else { $report_queries->deleteById($id); modLog("Dismissed a report for post #{$id}", $board); @@ -2986,13 +3064,27 @@ function mod_report_dismiss(Context $ctx, $id, $all = false) { } function mod_recent_posts(Context $ctx, $lim, $board_list = false, $json = false) { - global $config, $mod, $pdo; + global $mod, $pdo; + + $config = $ctx->get('config'); if (!hasPermission($config['mod']['recent'])) error($config['error']['noaccess']); - $limit = (is_numeric($lim))? $lim : 25; - $last_time = (isset($_GET['last']) && is_numeric($_GET['last'])) ? $_GET['last'] : 0; + $limit = 25; + if (\is_numeric($lim)) { + $lim = \intval($lim); + if ($lim > 0 && $lim < 1000) { + $limit = $lim; + } + } + $last_time = 0; + if (isset($_GET['last']) && \is_numeric($_GET['last'])) { + $last = \intval($_GET['last']); + if ($last > 0) { + $last_time = $last; + } + } $mod_boards = []; $boards = listBoards(); @@ -3084,7 +3176,9 @@ function mod_recent_posts(Context $ctx, $lim, $board_list = false, $json = false } function mod_config(Context $ctx, $board_config = false) { - global $config, $mod, $board; + global $mod, $board; + + $config = $ctx->get('config'); if ($board_config && !openBoard($board_config)) error($config['error']['noboard']); @@ -3224,7 +3318,7 @@ function mod_config(Context $ctx, $board_config = false) { } function mod_themes_list(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); @@ -3258,7 +3352,7 @@ function mod_themes_list(Context $ctx) { } function mod_theme_configure(Context $ctx, $theme_name) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); @@ -3340,7 +3434,7 @@ function mod_theme_configure(Context $ctx, $theme_name) { } function mod_theme_uninstall(Context $ctx, $theme_name) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); @@ -3357,7 +3451,7 @@ function mod_theme_uninstall(Context $ctx, $theme_name) { } function mod_theme_rebuild(Context $ctx, $theme_name) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); @@ -3406,7 +3500,7 @@ function mod_delete_page_board(Context $ctx, $page = '', $board = false) { } function mod_edit_page(Context $ctx, $id) { - global $config, $mod, $board; + global $mod, $board; $query = prepare('SELECT * FROM ``pages`` WHERE `id` = :id'); $query->bindValue(':id', $id); @@ -3416,6 +3510,8 @@ function mod_edit_page(Context $ctx, $id) { if (!$page) error(_('Could not find the page you are trying to edit.')); + $config = $ctx->get('config'); + if (!$page['board'] && $mod['boards'][0] !== '*') error($config['error']['noaccess']); @@ -3477,11 +3573,13 @@ function mod_edit_page(Context $ctx, $id) { } function mod_pages(Context $ctx, $board = false) { - global $config, $mod, $pdo; + global $mod, $pdo; if (empty($board)) $board = false; + $config = $ctx->get('config'); + if (!$board && $mod['boards'][0] !== '*') error($config['error']['noaccess']); @@ -3602,7 +3700,7 @@ function mod_debug_recent_posts(Context $ctx) { } function mod_debug_sql(Context $ctx) { - global $config; + $config = $ctx->get('config'); if (!hasPermission($config['mod']['debug_sql'])) error($config['error']['noaccess']); diff --git a/inc/nntpchan/nntpchan.php b/inc/nntpchan/nntpchan.php deleted file mode 100644 index de67a193..00000000 --- a/inc/nntpchan/nntpchan.php +++ /dev/null @@ -1,152 +0,0 @@ -"; -} - - -function gen_nntp($headers, $files) { - if (count($files) == 0) { - } - else if (count($files) == 1 && $files[0]['type'] == 'text/plain') { - $content = $files[0]['text'] . "\r\n"; - $headers['Content-Type'] = "text/plain; charset=UTF-8"; - } - else { - $boundary = sha1($headers['Message-Id']); - $content = ""; - $headers['Content-Type'] = "multipart/mixed; boundary=$boundary"; - foreach ($files as $file) { - $content .= "--$boundary\r\n"; - if (isset($file['name'])) { - $file['name'] = preg_replace('/[\r\n\0"]/', '', $file['name']); - $content .= "Content-Disposition: form-data; filename=\"$file[name]\"; name=\"attachment\"\r\n"; - } - $type = explode('/', $file['type'])[0]; - if ($type == 'text') { - $file['type'] .= '; charset=UTF-8'; - } - $content .= "Content-Type: $file[type]\r\n"; - if ($type != 'text' && $type != 'message') { - $file['text'] = base64_encode($file['text']); - $content .= "Content-Transfer-Encoding: base64\r\n"; - } - $content .= "\r\n"; - $content .= $file['text']; - $content .= "\r\n"; - } - $content .= "--$boundary--\r\n"; - - $headers['Mime-Version'] = '1.0'; - } - //$headers['Content-Length'] = strlen($content); - $headers['Date'] = date('r', $headers['Date']); - $out = ""; - foreach ($headers as $id => $val) { - $val = str_replace("\n", "\n\t", $val); - $out .= "$id: $val\r\n"; - } - $out .= "\r\n"; - $out .= $content; - return $out; -} - -function nntp_publish($msg, $id) { - global $config; - $server = $config["nntpchan"]["server"]; - $s = fsockopen("tcp://$server"); - fgets($s); - fputs($s, "MODE STREAM\r\n"); - fgets($s); - fputs($s, "TAKETHIS $id\r\n"); - fputs($s, $msg); - fputs($s, "\r\n.\r\n"); - fgets($s); - fputs($s, "QUIT\r\n"); - fclose($s); -} - -function post2nntp($post, $msgid) { - global $config; - - $headers = array(); - $files = array(); - - $headers['Message-Id'] = $msgid; - $headers['Newsgroups'] = $config['nntpchan']['group']; - $headers['Date'] = time(); - $headers['Subject'] = $post['subject'] ? $post['subject'] : "None"; - $headers['From'] = $post['name'] . " "; - - if ($post['email'] == 'sage') { - $headers['X-Sage'] = true; - } - - if (!$post['op']) { - // Get muh parent - $query = prepare("SELECT `message_id` FROM ``nntp_references`` WHERE `board` = :board AND `id` = :id"); - $query->bindValue(':board', $post['board']); - $query->bindValue(':id', $post['thread']); - $query->execute() or error(db_error($query)); - - if ($result = $query->fetch(PDO::FETCH_ASSOC)) { - $headers['References'] = $result['message_id']; - } - else { - return false; // We don't have OP. Discarding. - } - } - - // Let's parse the body a bit. - $body = trim($post['body_nomarkup']); - $body = preg_replace('/\r?\n/', "\r\n", $body); - $body = preg_replace_callback('@>>(>/([a-zA-Z0-9_+-]+)/)?([0-9]+)@', function($o) use ($post) { - if ($o[1]) { - $board = $o[2]; - } - else { - $board = $post['board']; - } - $id = $o[3]; - - $query = prepare("SELECT `message_id_digest` FROM ``nntp_references`` WHERE `board` = :board AND `id` = :id"); - $query->bindValue(':board', $board); - $query->bindValue(':id', $id); - $query->execute() or error(db_error($query)); - - if ($result = $query->fetch(PDO::FETCH_ASSOC)) { - return ">>".substr($result['message_id_digest'], 0, 18); - } - else { - return $o[0]; // Should send URL imo - } - }, $body); - $body = preg_replace('/>>>>([0-9a-fA-F])+/', '>>\1', $body); - - - $files[] = array('type' => 'text/plain', 'text' => $body); - - foreach ($post['files'] as $id => $file) { - $fc = array(); - - $fc['type'] = $file['type']; - $fc['text'] = file_get_contents($file['file_path']); - $fc['name'] = $file['name']; - - $files[] = $fc; - } - - return array($headers, $files); -} diff --git a/inc/nntpchan/tests.php b/inc/nntpchan/tests.php deleted file mode 100644 index a63789d7..00000000 --- a/inc/nntpchan/tests.php +++ /dev/null @@ -1,30 +0,0 @@ - "czaks ", "Message-Id" => "<1234.0000.".$time."@example.vichan.net>", "Newsgroups" => "overchan.test", "Date" => time(), "Subject" => "None"], -[['type' => 'text/plain', 'text' => "THIS IS A NEW TEST THREAD"]]); -echo "\n@@@@ Single msg:\n"; -echo $m1 = gennntp(["From" => "czaks ", "Message-Id" => "<1234.1234.".$time."@example.vichan.net>", "Newsgroups" => "overchan.test", "Date" => time(), "Subject" => "None", "References" => "<1234.0000.".$time."@example.vichan.net>"], -[['type' => 'text/plain', 'text' => "hello world, with no image :("]]); -echo "\n@@@@ Single msg and pseudoimage:\n"; -echo $m2 = gennntp(["From" => "czaks ", "Message-Id" => "<1234.2137.".$time."@example.vichan.net>", "Newsgroups" => "overchan.test", "Date" => time(), "Subject" => "None", "References" => "<1234.0000.".$time."@example.vichan.net>"], -[['type' => 'text/plain', 'text' => "hello world, now with an image!"], - ['type' => 'image/gif', 'text' => base64_decode("R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs="), 'name' => "urgif.gif"]]); -echo "\n@@@@ Single msg and two pseudoimages:\n"; -echo $m3 = gennntp(["From" => "czaks ", "Message-Id" => "<1234.1488.".$time."@example.vichan.net>", "Newsgroups" => "overchan.test", "Date" => time(), "Subject" => "None", "References" => "<1234.0000.".$time."@example.vichan.net>"], -[['type' => 'text/plain', 'text' => "hello world, now WITH TWO IMAGES!!!"], - ['type' => 'image/gif', 'text' => base64_decode("R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs="), 'name' => "urgif.gif"], - ['type' => 'image/gif', 'text' => base64_decode("R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs="), 'name' => "urgif2.gif"]]); -shoveitup($m0, "<1234.0000.".$time."@example.vichan.net>"); -sleep(1); -shoveitup($m1, "<1234.1234.".$time."@example.vichan.net>"); -sleep(1); -shoveitup($m2, "<1234.2137.".$time."@example.vichan.net>"); -shoveitup($m3, "<1234.1488.".$time."@example.vichan.net>"); - diff --git a/install.php b/install.php index bc3ba7d4..7663a503 100644 --- a/install.php +++ b/install.php @@ -881,6 +881,7 @@ if ($step == 0) { $config['cookies']['salt'] = substr(base64_encode(sha1(rand())), 0, 30); $config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30); + $config['secure_password_salt'] = substr(base64_encode(sha1(rand())), 0, 30); echo Element('page.html', array( 'body' => Element('installer/config.html', array( diff --git a/js/ajax.js b/js/ajax.js index af795a57..3cb06bf1 100644 --- a/js/ajax.js +++ b/js/ajax.js @@ -18,16 +18,25 @@ $(window).ready(function() { // Enable submit button if disabled (cache problem) $('input[type="submit"]').removeAttr('disabled'); - + var setup_form = function($form) { $form.submit(function() { if (do_not_ajax) return true; + + // If the captcha is present, halt if it does not have a response. + if (captchaMode === 'static' || (captchaMode === 'dynamic' && isDynamicCaptchaEnabled())) { + if (captcha_renderer && postCaptchaId && !captcha_renderer.hasResponse(postCaptchaId)) { + captcha_renderer.execute(postCaptchaId); + return false; + } + } + var form = this; var submit_txt = $(this).find('input[type="submit"]').val(); if (window.FormData === undefined) return true; - + var formData = new FormData(this); formData.append('json_response', '1'); formData.append('post', submit_txt); @@ -94,15 +103,15 @@ $(window).ready(function() { setTimeout(function() { $(window).trigger("scroll"); }, 100); } }); - + highlightReply(post_response.id); window.location.hash = post_response.id; $(window).scrollTop($(document).height()); - + $(form).find('input[type="submit"]').val(submit_txt); $(form).find('input[type="submit"]').removeAttr('disabled'); $(form).find('input[name="subject"],input[name="file_url"],\ - textarea[name="body"],input[type="file"]').val('').change(); + textarea[name="body"],input[type="file"],input[name="embed"]').val('').change(); }, cache: false, contentType: false, @@ -114,7 +123,7 @@ $(window).ready(function() { $(form).find('input[type="submit"]').val(submit_txt); $(form).find('input[type="submit"]').removeAttr('disabled'); $(form).find('input[name="subject"],input[name="file_url"],\ - textarea[name="body"],input[type="file"]').val('').change(); + textarea[name="body"],input[type="file"],input[name="embed"]').val('').change(); } else { alert(_('An unknown error occured when posting!')); $(form).find('input[type="submit"]').val(submit_txt); @@ -132,10 +141,10 @@ $(window).ready(function() { contentType: false, processData: false }, 'json'); - + $(form).find('input[type="submit"]').val(_('Posting...')); $(form).find('input[type="submit"]').attr('disabled', true); - + return false; }); }; diff --git a/js/inline-expanding.js b/js/inline-expanding.js index 41625d2d..c44843b0 100644 --- a/js/inline-expanding.js +++ b/js/inline-expanding.js @@ -17,6 +17,10 @@ $(document).ready(function() { // Default maximum image loads. const DEFAULT_MAX = 5; + if (localStorage.inline_expand_fit_height !== 'false') { + $('').appendTo($('head')); + } + let inline_expand_post = function() { let link = this.getElementsByTagName('a'); @@ -56,12 +60,12 @@ $(document).ready(function() { }, add: function(ele) { ele.deferred = $.Deferred(); - ele.deferred.done(function () { + ele.deferred.done(function() { let $loadstart = $.Deferred(); let thumb = ele.childNodes[0]; let img = ele.childNodes[1]; - let onLoadStart = function (img) { + let onLoadStart = function(img) { if (img.naturalWidth) { $loadstart.resolve(img, thumb); } else { @@ -69,15 +73,15 @@ $(document).ready(function() { } }; - $(img).one('load', function () { - $.when($loadstart).done(function () { - // Once fully loaded, update the waiting queue. + $(img).one('load', function() { + $.when($loadstart).done(function() { + // once fully loaded, update the waiting queue --loading; $(ele).data('imageLoading', 'false'); update(); }); }); - $loadstart.done(function (img, thumb) { + $loadstart.done(function(img, thumb) { thumb.style.display = 'none'; img.style.display = ''; }); @@ -202,6 +206,8 @@ $(document).ready(function() { Options.extend_tab('general', '' + _('Number of simultaneous image downloads (0 to disable): ') + ''); + Options.extend_tab('general', ''); + $('#inline-expand-max input') .css('width', '50px') .val(localStorage.inline_expand_max || DEFAULT_MAX) @@ -212,6 +218,21 @@ $(document).ready(function() { localStorage.inline_expand_max = val; }); + + $('#inline-expand-fit-height input').on('change', function() { + if (localStorage.inline_expand_fit_height !== 'false') { + localStorage.inline_expand_fit_height = 'false'; + $('#expand-fit-height-style').remove(); + } + else { + localStorage.inline_expand_fit_height = 'true'; + $('').appendTo($('head')); + } + }); + + if (localStorage.inline_expand_fit_height !== 'false') { + $('#inline-expand-fit-height input').prop('checked', true); + } } if (window.jQuery) { diff --git a/js/options/general.js b/js/options/general.js index c0652269..6715ae1d 100644 --- a/js/options/general.js +++ b/js/options/general.js @@ -43,9 +43,6 @@ $(function(){ document.location.reload(); } }); - - - $("#style-select").detach().css({float:"none","margin-bottom":0}).appendTo(tab.content); }); }(); diff --git a/js/post-filter.js b/js/post-filter.js index f3f161c6..78fd35ce 100644 --- a/js/post-filter.js +++ b/js/post-filter.js @@ -237,12 +237,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata var postUid = $ele.find('.poster_id').text(); } - let postName; - let postTrip = ''; - if (!pageData.forcedAnon) { - postName = (typeof $ele.find('.name').contents()[0] == 'undefined') ? '' : nameSpanToString($ele.find('.name')[0]); - postTrip = $ele.find('.trip').text(); - } + let postName = (typeof $ele.find('.name').contents()[0] == 'undefined') ? '' : nameSpanToString($ele.find('.name')[0]); + let postTrip = $ele.find('.trip').text(); /* display logic and bind click handlers */ @@ -297,39 +293,34 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata } // name - if (!pageData.forcedAnon && !$ele.data('hiddenByName')) { + if (!$ele.data('hiddenByName')) { $buffer.find('#filter-add-name').click(function () { addFilter('name', postName, false); }); $buffer.find('#filter-remove-name').addClass('hidden'); - } else if (!pageData.forcedAnon) { + } else { $buffer.find('#filter-remove-name').click(function () { removeFilter('name', postName, false); }); - $buffer.find('#filter-add-name').addClass('hidden'); - } else { - // board has forced anon - $buffer.find('#filter-remove-name').addClass('hidden'); $buffer.find('#filter-add-name').addClass('hidden'); } // tripcode - if (!pageData.forcedAnon && !$ele.data('hiddenByTrip') && postTrip !== '') { + if (!$ele.data('hiddenByTrip') && postTrip !== '') { $buffer.find('#filter-add-trip').click(function () { addFilter('trip', postTrip, false); }); $buffer.find('#filter-remove-trip').addClass('hidden'); - } else if (!pageData.forcedAnon && postTrip !== '') { + } else if (postTrip !== '') { $buffer.find('#filter-remove-trip').click(function () { removeFilter('trip', postTrip, false); }); $buffer.find('#filter-add-trip').addClass('hidden'); } else { - // board has forced anon $buffer.find('#filter-remove-trip').addClass('hidden'); $buffer.find('#filter-add-trip').addClass('hidden'); } @@ -391,7 +382,6 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata var localList = pageData.localList; var noReplyList = pageData.noReplyList; var hasUID = pageData.hasUID; - var forcedAnon = pageData.forcedAnon; var hasTrip = ($post.find('.trip').length > 0); var hasSub = ($post.find('.subject').length > 0); @@ -432,9 +422,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata } // matches generalFilter - if (!forcedAnon) - name = (typeof $post.find('.name').contents()[0] == 'undefined') ? '' : nameSpanToString($post.find('.name')[0]); - if (!forcedAnon && hasTrip) + name = (typeof $post.find('.name').contents()[0] == 'undefined') ? '' : nameSpanToString($post.find('.name')[0]); + if (hasTrip) trip = $post.find('.trip').text(); if (hasSub) subject = $post.find('.subject').text(); @@ -455,13 +444,13 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata pattern = new RegExp(rule.value); switch (rule.type) { case 'name': - if (!forcedAnon && pattern.test(name)) { + if (pattern.test(name)) { $post.data('hiddenByName', true); hide(post); } break; case 'trip': - if (!forcedAnon && hasTrip && pattern.test(trip)) { + if (hasTrip && pattern.test(trip)) { $post.data('hiddenByTrip', true); hide(post); } @@ -488,13 +477,13 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata } else { switch (rule.type) { case 'name': - if (!forcedAnon && rule.value == name) { + if (rule.value == name) { $post.data('hiddenByName', true); hide(post); } break; case 'trip': - if (!forcedAnon && hasTrip && rule.value == trip) { + if (hasTrip && rule.value == trip) { $post.data('hiddenByTrip', true); hide(post); } @@ -827,8 +816,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata boardId: board_name, // get the id from the global variable localList: [], // all the blacklisted post IDs or UIDs that apply to the current page noReplyList: [], // any posts that replies to the contents of this list shall be hidden - hasUID: (document.getElementsByClassName('poster_id').length > 0), - forcedAnon: ($('th:contains(Name)').length === 0) // tests by looking for the Name label on the reply form + hasUID: (document.getElementsByClassName('poster_id').length > 0) }; initStyle(); diff --git a/js/post-menu.js b/js/post-menu.js index 79cfd868..c2155c00 100644 --- a/js/post-menu.js +++ b/js/post-menu.js @@ -104,8 +104,10 @@ function buildMenu(e) { function addButton(post) { var $ele = $(post); + // Use unicode code with ascii variant selector + // https://stackoverflow.com/questions/37906969/how-to-prevent-ios-from-converting-ascii-into-emoji $ele.find('input.delete').after( - $('', {href: '#', class: 'post-btn', title: 'Post menu'}).text('►') + $('', {href: '#', class: 'post-btn', title: 'Post menu'}).text('\u{25B6}\u{fe0e}') ); } diff --git a/js/show-backlinks.js b/js/show-backlinks.js index 5924124e..607c24ab 100644 --- a/js/show-backlinks.js +++ b/js/show-backlinks.js @@ -15,7 +15,7 @@ $(document).ready(function() { let showBackLinks = function() { - let replyId = $(this).attr('id').replace(/^reply_/, ''); + let replyId = $(this).attr('id').split('_')[1]; $(this).find('div.body a:not([rel="nofollow"])').each(function() { let id = $(this).text().match(/^>>(\d+)$/); @@ -25,13 +25,15 @@ $(document).ready(function() { return; } - let post = $('#reply_' + id); - if(post.length == 0) + let post = $('#reply_' + id + ', #op_' + id); + if (post.length == 0) { return; + } let mentioned = post.find('.head div.mentioned'); if (mentioned.length === 0) { - mentioned = $('
').prependTo(post.find('.head')); + // The op has two "head"s divs, use the second. + mentioned = $('
').prependTo(post.find('.head').last()); } if (mentioned.find('a.mentioned-' + replyId).length !== 0) { @@ -48,13 +50,13 @@ $(document).ready(function() { }); }; - $('div.post.reply').each(showBackLinks); + $('div.post').each(showBackLinks); $(document).on('new_post', function(e, post) { - if ($(post).hasClass('reply')) { + if ($(post).hasClass('reply') || $(post).hasClass('op')) { showBackLinks.call(post); } else { - $(post).find('div.post.reply').each(showBackLinks); + $(post).find('div.post').each(showBackLinks); } }); }); diff --git a/js/style-select-simple.js b/js/style-select-simple.js new file mode 100644 index 00000000..8b59fa0a --- /dev/null +++ b/js/style-select-simple.js @@ -0,0 +1,36 @@ +/* + * style-select-simple.js + * + * Changes the stylesheet chooser links to a ').css({float:"none"}); - var options = []; - - var i = 1; - stylesDiv.children().each(function() { - var name = this.innerHTML.replace(/(^\[|\]$)/g, ''); - var opt = $('') - .html(name) - .val(i); - if ($(this).hasClass('selected')) - opt.attr('selected', true); - options.push ([name.toUpperCase (), opt]); - $(this).attr('id', 'style-select-' + i); - i++; - }); + let pages = $('div.pages'); + let stylesSelect = $('').css({float:"none"}); + let options = []; - options.sort ((a, b) => { + let i = 1; + for (styleName in styles) { + if (styleName) { + let opt = $('') + .html(styleName) + .val(i); + if (selectedstyle == styleName) { + opt.attr('selected', true); + } + opt.attr('id', 'style-select-' + i); + options.push([styleName.toUpperCase (), opt]); + i++; + } + } + + options.sort((a, b) => { const keya = a [0]; const keyb = b [0]; - if (keya < keyb) { return -1; } - if (keya > keyb) { return 1; } + if (keya < keyb) { + return -1; + } + if (keya > keyb) { + return 1; + } return 0; - }).forEach (([key, opt]) => { + }).forEach(([key, opt]) => { stylesSelect.append(opt); }); - + stylesSelect.change(function() { - $('#style-select-' + $(this).val()).click(); + let sel = $(this).find(":selected")[0]; + let styleName = sel.innerHTML; + changeStyle(styleName, sel); }); - - stylesDiv.hide() + pages.after( $('
') .append(_('Select theme: '), stylesSelect) diff --git a/js/youtube.js b/js/youtube.js index 4c31ed09..08989b5c 100644 --- a/js/youtube.js +++ b/js/youtube.js @@ -1,41 +1,41 @@ /* -* youtube -* https://github.com/savetheinternet/Tinyboard/blob/master/js/youtube.js -* -* Don't load the YouTube player unless the video image is clicked. -* This increases performance issues when many videos are embedded on the same page. -* Currently only compatiable with YouTube. -* -* Proof of concept. -* -* Released under the MIT license -* Copyright (c) 2013 Michael Save -* Copyright (c) 2013-2014 Marcin Łabanowski -* -* Usage: -* $config['embedding'] = array(); -* $config['embedding'][0] = array( -* '/^https?:\/\/(\w+\.)?(?:youtube\.com\/watch\?v=|youtu\.be\/)([a-zA-Z0-9\-_]{10,11})(&.+)?$/i', -* $config['youtube_js_html']); -* $config['additional_javascript'][] = 'js/jquery.min.js'; -* $config['additional_javascript'][] = 'js/youtube.js'; -* -*/ + * Don't load the 3rd party embedded content player unless the image is clicked. + * This increases performance issues when many videos are embedded on the same page. + * + * Released under the MIT license + * Copyright (c) 2013 Michael Save + * Copyright (c) 2013-2014 Marcin Łabanowski + * Copyright (c) 2025 Zankaria Auxa + * + * Usage: + * $config['embedding'] = array(); + * $config['embedding'][0] = array( + * '/^https?:\/\/(\w+\.)?(?:youtube\.com\/watch\?v=|youtu\.be\/)([a-zA-Z0-9\-_]{10,11})(&.+)?$/i', + * $config['youtube_js_html']); + * $config['additional_javascript'][] = 'js/jquery.min.js'; + * $config['additional_javascript'][] = 'js/youtube.js'; + */ -$(document).ready(function(){ - // Adds Options panel item +$(document).ready(function() { + const ON = '[Remove]'; + const YOUTUBE = 'www.youtube-nocookie.com'; + + function makeEmbedNode(embedHost, videoId, width, height) { + return $(`