diff --git a/imgboard.php b/imgboard.php
index 3cce9af..316a255 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -271,7 +271,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
checkCAPTCHA(TINYIB_CAPTCHA);
checkFlood();
}
-
+
$rawpost = isRawPost();
$rawposttext = '';
if (!$rawpost) {
@@ -304,7 +304,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
}
- $post['ip'] = $_SERVER['REMOTE_ADDR'];
+ $post['ip'] = remoteAddress();
if ($rawpost || !in_array('name', $hide_fields)) {
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
@@ -389,7 +389,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$expire_txt = ($ban['expire'] > 0) ? ('
This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '
This ban is permanent and will not expire.';
$reason_txt = ($ban['reason'] == '') ? '' : ('
Reason: ' . $ban['reason']);
- fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
+ fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire_txt . $reason_txt);
}
break;
}
@@ -575,7 +575,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
}
- $report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
+ $report = reportByIP($post['id'], remoteAddress());
if (!empty($report)) {
fancyDie(__('You have already submitted a report for that post.'));
}
@@ -634,7 +634,7 @@ EOF;
}
}
- $report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
+ $report = array('ip' => remoteAddress(), 'post' => $post['id']);
insertReport($report);
fancyDie(__('Post reported.'));
diff --git a/inc/database/flatfile.php b/inc/database/flatfile.php
index 9c45dfa..2e003ba 100644
--- a/inc/database/flatfile.php
+++ b/inc/database/flatfile.php
@@ -403,8 +403,8 @@ function trimThreads() {
function lastPostByIP() {
$compClause = new OrWhereClause();
- $compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
- $compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
+ $compClause->add(new SimpleWhereClause(POST_IP, '=', remoteAddress(), STRING_COMPARISON));
+ $compClause->add(new SimpleWhereClause(POST_IP, '=', hashData(remoteAddress()), STRING_COMPARISON));
$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
return convertPostsToSQLStyle($rows, true);
}
diff --git a/inc/database/mysql.php b/inc/database/mysql.php
index 70f5610..866c182 100644
--- a/inc/database/mysql.php
+++ b/inc/database/mysql.php
@@ -169,7 +169,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
- mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+ mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "', '" . mysql_real_escape_string($post['email']) . "', '" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysql_insert_id();
}
@@ -268,7 +268,7 @@ function trimThreads() {
}
function lastPostByIP() {
- $replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
+ $replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string(remoteAddress()) . "' OR `ip` = '" . mysql_real_escape_string(hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysql_fetch_assoc($replies)) {
return $post;
diff --git a/inc/database/mysqli.php b/inc/database/mysqli.php
index 50c9f76..567cd24 100644
--- a/inc/database/mysqli.php
+++ b/inc/database/mysqli.php
@@ -195,7 +195,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $link;
- mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+ mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
return mysqli_insert_id($link);
}
@@ -307,7 +307,7 @@ function trimThreads() {
function lastPostByIP() {
global $link;
- $replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
+ $replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, remoteAddress()) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
if ($replies) {
while ($post = mysqli_fetch_assoc($replies)) {
return $post;
diff --git a/inc/database/pdo.php b/inc/database/pdo.php
index ebf1bb6..5e1df85 100644
--- a/inc/database/pdo.php
+++ b/inc/database/pdo.php
@@ -152,7 +152,7 @@ function insertPost($post) {
$now = time();
$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
- $stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
+ $stm->execute(array($post['parent'], $now, $now, hashData(remoteAddress()), $post['name'], $post['tripcode'], $post['email'],
$post['nameblock'], $post['subject'], $post['message'], $post['password'],
$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@@ -254,7 +254,7 @@ function trimThreads() {
}
function lastPostByIP() {
- $result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array($_SERVER['REMOTE_ADDR'], hashData($_SERVER['REMOTE_ADDR'])));
+ $result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array(remoteAddress(), hashData(remoteAddress())));
return $result->fetch(PDO::FETCH_ASSOC);
}
diff --git a/inc/database/sqlite.php b/inc/database/sqlite.php
index b4aaafc..c1b8346 100644
--- a/inc/database/sqlite.php
+++ b/inc/database/sqlite.php
@@ -147,7 +147,7 @@ function threadExistsByID($id) {
}
function insertPost($post) {
- sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+ sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "', '" . sqlite_escape_string($post['email']) . "', '" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return sqlite_last_insert_rowid($GLOBALS["db"]);
}
@@ -236,7 +236,7 @@ function trimThreads() {
}
function lastPostByIP() {
- $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
+ $result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string(remoteAddress()) . "' OR ip = '" . sqlite_escape_string(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
foreach ($result as $post) {
return $post;
}
diff --git a/inc/database/sqlite3.php b/inc/database/sqlite3.php
index 00c3bc4..b0c3953 100644
--- a/inc/database/sqlite3.php
+++ b/inc/database/sqlite3.php
@@ -171,7 +171,7 @@ function threadExistsByID($id) {
function insertPost($post) {
global $db;
- $db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+ $db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "', '" . $db->escapeString($post['email']) . "', '" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
return $db->lastInsertRowID();
}
@@ -273,7 +273,7 @@ function trimThreads() {
function lastPostByIP() {
global $db;
- $result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
+ $result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString(remoteAddress()) . "' OR ip = '" . $db->escapeString(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1");
while ($post = $result->fetchArray()) {
return $post;
}
diff --git a/inc/defines.php b/inc/defines.php
index 2d640dc..c7dbd3e 100644
--- a/inc/defines.php
+++ b/inc/defines.php
@@ -76,6 +76,9 @@ if (!defined('TINYIB_REQMOD')) {
if (!defined('TINYIB_AUTOREFRESH')) {
define('TINYIB_AUTOREFRESH', 30);
}
+if (!defined('TINYIB_CLOUDFLARE')) {
+ define('TINYIB_CLOUDFLARE', false);
+}
if (!defined('TINYIB_DISALLOWTHREADS')) {
define('TINYIB_DISALLOWTHREADS', '');
}
diff --git a/inc/functions.php b/inc/functions.php
index ea6d7c6..787e196 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -259,7 +259,7 @@ function checkCAPTCHA($mode) {
$failed_captcha = true;
$recaptcha = new \ReCaptcha\ReCaptcha(TINYIB_RECAPTCHA_SECRET);
- $resp = $recaptcha->verify($captcha, $_SERVER['REMOTE_ADDR']);
+ $resp = $recaptcha->verify($captcha, remoteAddress());
if ($resp->isSuccess()) {
$failed_captcha = false;
}
@@ -296,12 +296,12 @@ function checkCAPTCHA($mode) {
}
function checkBanned() {
- $ban = banByIP($_SERVER['REMOTE_ADDR']);
+ $ban = banByIP(remoteAddress());
if ($ban) {
if ($ban['expire'] == 0 || $ban['expire'] > time()) {
$expire = ($ban['expire'] > 0) ? ('
This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '
This ban is permanent and will not expire.';
$reason = ($ban['reason'] == '') ? '' : ('
Reason: ' . $ban['reason']);
- fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board. ' . $expire . $reason);
+ fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board. ' . $expire . $reason);
} else {
clearExpiredBans();
}
@@ -785,6 +785,13 @@ function attachFile($post, $filepath, $filename, $uploaded) {
return $post;
}
+function remoteAddress() {
+ if (TINYIB_CLOUDFLARE) {
+ return $_SERVER['HTTP_CF_CONNECTING_IP'];
+ }
+ return $_SERVER['REMOTE_ADDR'];
+}
+
function installedViaGit() {
return is_dir('.git');
}
diff --git a/settings.default.php b/settings.default.php
index 04b95bb..4098ade 100644
--- a/settings.default.php
+++ b/settings.default.php
@@ -30,6 +30,7 @@ define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to
define('TINYIB_REPORT', false); // Allow users to report posts
define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable]
define('TINYIB_AUTOREFRESH', 30); // Delay (in seconds) between attempts to refresh a thread automatically [0 to disable]
+define('TINYIB_CLOUDFLARE', false); // Only enable when the site is served via Cloudflare to identify IP addresses correctly
define('TINYIB_DISALLOWTHREADS', ''); // When set, users attempting to post a new thread are shown this message instead ['' to disable]
define('TINYIB_DISALLOWREPLIES', ''); // When set, users attempting to post a reply are shown this message instead ['' to disable]