Add TINYIB_CLOUDFLARE

Resolves #188.
2021-04-13 22:54:27 -07:00 · 2021-04-13 22:54:27 -07:00 · 4ed5f2e125
commit 4ed5f2e125
parent 392609cab8
10 changed files with 31 additions and 20 deletions
--- a/imgboard.php
+++ b/imgboard.php
@ -304,7 +304,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		$post['name'] = $tinyib_anonymous[array_rand($tinyib_anonymous)];
 	}
-	$post['ip'] = $_SERVER['REMOTE_ADDR'];
+	$post['ip'] = remoteAddress();
 	if ($rawpost || !in_array('name', $hide_fields)) {
 		list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
@ -389,7 +389,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 			$expire_txt = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
 			$reason_txt = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
-			fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board.  ' . $expire_txt . $reason_txt);
+			fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board.  ' . $expire_txt . $reason_txt);
 		}
 		break;
 	}
@ -575,7 +575,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
 	}
-	$report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
+	$report = reportByIP($post['id'], remoteAddress());
 	if (!empty($report)) {
 		fancyDie(__('You have already submitted a report for that post.'));
 	}
@ -634,7 +634,7 @@ EOF;
 		}
 	}
-	$report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
+	$report = array('ip' => remoteAddress(), 'post' => $post['id']);
 	insertReport($report);
 	fancyDie(__('Post reported.'));
--- a/inc/database/flatfile.php
+++ b/inc/database/flatfile.php
@ -403,8 +403,8 @@ function trimThreads() {
 function lastPostByIP() {
 	$compClause = new OrWhereClause();
-	$compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
+	$compClause->add(new SimpleWhereClause(POST_IP, '=', remoteAddress(), STRING_COMPARISON));
-	$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
+	$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData(remoteAddress()), STRING_COMPARISON));
 	$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
 	return convertPostsToSQLStyle($rows, true);
 }
--- a/inc/database/mysql.php
+++ b/inc/database/mysql.php
@ -169,7 +169,7 @@ function threadExistsByID($id) {
 }
 function insertPost($post) {
-	mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+	mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
 	return mysql_insert_id();
 }
@ -268,7 +268,7 @@ function trimThreads() {
 }
 function lastPostByIP() {
-	$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
+	$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string(remoteAddress()) . "' OR `ip` = '" . mysql_real_escape_string(hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
 	if ($replies) {
 		while ($post = mysql_fetch_assoc($replies)) {
 			return $post;
--- a/inc/database/mysqli.php
+++ b/inc/database/mysqli.php
@ -195,7 +195,7 @@ function threadExistsByID($id) {
 function insertPost($post) {
 	global $link;
-	mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',	'" . mysqli_real_escape_string($link, $post['email']) . "',	'" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+	mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',	'" . mysqli_real_escape_string($link, $post['email']) . "',	'" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
 	return mysqli_insert_id($link);
 }
@ -307,7 +307,7 @@ function trimThreads() {
 function lastPostByIP() {
 	global $link;
-	$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
+	$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, remoteAddress()) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData(remoteAddress())) . "' ORDER BY `id` DESC LIMIT 1");
 	if ($replies) {
 		while ($post = mysqli_fetch_assoc($replies)) {
 			return $post;
--- a/inc/database/pdo.php
+++ b/inc/database/pdo.php
@ -152,7 +152,7 @@ function insertPost($post) {
 	$now = time();
 	$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email,   nameblock, subject, message, password,   file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
 		" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-	$stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
+	$stm->execute(array($post['parent'], $now, $now, hashData(remoteAddress()), $post['name'], $post['tripcode'], $post['email'],
 		$post['nameblock'], $post['subject'], $post['message'], $post['password'],
 		$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
 		$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@ -254,7 +254,7 @@ function trimThreads() {
 }
 function lastPostByIP() {
-	$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array($_SERVER['REMOTE_ADDR'], hashData($_SERVER['REMOTE_ADDR'])));
+	$result = pdoQuery("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = ? OR ip = ? ORDER BY id DESC LIMIT 1", array(remoteAddress(), hashData(remoteAddress())));
 	return $result->fetch(PDO::FETCH_ASSOC);
 }
--- a/inc/database/sqlite.php
+++ b/inc/database/sqlite.php
@ -147,7 +147,7 @@ function threadExistsByID($id) {
 }
 function insertPost($post) {
-	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "',	'" . sqlite_escape_string($post['email']) . "',	'" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "',	'" . sqlite_escape_string($post['email']) . "',	'" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
 	return sqlite_last_insert_rowid($GLOBALS["db"]);
 }
@ -236,7 +236,7 @@ function trimThreads() {
 }
 function lastPostByIP() {
-	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string(remoteAddress()) . "' OR ip = '" . sqlite_escape_string(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
 	foreach ($result as $post) {
 		return $post;
 	}
--- a/inc/database/sqlite3.php
+++ b/inc/database/sqlite3.php
@ -171,7 +171,7 @@ function threadExistsByID($id) {
 function insertPost($post) {
 	global $db;
-	$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "',	'" . $db->escapeString($post['email']) . "',	'" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+	$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData(remoteAddress()) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "',	'" . $db->escapeString($post['email']) . "',	'" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
 	return $db->lastInsertRowID();
 }
@ -273,7 +273,7 @@ function trimThreads() {
 function lastPostByIP() {
 	global $db;
-	$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
+	$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString(remoteAddress()) . "' OR ip = '" . $db->escapeString(hashData(remoteAddress())) . "' ORDER BY id DESC LIMIT 1");
 	while ($post = $result->fetchArray()) {
 		return $post;
 	}
--- a/inc/defines.php
+++ b/inc/defines.php
@ -76,6 +76,9 @@ if (!defined('TINYIB_REQMOD')) {
 if (!defined('TINYIB_AUTOREFRESH')) {
 	define('TINYIB_AUTOREFRESH', 30);
 }
 if (!defined('TINYIB_CLOUDFLARE')) {
 	define('TINYIB_CLOUDFLARE', false);
 }
 if (!defined('TINYIB_DISALLOWTHREADS')) {
 	define('TINYIB_DISALLOWTHREADS', '');
 }
--- a/inc/functions.php
+++ b/inc/functions.php
@ -259,7 +259,7 @@ function checkCAPTCHA($mode) {
 		$failed_captcha = true;
 		$recaptcha = new \ReCaptcha\ReCaptcha(TINYIB_RECAPTCHA_SECRET);
-		$resp = $recaptcha->verify($captcha, $_SERVER['REMOTE_ADDR']);
+		$resp = $recaptcha->verify($captcha, remoteAddress());
 		if ($resp->isSuccess()) {
 			$failed_captcha = false;
 		}
@ -296,12 +296,12 @@ function checkCAPTCHA($mode) {
 }
 function checkBanned() {
-	$ban = banByIP($_SERVER['REMOTE_ADDR']);
+	$ban = banByIP(remoteAddress());
 	if ($ban) {
 		if ($ban['expire'] == 0 || $ban['expire'] > time()) {
 			$expire = ($ban['expire'] > 0) ? ('<br>This ban will expire ' . strftime(TINYIB_DATEFMT, $ban['expire'])) : '<br>This ban is permanent and will not expire.';
 			$reason = ($ban['reason'] == '') ? '' : ('<br>Reason: ' . $ban['reason']);
-			fancyDie('Your IP address ' . $_SERVER['REMOTE_ADDR'] . ' has been banned from posting on this image board.  ' . $expire . $reason);
+			fancyDie('Your IP address ' . remoteAddress() . ' has been banned from posting on this image board.  ' . $expire . $reason);
 		} else {
 			clearExpiredBans();
 		}
@ -785,6 +785,13 @@ function attachFile($post, $filepath, $filename, $uploaded) {
 	return $post;
 }
 function remoteAddress() {
 	if (TINYIB_CLOUDFLARE) {
 		return $_SERVER['HTTP_CF_CONNECTING_IP'];
 	}
 	return $_SERVER['REMOTE_ADDR'];
 }
 function installedViaGit() {
 	return is_dir('.git');
 }
--- a/settings.default.php
+++ b/settings.default.php
@ -30,6 +30,7 @@ define('TINYIB_MANAGECAPTCHA', '');   // Improve security by requiring users to
 define('TINYIB_REPORT', false);       // Allow users to report posts
 define('TINYIB_REQMOD', '');          // Require moderation before displaying posts: files / all  ['' to disable]
 define('TINYIB_AUTOREFRESH', 30);     // Delay (in seconds) between attempts to refresh a thread automatically  [0 to disable]
 define('TINYIB_CLOUDFLARE', false);   // Only enable when the site is served via Cloudflare to identify IP addresses correctly
 define('TINYIB_DISALLOWTHREADS', ''); // When set, users attempting to post a new thread are shown this message instead  ['' to disable]
 define('TINYIB_DISALLOWREPLIES', ''); // When set, users attempting to post a reply are shown this message instead  ['' to disable]