From 69e749b57aa49c26a26aab962ab6d3f5c46e51b0 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 06:11:36 -0300 Subject: [PATCH 1/9] Added global column to 'reports' table --- install.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sql b/install.sql index 38c3c804..b8d95444 100644 --- a/install.sql +++ b/install.sql @@ -225,6 +225,7 @@ CREATE TABLE IF NOT EXISTS `reports` ( `board` varchar(58) CHARACTER SET utf8 DEFAULT NULL, `post` int(11) NOT NULL, `reason` text NOT NULL, + `global` tinyint(1) NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ; From 667606cdb422d2ca2ddbdf638ea49de11614be73 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 06:15:25 -0300 Subject: [PATCH 2/9] Closed off php tag in random.php --- random.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/random.php b/random.php index 050b6c82..fdd1e349 100644 --- a/random.php +++ b/random.php @@ -6,3 +6,5 @@ $boards = listBoards(); $board = array_rand($boards); header('Location: /'.$boards[$board]["uri"]); + +?> \ No newline at end of file From 9c0436269f97244a8d3c31b22c4d27d4774927b8 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 06:58:44 -0300 Subject: [PATCH 3/9] disable ayah 'game' on create.php by default added option to turn it on in /inc/config.php with explaination on where to put private keys at --- create.php | 15 ++++++++++++--- inc/config.php | 15 +++++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/create.php b/create.php index f01a97cb..e0939549 100644 --- a/create.php +++ b/create.php @@ -6,10 +6,14 @@ include "inc/mod/auth.php"; checkBan('*'); $bannedWords = array('/^cake$/', '8ch', '/^cp$/', 'child', '/^inc$/', '/^static$/', '/^templates$/', '/^js$/', '/^stylesheets$/', '/^tools$/'); -$ayah = new AYAH(); +$ayah = (($config['playagame']) ? new AYAH() : false); if (!isset($_POST['uri'], $_POST['title'], $_POST['subtitle'], $_POST['username'], $_POST['password'])) { -$publisher_html = $ayah->getPublisherHTML(); +if (!$ayah){ + $game_html = ''; +} else { + $game_html = 'Game' . $ayah->getPublisherHTML() . ''; +} $password = base64_encode(openssl_random_pseudo_bytes(9)); $body = <<Subtitle (must be < 200 chars) Username (must contain only alphanumeric, periods and underscores) Password (write this down) -Game{$publisher_html} +{$game_html}
@@ -38,7 +42,11 @@ $title = $_POST['title']; $subtitle = $_POST['subtitle']; $username = $_POST['username']; $password = $_POST['password']; +if (!$ayah){ +$score = true; +} else { $score = $ayah->scoreResult(); +} if (!preg_match('/^[a-z0-9]{1,10}$/', $uri)) error('Invalid URI'); @@ -118,3 +126,4 @@ EOT; echo Element("page.html", array("config" => $config, "body" => $body, "title" => "Success", "subtitle" => "This was a triumph")); } +?> \ No newline at end of file diff --git a/inc/config.php b/inc/config.php index e88f4935..11770e57 100644 --- a/inc/config.php +++ b/inc/config.php @@ -277,6 +277,21 @@ 'no_country' ); + + + /*uses are you a human to stop automated requests to make boards disabled by default + if you wish to use 'are you a human' to block automated board creation requests + + to use AYAH you must enter your 'AYAH_PUBLISHER_KEY' and your 'AYAH_SCORING_KEY' in + the configuration file for AYAH. The config file for AYAH + is located in the following directory:'/inc/lib/ayah/ayah_config.php' + + */ + $config['playagame'] = false; + + + + // Enable reCaptcha to make spam even harder. Rarely necessary. $config['recaptcha'] = false; From ff68278111e710bb60089616695267f6073dcd99 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 07:08:55 -0300 Subject: [PATCH 4/9] renamed playgame config field to ayah_enabled --- create.php | 4 ++-- inc/config.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/create.php b/create.php index e0939549..447a33c9 100644 --- a/create.php +++ b/create.php @@ -6,7 +6,7 @@ include "inc/mod/auth.php"; checkBan('*'); $bannedWords = array('/^cake$/', '8ch', '/^cp$/', 'child', '/^inc$/', '/^static$/', '/^templates$/', '/^js$/', '/^stylesheets$/', '/^tools$/'); -$ayah = (($config['playagame']) ? new AYAH() : false); +$ayah = (($config['ayah_enabled']) ? new AYAH() : false); if (!isset($_POST['uri'], $_POST['title'], $_POST['subtitle'], $_POST['username'], $_POST['password'])) { if (!$ayah){ @@ -120,7 +120,7 @@ $body = <<Make sure you don't forget your password, {$_POST['password']}!

-

You can manage your site at http://8chan.co/mod.php?/.

+

You can manage your board at http://8chan.co/mod.php?/.

EOT; diff --git a/inc/config.php b/inc/config.php index 11770e57..45394710 100644 --- a/inc/config.php +++ b/inc/config.php @@ -287,7 +287,7 @@ is located in the following directory:'/inc/lib/ayah/ayah_config.php' */ - $config['playagame'] = false; + $config['ayah_enabled'] = false; From c8315cf8f66dbf20096407944c24171b783b02db Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 07:23:10 -0300 Subject: [PATCH 5/9] Changed the way create.php checks for existing usernames to be less intensive on the database --- create.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/create.php b/create.php index 447a33c9..12914ee1 100644 --- a/create.php +++ b/create.php @@ -72,12 +72,13 @@ foreach ($bannedWords as $i => $w) { error("Cannot create board matching banned pattern $w"); } } -$query = prepare('SELECT * FROM ``mods``'); +$query = prepare('SELECT ``username`` FROM ``mods`` WHERE ``username`` = :username'); +$query->bindValue(':username', $username); $query->execute() or error(db_error($query)); $users = $query->fetchAll(PDO::FETCH_ASSOC); -foreach ($users as $i => $user) { - if ($user['username'] == $username) - error('Username taken!'); + +if (sizeof($users) > 0){ +error('The username you\'ve tried to enter already exists!'); } $salt = generate_salt(); From b24ec23cbb025e173a78fbe31a4bcd2d75332255 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 07:57:51 -0300 Subject: [PATCH 6/9] inc/mod/pages.php only show your board in boardlist if you are ranked below admin --- inc/mod/pages.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index f7ccf1a6..eadbfc3b 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1799,12 +1799,25 @@ function mod_user($uid) { $log = array(); } + if ($mod['type'] >= ADMIN){ + $boards = listBoards(); + } else { + $boards2 = explode(',', $user['boards']); + + foreach($boards2 as $string){ + + $boards[] = array("uri"=>$string, "title"=>"MY BOARD"); + + } + + var_dump($boards); + } $user['boards'] = explode(',', $user['boards']); mod_page(_('Edit user'), 'mod/user.html', array( 'user' => $user, 'logs' => $log, - 'boards' => listBoards(), + 'boards' => $boards, 'token' => make_secure_link_token('users/' . $user['id']) )); } From 03b142b8476d09c00baa22424282e19e31cffab1 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 08:06:16 -0300 Subject: [PATCH 7/9] removed var_dump --- inc/mod/pages.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index eadbfc3b..ae841c7c 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1810,7 +1810,7 @@ function mod_user($uid) { } - var_dump($boards); + } $user['boards'] = explode(',', $user['boards']); From 37ac3fbe9e79791cb962080cbe374e95e26a385a Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 08:18:27 -0300 Subject: [PATCH 8/9] Added recaptcha support to create.php --- create.php | 32 ++++++++++++++++++++++++++++++++ inc/config.php | 2 ++ 2 files changed, 34 insertions(+) diff --git a/create.php b/create.php index 12914ee1..1dddb28a 100644 --- a/create.php +++ b/create.php @@ -3,6 +3,14 @@ include "inc/functions.php"; include "inc/lib/ayah/ayah.php"; include "inc/mod/auth.php"; + +//don't load recaptcha LIB unless its enabled! +if ($config['cbRecaptcha']){ +$cbRecaptcha = true; +include "inc/lib/recaptcha/recaptchalib.php"; +} + + checkBan('*'); $bannedWords = array('/^cake$/', '8ch', '/^cp$/', 'child', '/^inc$/', '/^static$/', '/^templates$/', '/^js$/', '/^stylesheets$/', '/^tools$/'); @@ -14,6 +22,14 @@ if (!$ayah){ } else { $game_html = 'Game' . $ayah->getPublisherHTML() . ''; } + +if (!$cbRecaptcha){ + $recapcha_html = ''; +} else { + $recapcha_html = 'reCaptcha' . recaptcha_get_html($config['recaptcha_public']) . ''; +} + + $password = base64_encode(openssl_random_pseudo_bytes(9)); $body = <<Username (must contain only alphanumeric, periods and underscores) Password (write this down) {$game_html} +{$recapcha_html}
@@ -42,6 +59,18 @@ $title = $_POST['title']; $subtitle = $_POST['subtitle']; $username = $_POST['username']; $password = $_POST['password']; + + $resp = ($cbRecaptcha) ? recaptcha_check_answer ($config['recaptcha_private'], + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]):false; + +if ($resp != false){ +$passedCaptcha = $resp->is_valid; +} else { +$passedCaptcha = true; +} + if (!$ayah){ $score = true; } else { @@ -58,6 +87,9 @@ if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username)) error('Invalid username'); if (!$score) error('You failed the game'); +if (!$passedCaptcha) + error('You failed to enter the reCaptcha correctly'); + foreach (listBoards() as $i => $board) { if ($board['uri'] == $uri) error('Board already exists!'); diff --git a/inc/config.php b/inc/config.php index 45394710..da51613f 100644 --- a/inc/config.php +++ b/inc/config.php @@ -294,6 +294,8 @@ // Enable reCaptcha to make spam even harder. Rarely necessary. $config['recaptcha'] = false; + // Enable reCaptcha on create.php to prevent automated requests. + $config['cbRecaptcha'] = false; // Public and private key pair from https://www.google.com/recaptcha/admin/create $config['recaptcha_public'] = '6LcXTcUSAAAAAKBxyFWIt2SO8jwx4W7wcSMRoN3f'; From 635364138fca619a97e93de32056b50a5214cb86 Mon Sep 17 00:00:00 2001 From: undido Date: Thu, 25 Sep 2014 08:38:44 -0300 Subject: [PATCH 9/9] forgot to define variable whoops --- create.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/create.php b/create.php index 1dddb28a..4319ea70 100644 --- a/create.php +++ b/create.php @@ -3,7 +3,7 @@ include "inc/functions.php"; include "inc/lib/ayah/ayah.php"; include "inc/mod/auth.php"; - +$cbRecaptcha = false; //don't load recaptcha LIB unless its enabled! if ($config['cbRecaptcha']){ $cbRecaptcha = true; @@ -76,7 +76,10 @@ $score = true; } else { $score = $ayah->scoreResult(); } - +if (!$score) + error('You failed the game'); +if (!$passedCaptcha) + error('You failed to enter the reCaptcha correctly'); if (!preg_match('/^[a-z0-9]{1,10}$/', $uri)) error('Invalid URI'); if (!(strlen($title) < 40)) @@ -85,10 +88,6 @@ if (!(strlen($subtitle) < 200)) error('Invalid subtitle'); if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username)) error('Invalid username'); -if (!$score) - error('You failed the game'); -if (!$passedCaptcha) - error('You failed to enter the reCaptcha correctly'); foreach (listBoards() as $i => $board) { if ($board['uri'] == $uri)