From 691bc1c3fa1a866b13c07aa74af860b7c17ae33a Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <admin@8chan.co>
Date: Sat, 25 Apr 2015 19:50:07 +0800
Subject: [PATCH] Close ctrlcctrlv/infinity#481

Also improve CAPTCHA portability into other parrts of the software by removing weird CAPTCHA-specific config file
---
 8chan-captcha/config.example.php                 | 15 ---------------
 8chan-captcha/cool-php-captcha-0.3.1/captcha.php |  2 +-
 8chan-captcha/entrypoint.php                     | 13 ++++++-------
 8chan-captcha/functions.php                      | 16 +++++++---------
 inc/config.php                                   | 12 ++++++++++--
 inc/functions.php                                |  1 +
 post.php                                         | 14 +++++++++++++-
 report.php                                       |  2 --
 templates/report.html                            |  9 +++++++--
 9 files changed, 45 insertions(+), 39 deletions(-)
 delete mode 100644 8chan-captcha/config.example.php

diff --git a/8chan-captcha/config.example.php b/8chan-captcha/config.example.php
deleted file mode 100644
index d011b3f4..00000000
--- a/8chan-captcha/config.example.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-// We are using a custom path here to connect to the database.
-// Why? Performance reasons.
-
-$pdo = new PDO("mysql:dbname=8chan;host=localhost", "user", "pass", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
-
-// Captcha expiration:
-$expires_in = 120; // 120 seconds
-
-// Captcha dimensions:
-$width = 300;
-$height = 80;
-
-// Captcha length:
-$length = 6;
diff --git a/8chan-captcha/cool-php-captcha-0.3.1/captcha.php b/8chan-captcha/cool-php-captcha-0.3.1/captcha.php
index 4f742194..f8f0ce35 100644
--- a/8chan-captcha/cool-php-captcha-0.3.1/captcha.php
+++ b/8chan-captcha/cool-php-captcha-0.3.1/captcha.php
@@ -31,7 +31,7 @@ class SimpleCaptcha {
      * directory to another location outise the web server
      *
      */
-    public $resourcesPath = 'cool-php-captcha-0.3.1/resources';
+    public $resourcesPath = '8chan-captcha/cool-php-captcha-0.3.1/resources';
 
     /** Min word length (for non-dictionary random text generation) */
     public $minWordLength = 5;
diff --git a/8chan-captcha/entrypoint.php b/8chan-captcha/entrypoint.php
index d0edd3da..213ddb6f 100644
--- a/8chan-captcha/entrypoint.php
+++ b/8chan-captcha/entrypoint.php
@@ -3,8 +3,8 @@ header('Access-Control-Allow-Origin: *');
 
 $mode = @$_GET['mode'];
 
-require_once("config.php");
-require_once("functions.php");
+chdir('..'); // for "cool PHP CAPTCHA"'s resourcesPath
+include "inc/functions.php"; // general 8chan functions
 
 switch ($mode) {
 // Request: GET entrypoint.php?mode=get&extra=1234567890
@@ -26,7 +26,7 @@ case "get":
 	  echo "<html><body>You do not have JavaScript enabled. To fill out the CAPTCHA, please copy the ID to the post form in the ID field, and write the answer in the answer field.<br><br>CAPTCHA ID: $cookie<br>CAPTCHA image: $html</body></html>";
   } else {
 	  header("Content-type: application/json");
-	  echo json_encode(["cookie" => $cookie, "captchahtml" => $html, "expires_in" => $expires_in]);
+	  echo json_encode(["cookie" => $cookie, "captchahtml" => $html, "expires_in" => $config['captcha']['expires_in']]);
   }
   
   break;
@@ -41,18 +41,17 @@ case "check":
     die();
   }
 
-  cleanup($pdo, $expires_in);
+  cleanup();
 
-  $query = $pdo->prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+  $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
   $query->execute([$_GET['cookie'], $_GET['extra']]);
-
   $ary = $query->fetchAll();
 
   if (!$ary) {
     echo "0";
   }
   else {
-    $query = $pdo->prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+    $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
     $query->execute([$_GET['cookie'], $_GET['extra']]);
 
     if ($ary[0]['text'] !== $_GET['text']) {
diff --git a/8chan-captcha/functions.php b/8chan-captcha/functions.php
index 4a8248d1..d935f5fe 100644
--- a/8chan-captcha/functions.php
+++ b/8chan-captcha/functions.php
@@ -1,12 +1,9 @@
 <?php
-if (strpos(getcwd(), '8chan-captcha') === false) chdir('8chan-captcha');
-require_once("config.php");
-require_once("cool-php-captcha-0.3.1/captcha.php");
-
+require_once 'cool-php-captcha-0.3.1/captcha.php';
 function generate_captcha($extra = '1234567890') {
-  global $length, $pdo;
+  global $config;
 
-  $text = rand_string($length, $extra);
+  $text = rand_string($config['captcha']['length'], $extra);
 
   $captcha = new SimpleCaptcha();
 
@@ -18,7 +15,7 @@ function generate_captcha($extra = '1234567890') {
   ob_end_clean();
   $html = '<image src="data:image/png;base64,'.base64_encode($image).'">';
 
-  $query = $pdo->prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
+  $query = prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
   $query->execute(                               [$cookie,  $extra,  $text,  time()]);
 
   return array("cookie" => $cookie, "html" => $html);
@@ -32,7 +29,8 @@ function rand_string($length, $charset) {
   return $ret;
 }
 
-function cleanup ($pdo, $expires_in) {
-  $pdo->prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
+function cleanup () {
+  global $config;
+  prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $config['captcha']['expires_in']]);
 }
 
diff --git a/inc/config.php b/inc/config.php
index 5a046d91..8536ab44 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -308,14 +308,22 @@
 	// Enable custom captcha provider
 	$config['captcha']['enabled'] = false;
 
+	// Custom CAPTCHA provider general settings
+
+	// Captcha expiration:
+	$config['captcha']['expires_in'] = 120; // 120 seconds
+
+	// Captcha length:
+	$config['captcha']['length'] = 6;
+
 	/* 
 	 * Custom captcha provider path (You will need to change these depending on your configuration! It cannot be
 	 * automatically determined because provider_check requires curl which needs to know the domain of your site.)
 	 * 
 	 * Specify yourimageboard.com/$config['root']/8chan-captcha/entrypoint.php for the default provider or write your own
 	 */
-	$config['captcha']['provider_get']   = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
-	$config['captcha']['provider_check'] = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
+	$config['captcha']['provider_get']   = 'http://localhost/8chan-captcha/entrypoint.php';
+	$config['captcha']['provider_check'] = 'http://localhost/8chan-captcha/entrypoint.php';
 
 	// Custom captcha extra field (eg. charset)
 	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
diff --git a/inc/functions.php b/inc/functions.php
index adf6cdb0..045cf81b 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -24,6 +24,7 @@ if (!extension_loaded('gettext')) {
 }
 require_once 'inc/lib/parsedown/Parsedown.php'; // todo: option for parsedown instead of Tinyboard/STI markup
 require_once 'inc/mod/auth.php';
+require_once '8chan-captcha/functions.php';
 
 // the user is not currently logged in as a moderator
 $mod = false;
diff --git a/post.php b/post.php
index 8860edc8..21e7f9fe 100644
--- a/post.php
+++ b/post.php
@@ -148,10 +148,22 @@ if (isset($_POST['delete'])) {
 		]));
 
 		if ($resp !== '1') {
-                        error($config['error']['captcha']);
+			$error = $config['error']['captcha'];
 		}
 	}
 	
+	if (isset($error)) {
+		if ($config['report_captcha']) {
+			$captcha = generate_captcha($config['captcha']['extra']);
+		} else {
+			$captcha = null;
+		}
+
+		$body = Element('report.html', array('board' => $board, 'config' => $config, 'error' => $error, 'reason_prefill' => $_POST['reason'], 'post' => 'delete_'.$report[0], 'captcha' => $captcha));
+		echo Element('page.html', ['config' => $config, 'body' => $body]);
+		die();
+	}
+	
 	$reason = escape_markup_modifiers($_POST['reason']);
 	markup($reason);
 	
diff --git a/report.php b/report.php
index 405626f7..e09b1075 100644
--- a/report.php
+++ b/report.php
@@ -10,8 +10,6 @@ if (!$post || !preg_match('/^delete_\d+$/', $post) || !$board || !openBoard($boa
 }
 
 if ($config['report_captcha']) {
-	include '8chan-captcha/functions.php';
-
 	$captcha = generate_captcha($config['captcha']['extra']);
 } else {
 	$captcha = null;
diff --git a/templates/report.html b/templates/report.html
index 291f9313..b34f7430 100644
--- a/templates/report.html
+++ b/templates/report.html
@@ -1,4 +1,9 @@
 <form action="{{ config.post_url }}" method="post" id="report_form">
+	{% if error %}
+		<div class="error">
+			<strong>{{ error|e }}</strong>
+		</div>
+	{% endif %}
 	<input type="hidden" name="board" value="{{ board.uri }}">
 	<input type="hidden" name="{{ post|e }}" value="1">
 	{% if global %}
@@ -6,11 +11,11 @@
 		<div><h1>Attention!</h1><p>This form is only for reporting <strong>child pornography</strong>, <strong>bot spam</strong> and <strong>credit card numbers, social security numbers or banking information</strong>. DMCA requests and all other deletion requests <em>MUST</em> be sent via email to admin@8chan.co.</p><p>8chan is unmoderated and allows posts without collecting <em>ANY</em> information from the poster less the details of their post. Furthermore, all boards on 8chan are user created and not actively monitored by anyone but the board creator.</p><p>8chan has a small volunteer staff to handle this queue, please do not waste their time by filling it with nonsense! <em>If you made a report with this tool and the post was not deleted, <strong>do not make the report again!</strong> Email admin@8chan.co instead.</em> Abuse of the global report system could lead to address blocks against your IP from 8chan.</p><p>Again, 8chan's global volunteers <em>do not</em> handle board specific issues. You most likely want to click "Report" instead to reach the creator and volunteers he assigned to this board.</p>
 	{% endif %}
 	<p>{% trans %}Enter reason below...{% endtrans %}</p>
-	<input type="text" id="reason" name="reason">
+	<input type="text" id="reason" name="reason" value="{{ reason_prefill|e|addslashes }}">
 	{% if config.report_captcha %}
 		<p>{% trans %}To submit your report, please fill out the CAPTCHA below.{% endtrans %}</p>
 		{{ captcha['html'] }}<br/>
-		<input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text">
+		<input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text" value="">
 		<input class="captcha_cookie" name="captcha_cookie" type="hidden" autocomplete="off" value="{{ captcha['cookie']|e }}"><br/>
 	{% endif %}
 	<input name="report" value="{% trans %}Submit{% endtrans %}" type="submit">