if(!function_exists('mysqli_connect')){die(L_SQL_FUNCTION);}//-- MySQLI not installed Notice
if(file_exists("updatedb.php")){die(L_UDB_EXISTS);}//-- Ninechan updater still present Notice
//// Checking SQL connection ////
$sqldb=newmysqli($sql['host'],$sql['user'],$sql['pass'],$sql['data']);//-- Connect to the SQL server
if($sqldb->connect_errno){die(L_SQL_CONNECT);}//-- die on connection error
//// Initialize SQL database ////
$dbinit=$sqldb->query("CREATE TABLE IF NOT EXISTS `".$sql['table']."` (`id` int(11) NOT NULL AUTO_INCREMENT,`title` text NOT NULL,`name` text NOT NULL,`trip` text NOT NULL,`email` text NOT NULL,`date` text NOT NULL,`content` text NOT NULL,`password` text NOT NULL,`ip` text NOT NULL,`op` int(11) NOT NULL,`tid` int(11) NOT NULL,`locked` int(11) NOT NULL,`ban` int(11) NOT NULL,`del` int(11) NOT NULL,PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;");//-- Create database table when it doesn't exist
if($ninechan['closed']){die(L_BOARD_CLOSED."<br /><i>".L_REASON.": ".$ninechan['closedreason']."</i>");}//-- die if board is set as closed in the config file
$bancheck=$sqldb->query("SELECT * FROM ".$sql['table']." WHERE ip='".base64_encode($_SERVER['REMOTE_ADDR'])."'");//-- Check if poster IP is banned
if(!is_numeric($_GET['t'])){//-- Return to index if ?t= value is not numeric
header('Location: ./');
}
$threads=$sqldb->query("SELECT * FROM ".$sql['table']." WHERE tid='".$sqldb->real_escape_string(preg_replace('/\D/','',$_GET['t']))."' ORDER BY id");//-- Get posts with same thread ID from the database
if(!$threads->num_rows){//-- Display message if thread doesn't exist
print(L_NONEXISTENT);
}else{
$tid=null;$lock=null;$del=null;$name=null;$trip=null;//-- Define variables so PHP is happy
while($row=$threads->fetch_array(MYSQLI_ASSOC)){
$tid=$row['tid'];//-- Assign thread ID
if($row['op']){//-- Check if post is OP
$lock=$row['locked'];//-- Check if thread is locked
if(in_array($row['trip'],$ninechan['admintrip'])){//-- Check if tripcode is Admin
print(' <span class="admincap">## Admin</span>');
}elseif(in_array($row['trip'],$ninechan['modtrip'])){//-- Check if tripcode is Mod
print(' <span class="modcap">## Mod</span>');
}
print("</b></legend>");
print(parseBBcode($row['content'])."<br /><br />");//-- Parse BBcodes and Quotation arrows on post content
if($row['ban']){//-- Check if user was banned for this post
print("<b><font size=2 class=ban>".$ninechan['bantext']."</font></b><br />");//-- USER WAS BANNED FOR THIS POST
if($auth==$ninechan['modpass']){
print("<font size=2>[<a href=?v=mod&del=true&id=".$row['id']."&t=".$row['tid'].">".L_DELETE."</a>] [<a href=?v=mod&ban=false&id=".$row['id']."&t=".$row['tid'].">".L_UNBAN."</a>] [IP: ".base64_decode($row['ip'])."]</font><br />");//-- Show unban button in moderator tools
$lock=null;$title=null;//-- Define variables so PHP is happy
if(isset($_GET['t'])){//-- Check if ?t= is set, if yes go into reply mode
if(!is_numeric($_GET['t'])){
header('Location: ./');//-- Redirect to index if ?t= isn't numeric
}
$threads=$sqldb->query("SELECT * FROM ".$sql['table']." WHERE tid='".$sqldb->real_escape_string(preg_replace('/\D/','',$_GET['t']))."' and op='1' ORDER BY id");//-- Get data from database
if(!$threads->num_rows){//-- If thread doesn't exist just go straight back to the index
header('Location: ./');
}
while($row=$threads->fetch_array(MYSQLI_ASSOC)){//-- Check if thread isn't locked
if(isset($_GET['t'])){
$lock=$row['locked'];
}
if($lock){//-- Display message if thread is locked
$recaptcha=recaptcha_check_answer($ninechan['recaptchaprivate'],$_SERVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);//-- Check CAPTCHA data
if(!$recaptcha->is_valid){//-- If CAPTCHA is invalid die and display error message
if(!empty($_POST['title'])&&strlen($_POST['title'])<=$ninechan['titlemaxlength']){//-- Check if title isn't longer than allowed and isn't empty
$title=removeSpecialChars($_POST['title']);//-- Removed "exploitable" characters from the title
}else{
die('<h2>'.L_INVALIDTITLE.'</h2><meta http-equiv="refresh" content="2; URL='.$_SERVER['PHP_SELF'].'" />');//-- If conditions aren't met display an error message and die
}
if(isset($_POST['name'])&&!empty($_POST['name'])){//-- Check if name is set otherwise leave variables null
$name=removeSpecialChars($_POST['name']);
setcookie($ninechan['cookieprefix']."name",$name,time()+604800,"/",$_SERVER['SERVER_NAME']);//-- Assign it to a cookie
if(strstr($name,"#")){//-- Check if # is set in name indicating a tripcode
$name=(strstr($name,"#",true));
$trip=parseTrip($_POST['name']);
}else{//-- if not just null it
$trip=null;
}
}else{
$name=null;
$trip=null;
}
if(isset($_POST['email'])){//-- Check if email isset
$email=removeSpecialChars($_POST['email']);
setcookie($ninechan['cookieprefix']."email",$email,time()+604800,"/",$_SERVER['SERVER_NAME']);//-- Assign it to a cookie
if($email=="noko"){//-- Check for noko and set email to null
$noredir=true;
$email=null;
}
}
$date=time();//-- Assigning time(), nothing special here
if(!empty($_POST['content'])&&strlen($_POST['content'])<=$ninechan['commentmaxlength']){//-- Check if comment is set and isn't too long
if(isset($_POST['password'])){//-- Check if password is set
$password=md5($_POST['password']);//-- Hash it
setcookie($ninechan['cookieprefix']."pass",$_POST['password'],time()+604800,"/",$_SERVER['SERVER_NAME']);//-- Assign it to a cookie
}else{//-- If not generate a random password
$genpass=generatePassword();
$password=md5($genpass);//-- Hash is
setcookie($ninechan['cookieprefix']."pass",$genpass,time()+604800,"/",$_SERVER['SERVER_NAME']);//-- Assign it
}
$ip=base64_encode($_SERVER['REMOTE_ADDR']);//-- Base64 encode ip address
if(!isset($_POST['tid'])){//-- Check if Thread ID is not set
$op=1;//-- Set post to OP
$tidget=$sqldb->query("SELECT MAX(tid) AS tid FROM ".$sql['table']." LIMIT 1");//-- Get latest thread ID from database
$tid=++$tidget->fetch_array(MYSQLI_ASSOC)['tid'];//-- Add one to it
}else{
$op=0;//-- Set post to regular post
$tid=removeSpecialChars($_POST['tid']);//-- Get tid from post
}
$sqldb->query("INSERT INTO `".$sql['data']."`.`".$sql['table']."` (`title`,`name`,`trip`,`email`,`date`,`content`,`password`,`ip`,`op`,`tid`) VALUES ('$title','$name','$trip','$email','$date','$content','$password','$ip','$op','$tid')");//-- Store it in the database
setcookie($ninechan['cookieprefix']."cooldown",time(),time()+604800,"/",$_SERVER['SERVER_NAME']);//-- Set time of last post
print('<h1>'.L_POSTED.'</h1>');//-- Display Posted message when message is posted
if(@$noredir){//-- If noko is set as email redirect to index after making the post
if(@isset($_POST['id'])){//-- Check if id post variable is set
$threads=$sqldb->query("SELECT * FROM ".$sql['table']." WHERE id='".$sqldb->real_escape_string(preg_replace('/\D/','',$_POST['id']))."' ORDER BY id LIMIT 1");//-- Get data from database
if(!$threads->num_rows){//-- If thread doesn't exist just go straight back to the index
header('Location: ./');//-- Redirect to index if ?id= isn't numeric
}
$threads=$sqldb->query("SELECT * FROM ".$sql['table']." WHERE id='".$sqldb->real_escape_string(preg_replace('/\D/','',$_GET['id']))."' ORDER BY id");//-- Get data from database
if(!$threads->num_rows){//-- If thread doesn't exist just go straight back to the index
header('Location: ./');
}
while($row=$threads->fetch_array(MYSQLI_ASSOC)){//-- Check if thread isn't locked
if(isset($_GET['id'])){
$lock=$row['locked'];
}
if($lock){//-- Display message if thread is locked
if($auth==$ninechan['modpass']){//-- Check if authenticated as a moderator
if(isset($_POST['modkill'])){//-- Kill moderator session if request is given
session_destroy();
header('Location: ?v=mod');
}
print('<h2>'.L_MODLOGOUT.'</h2><form method="post" action="'.$_SERVER['PHP_SELF'].'?v=mod">'.L_MODTOOLS.'<br /><input type="submit" value="'.L_LOGOUT.'" name="modkill" /></form>');//-- Display logout form when logged in
if((isset($_GET['ban']))&&(isset($_GET['id']))&&(isset($_GET['t']))){//-- Ban handler