2014-01-25 22:12:05 +01:00
< ? php
2014-02-10 19:16:56 +01:00
//// Including the configuration file ////
2014-01-26 14:55:23 +01:00
require ( 'config.php' );
2014-02-10 21:12:34 +01:00
include ( 'lang/' . $ninechan [ 'lang' ] . '.php' );
2014-02-10 19:16:56 +01:00
//// Checking requirements ////
2014-02-10 21:12:34 +01:00
if ( substr ( phpversion (), 0 , 3 ) < 5.2 ){ die ( L_PHP_OUTDATED );}
if ( ! function_exists ( 'mysql_connect' )){ die ( L_SQL_FUNCTION );}
2014-02-10 19:16:56 +01:00
//// Connecting to the MySQL server ////
2014-01-25 22:12:05 +01:00
$connection = mysql_connect ( $mysql [ 'host' ], $mysql [ 'user' ], $mysql [ 'pass' ]);
2014-02-10 21:12:34 +01:00
if ( ! ( $connection )){ die ( L_SQL_CONNECT );}
2014-01-25 22:12:05 +01:00
$databasetest = mysql_select_db ( $mysql [ 'data' ]);
2014-02-10 21:12:34 +01:00
if ( ! ( $databasetest )){ die ( L_SQL_DATABASE );}
2014-02-10 19:16:56 +01:00
//// Creating the MySQL table if it does not exist ////
2014-03-12 00:00:47 +01:00
$dbinit = mysql_query ( " CREATE TABLE IF NOT EXISTS ` " . $mysql [ 'table' ] . " ` (`id` int(11) NOT NULL AUTO_INCREMENT,`title` text NOT NULL,`name` text NOT NULL,`email` text NOT NULL,`date` text NOT NULL,`content` text NOT NULL,`ip` text NOT NULL,`op` int(11) NOT NULL,`tid` int(11) NOT NULL,`lock` int(11) NOT NULL,`ban` int(11) NOT NULL,PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=latin1; " );
2014-02-10 19:16:56 +01:00
//// Functions ////
// Stripping HTML entities etc. from posts //
2014-03-12 00:00:47 +01:00
function removeSpecialChars ( $input ){
2014-02-10 19:16:56 +01:00
$output = htmlentities ( $input , ENT_QUOTES | ENT_IGNORE , " UTF-8 " );
$output = stripslashes ( $output );
return $output ;
}
// Parsing tripcodes //
2014-01-30 01:35:33 +01:00
function parseTrip ( $name ){
if ( ereg ( " (#|!)(.*) " , $name , $matches )){
$cap = $matches [ 2 ];
$cap = strtr ( $cap , " & " , " & " );
$cap = strtr ( $cap , " , " , " , " );
$salt = substr ( $cap . " H. " , 1 , 2 );
$salt = preg_replace ( " [^ \ .-z] " , " . " , $salt );
2014-02-10 19:16:56 +01:00
$salt = strtr ( $salt , " :;<=>?@[ \\ ]^_` " , " ABCDEFGabcdef " );
2014-01-30 01:35:33 +01:00
return substr ( crypt ( $cap , $salt ), - 10 ) . " " ;
}
}
2014-02-10 19:16:56 +01:00
// Parsing BBS codes //
function parseBBcode ( $content ){
2014-03-12 00:02:56 +01:00
$bbcodecatch = array ( '/\[b\](.*?)\[\/b\]/is' , '/\[i\](.*?)\[\/i\]/is' , '/\[u\](.*?)\[\/u\]/is' , '/\[url\=(.*?)\](.*?)\[\/url\]/is' , '/\[url\](.*?)\[\/url\]/is' , '/\[spoiler\](.*?)\[\/spoiler\]/is' , '/>>(.*[0-9])/i' , '/^>(.*?)$/im' );
$bbcodereplace = array ( '<b>$1</b>' , '<i>$1</i>' , '<u>$1</u>' , '<a href="$1" rel="nofollow" title="$2 - $1">$2</a>' , '<a href="$1" rel="nofollow" title="$1">$1</a>' , '<span class="spoiler">$1</span>' , '<a class="lquote" href="#$1">>>$1</a>' , '<span class="quote">>$1</span>' );
2014-02-10 19:16:56 +01:00
$content = preg_replace ( $bbcodecatch , $bbcodereplace , $content );
2014-03-12 00:00:47 +01:00
return nl2br ( $content );
2014-02-10 19:16:56 +01:00
}
// Banning a post //
function banPost ( $id , $ban ){
global $mysql ;
if ( $ban ){
mysql_query ( " UPDATE ` " . $mysql [ 'table' ] . " ` SET `ban`=1 WHERE `id`= " . $id );
} else {
mysql_query ( " UPDATE ` " . $mysql [ 'table' ] . " ` SET `ban`=0 WHERE `id`= " . $id );
}
}
// Removing a post //
function delPost ( $id ){
global $mysql ;
mysql_query ( " DELETE FROM ` " . $mysql [ 'table' ] . " ` WHERE `id`= " . $id );
}
// Removing every post in the thread (including OP) //
function pruneThread ( $id ){
global $mysql ;
mysql_query ( " DELETE FROM ` " . $mysql [ 'table' ] . " ` WHERE `tid`= " . $id );
}
// Locking a thread //
function lockThread ( $id , $lock ){
global $mysql ;
if ( $lock ){
mysql_query ( " UPDATE ` " . $mysql [ 'table' ] . " ` SET `lock`=1 WHERE `tid`= " . $id );
} else {
mysql_query ( " UPDATE ` " . $mysql [ 'table' ] . " ` SET `lock`=0 WHERE `tid`= " . $id );
}
}
//// Starting Session ////
session_start ();
$auth =@ $_SESSION [ 'mod' ];
2014-01-25 22:12:05 +01:00
?>
< html >
< head >
2014-01-26 14:55:23 +01:00
< title >< ? = $ninechan [ 'title' ]; ?> </title>
2014-02-10 21:12:34 +01:00
< ? php
if ( $ninechan [ 'descenable' ]){ print ( " <meta name= \" description \" content= \" " . $ninechan [ 'desc' ] . " \" /> " );}
if ( $ninechan [ 'styleenable' ]){ print ( " <link rel= \" stylesheet \" type= \" text/css \" href= \" " . $ninechan [ 'style' ] . " \" /> " );} ?>
2014-01-25 22:12:05 +01:00
</ head >
< body >
2014-02-10 21:12:34 +01:00
< h1 >< a href = " ./ " >< ? = $ninechan [ 'title' ]; ?> </a></h1><?php if($ninechan['descenable']){print(" <i>".$ninechan['desc']."</i>");} ?><hr />
2014-01-25 22:12:05 +01:00
< ? php
2014-02-10 21:12:34 +01:00
if ( $ninechan [ 'closed' ]){ die ( L_BOARD_CLOSED . " <br /><i> " . L_REASON . " : " . $ninechan [ 'closedreason' ] . " </i> " );}
2014-02-10 19:16:56 +01:00
$bancheck = mysql_query ( " SELECT * FROM " . $mysql [ 'table' ] . " WHERE ip=' " . base64_encode ( $_SERVER [ 'REMOTE_ADDR' ]) . " ' " );
2014-02-10 21:12:34 +01:00
while ( $row = mysql_fetch_array ( $bancheck )){ if ( $row [ 'ban' ]){ die ( L_BANNED );}}
2014-01-25 22:12:05 +01:00
if ( $_GET [ 'v' ] == " index " ) {
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_THREADS . " </h2><h3><a href=?v=post> " . L_NEWTHREAD . " </a></h3><ol> " );
2014-02-10 19:16:56 +01:00
if ( $ninechan [ 'sage' ]){ $threads = mysql_query ( " SELECT * FROM " . $mysql [ 'table' ] . " WHERE op='1' ORDER BY id DESC LIMIT " . $ninechan [ 'sagelimit' ]);} else { $threads = mysql_query ( " SELECT * FROM " . $mysql [ 'table' ] . " WHERE op='1' ORDER BY id DESC " );}
2014-01-25 22:12:05 +01:00
$num_rows = mysql_num_rows ( $threads );
2014-02-10 21:12:34 +01:00
if ( ! $num_rows ){ print ( L_EMPTY );}
2014-01-25 22:12:05 +01:00
while ( $row = mysql_fetch_array ( $threads )) {
print ( " <li><a href= \" ?v=thread&t= " . $row [ 'tid' ] . " \" > " . $row [ 'title' ] . " </a></li> " );
}
2014-02-10 21:12:34 +01:00
print ( " </ol><h3><a href=?v=post> " . L_NEWTHREAD . " </a></h3> " );
2014-01-25 22:12:05 +01:00
} elseif (( $_GET [ 'v' ] == " thread " ) && ( isset ( $_GET [ 't' ]))) {
if ( ! is_numeric ( $_GET [ 't' ])){ header ( 'Location: ./' );}
2014-02-10 19:16:56 +01:00
$threads = mysql_query ( " SELECT * FROM " . $mysql [ 'table' ] . " WHERE tid=' " . mysql_real_escape_string ( preg_replace ( '/\D/' , '' , $_GET [ 't' ])) . " ' ORDER BY id " );
2014-01-25 22:12:05 +01:00
$num_rows = mysql_num_rows ( $threads );
2014-02-10 21:12:34 +01:00
if ( ! $num_rows ){ print ( L_NONEXISTENT );} else {
2014-02-10 19:16:56 +01:00
$tid = " " ; $lock = " " ;
while ( $row = mysql_fetch_array ( $threads )) {
$tid = $row [ 'tid' ];
2014-02-10 21:12:34 +01:00
if ( $row [ 'op' ]){ $lock = $row [ 'lock' ]; if ( ! $lock ){ print ( " <h2> " . L_THREAD . " : " . $row [ 'title' ] . " </h2><h3><a href=?v=post&t= " . $row [ 'tid' ] . " > " . L_NEWREPLY . " </a></h3> " );} else { print ( " <h2> " . L_THREAD . " : " . $row [ 'title' ] . " </h2><h3> " . L_LOCKED . " </h3> " );} if ( $auth == md5 ( $ninechan [ 'modpass' ])){ print ( " <font size=2>[<a href=?v=mod&del=purge&id= " . $tid . " > " . L_PURGE . " </a>] " ); if ( ! $lock ){ print ( " [<a href=?v=mod&lock=true&id= " . $tid . " > " . L_LOCK . " </a>]</font> " );} else { print ( " [<a href=?v=mod&lock=false&id= " . $tid . " > " . L_UNLOCK . " </a>]</font> " );}}}
2014-02-10 19:16:56 +01:00
print ( " <fieldset id= " . $row [ 'id' ] . " > " );
2014-02-10 21:12:34 +01:00
if ( ! $row [ 'email' ] == " " ){ print ( " <legend><b> " . $row [ 'title' ] . " </b> <a href= \" # " . $row [ 'id' ] . " \" > " . L_BY . " </a> <b><a href= \" mailto: " . $row [ 'email' ] . " \" > " . $row [ 'name' ] . " </a></b></legend> " );} else { print ( " <legend><b> " . $row [ 'title' ] . " </b> <a href= \" # " . $row [ 'id' ] . " \" > " . L_BY . " </a> <b> " . $row [ 'name' ] . " </b></legend> " );}
2014-02-10 19:16:56 +01:00
print ( parseBBcode ( $row [ 'content' ]) . " <br /><br /> " );
2014-02-11 23:50:30 +01:00
if ( $row [ 'ban' ]){ print ( " <b><font size=2 class=ban> " . $ninechan [ 'bantext' ] . " </font></b><br /> " ); if ( $auth == md5 ( $ninechan [ 'modpass' ])){ print ( " <font size=2>[<a href=?v=mod&del&id= " . $row [ 'id' ] . " &t= " . $row [ 'tid' ] . " > " . L_DELETE . " </a>] [<a href=?v=mod&ban=false&id= " . $row [ 'id' ] . " &t= " . $row [ 'tid' ] . " > " . L_UNBAN . " </a>] [IP: " . base64_decode ( $row [ 'ip' ]) . " ]</font><br /> " );}}
if ( $auth == md5 ( $ninechan [ 'modpass' ]) &&! $row [ 'ban' ]){ print ( " <font size=2>[<a href=?v=mod&del&id= " . $row [ 'id' ] . " &t= " . $row [ 'tid' ] . " > " . L_DELETE . " </a>] [<a href=?v=mod&ban=true&id= " . $row [ 'id' ] . " &t= " . $row [ 'tid' ] . " > " . L_BAN . " </a>] [IP: " . base64_decode ( $row [ 'ip' ]) . " ]</font><br /> " );}
2014-02-10 19:16:56 +01:00
print ( " <i><font size=2> " . $row [ 'date' ] . " </font></i></fieldset> " );
}
2014-02-10 21:12:34 +01:00
if ( $auth == md5 ( $ninechan [ 'modpass' ])){ print ( " <font size=2>[<a href=?v=mod&del=purge&id= " . $tid . " > " . L_PURGE . " </a>] " ); if ( ! $lock ){ print ( " [<a href=?v=mod&lock=true&id= " . $tid . " > " . L_LOCK . " </a>]</font> " );} else { print ( " [<a href=?v=mod&lock=false&id= " . $tid . " > " . L_UNLOCK . " </a>]</font> " );}}
if ( ! $lock ){ print ( " <h3><a href=?v=post&t= " . $tid . " > " . L_NEWREPLY . " </a></h3> " );} else { print ( " <h3> " . L_LOCKED . " </h3> " );}
2014-01-25 22:12:05 +01:00
}
2014-01-28 17:14:19 +01:00
} elseif ( $_GET [ 'v' ] == " post " ) {
2014-01-25 22:12:05 +01:00
print ( " <form method=post action=?v=submit> " );
2014-02-10 19:16:56 +01:00
$lock = " " ;
2014-01-25 22:12:05 +01:00
if ( isset ( $_GET [ 't' ])){
if ( ! is_numeric ( $_GET [ 't' ])){ header ( 'Location: ./' );}
2014-02-10 19:16:56 +01:00
$threads = mysql_query ( " SELECT * FROM " . $mysql [ 'table' ] . " WHERE tid=' " . mysql_real_escape_string ( preg_replace ( '/\D/' , '' , $_GET [ 't' ])) . " ' and op='1' ORDER BY id " );
2014-01-25 22:12:05 +01:00
$num_rows = mysql_num_rows ( $threads );
if ( ! $num_rows ){ header ( 'Location: ./' );}
while ( $row = mysql_fetch_array ( $threads )) {
2014-02-10 21:12:34 +01:00
if ( isset ( $_GET [ 't' ])){ $lock = $row [ 'lock' ];}
2014-02-10 19:16:56 +01:00
if ( $lock ){
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_LOCKEDMSG . " </h2><meta http-equiv= \" refresh \" content= \" 2; URL= " . $_SERVER [ 'PHP_SELF' ] . " ?v=thread&t= " . $row [ 'tid' ] . " \" > " );
2014-02-10 19:16:56 +01:00
} else {
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_RETO . " " . $row [ 'title' ] . " (ID: " . $row [ 'tid' ] . " )</h2><input type=hidden name=tid value=' " . $_GET [ 't' ] . " '/> " . L_TITLE . " *: <input type=text name=title value='Re: " . $row [ 'title' ] . " ' /><br /> " );
2014-02-10 19:16:56 +01:00
}
2014-01-25 22:12:05 +01:00
}
} else {
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_NEWTHREAD . " </h2> " . L_TITLE . " *: <input type=text name=title /><br /> " );
2014-01-25 22:12:05 +01:00
}
2014-02-10 21:12:34 +01:00
if ( ! $lock ){ print ( " " . L_NAME . " : <input type=text name=name /><br /> " . L_EMAIL . " : <input type=text name=email /><br /> " . L_COMMENT . " *:<br /><textarea name=content rows=6 cols=48></textarea><br /><font size=2>* = " . L_REQUIRED . " </font><br /><input type=submit value= " . L_SUBMIT . " /></form> " );}
2014-01-28 17:14:19 +01:00
} elseif ( $_GET [ 'v' ] == " submit " ) {
2014-03-12 00:00:47 +01:00
if ( strlen ( $_POST [ 'title' ]) >= $ninechan [ 'titleminlength' ]){ $title = removeSpecialChars ( $_POST [ 'title' ]);} else { die ( " <h2> " . L_INVALIDTITLE . " </h2><meta http-equiv= \" refresh \" content= \" 2; URL= " . $_SERVER [ 'PHP_SELF' ] . " \" > " );}
if (( isset ( $_POST [ 'name' ])) && ( ! $_POST [ 'name' ] == " " )){ $name = removeSpecialChars ( $_POST [ 'name' ]); if ( strstr ( $name , " # " )){ $name = ( strstr ( $name , " # " , true ) . " <span class=trip>! " . parseTrip ( $_POST [ 'name' ]) . " </span> " );}} else { $name = " Anonymous " ;}
if ( isset ( $_POST [ 'email' ])){ $email = removeSpecialChars ( $_POST [ 'email' ]); if (( $email == " noko " ) || ( $email == " nonoko " )){ $noredir = true ;}}
2014-01-28 17:14:19 +01:00
$date = date ( 'd/m/Y @ g:iA T' );
2014-03-12 00:00:47 +01:00
if ( strlen ( $_POST [ 'content' ]) >= $ninechan [ 'commentminlength' ]){ $content = removeSpecialChars ( $_POST [ 'content' ]);} else { die ( " <h2> " . L_NOCOMMENT . " </h2><meta http-equiv= \" refresh \" content= \" 2; URL= " . $_SERVER [ 'PHP_SELF' ] . " \" > " );}
2014-01-28 17:14:19 +01:00
$ip = base64_encode ( $_SERVER [ 'REMOTE_ADDR' ]);
if ( ! isset ( $_POST [ 'tid' ])){ $op = 1 ;} else { $op = 0 ;}
2014-03-12 00:00:47 +01:00
if ( isset ( $_POST [ 'tid' ])){ $tid = removeSpecialChars ( $_POST [ 'tid' ]);} else { $tidget = mysql_query ( " SELECT MAX(tid) AS tid FROM " . $mysql [ 'table' ] . " LIMIT 1 " ); $num_rows = mysql_num_rows ( $tidget ); $tid = 0 ; while ( $row = mysql_fetch_array ( $tidget )){ $tid = $row [ 'tid' ];} ++ $tid ;}
2014-02-10 19:16:56 +01:00
mysql_query ( " INSERT INTO ` " . $mysql [ 'data' ] . " `.` " . $mysql [ 'table' ] . " ` (`title`,`name`,`email`,`date`,`content`,`ip`,`op`,`tid`) VALUES (' $title ',' $name ',' $email ',' $date ',' $content ',' $ip ',' $op ',' $tid ') " );
2014-02-10 21:12:34 +01:00
print ( " <h1> " . L_POSTED . " </h1> " );
2014-01-30 02:10:32 +01:00
if ( @ $noredir ){ print ( " <meta http-equiv= \" refresh \" content= \" 1; URL= " . $_SERVER [ 'PHP_SELF' ] . " ?v=index \" > " );} else { print ( " <meta http-equiv= \" refresh \" content= \" 1; URL= " . $_SERVER [ 'PHP_SELF' ] . " ?v=thread&t= " . $tid . " \" > " );}
2014-02-10 19:16:56 +01:00
} elseif ( $_GET [ 'v' ] == " mod " ) {
if ( $auth == md5 ( $ninechan [ 'modpass' ])){
if ( isset ( $_POST [ 'modkill' ])){ session_destroy (); header ( 'Location: ?v=mod' );}
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_MODLOGOUT . " </h2><form method=post action=?v=mod> " . L_MODTOOLS . " <br /><input type=submit value= " . L_LOGOUT . " name=modkill /></form> " );
2014-02-10 19:16:56 +01:00
if (( isset ( $_GET [ 'ban' ])) && ( isset ( $_GET [ 'id' ])) && ( isset ( $_GET [ 't' ]))){
if ( $_GET [ 'ban' ] == " true " ){
banPost ( $_GET [ 'id' ], true );
} else {
banPost ( $_GET [ 'id' ], false );
}
header ( 'Location: ?v=thread&t=' . $_GET [ 't' ]);
}
if (( isset ( $_GET [ 'del' ])) && ( isset ( $_GET [ 'id' ]))){
if ( $_GET [ 'del' ] == " purge " ){
pruneThread ( $_GET [ 'id' ]);
header ( 'Location: ?v=index' );
} else {
delPost ( $_GET [ 'id' ]);
header ( 'Location: ?v=thread&t=' . $_GET [ 't' ]);
}
}
if (( isset ( $_GET [ 'lock' ])) && ( isset ( $_GET [ 'id' ]))){
if ( $_GET [ 'lock' ] == " true " ){
lockThread ( $_GET [ 'id' ], true );
} else {
lockThread ( $_GET [ 'id' ], false );
}
header ( 'Location: ?v=thread&t=' . $_GET [ 'id' ]);
}
} else {
if ( isset ( $_POST [ 'modpass' ])){ if ( md5 ( $_POST [ 'modpass' ]) == md5 ( $ninechan [ 'modpass' ])){ $_SESSION [ 'mod' ] = md5 ( $ninechan [ 'modpass' ]);} header ( 'Location: ?v=mod' );}
2014-02-10 21:12:34 +01:00
print ( " <h2> " . L_MODLOGIN . " </h2><form method=post action=?v=mod><input type=password name=modpass /><input type=submit value= " . L_LOGIN . " /></form> " );
2014-02-10 19:16:56 +01:00
}
2014-01-25 22:12:05 +01:00
} else { header ( 'Location: ?v=index' );}
?>
2014-02-22 21:42:45 +01:00
<!-- Please retain the full copyright notice below including the link to flashii . net . This not only gives respect to the amount of time given freely by the developer but also helps build interest , traffic and use of ninechan . Thanks , Julian van de Groep -->
< h6 >< a href = " http://9chan.us " > ninechan </ a > < ? php if ( $ninechan [ 'showversion' ]){ print ( " v1.8 " );} ?> © <a href="http://flashii.net/">Flashwave</a></h6>
2014-01-25 22:12:05 +01:00
</ body >
</ html >