diff --git a/_sakura/components/Users.php b/_sakura/components/Users.php index 1100b83..63368fb 100755 --- a/_sakura/components/Users.php +++ b/_sakura/components/Users.php @@ -137,6 +137,17 @@ class Users return [0, 'AUTH_LOCKED']; } + // Check if we haven't hit the rate limit + $rates = Database::fetch('login_attempts', true, [ + 'attempt_ip' => [Main::getRemoteIP(), '='], + 'attempt_timestamp' => [time() - 1800, '>'], + 'attempt_success' => [0, '='], + ]); + + if (count($rates) > 4) { + return [0, 'RATE_LIMIT']; + } + // Check if the user that's trying to log in actually exists if (!$uid = self::userExists($username, false)) { return [0, 'USER_NOT_EXIST']; @@ -159,14 +170,14 @@ class Users $user['password_salt'], $user['password_hash'], ])) { - return [0, 'INCORRECT_PASSWORD', $user['password_chan']]; + return [0, 'INCORRECT_PASSWORD', $user['user_id'], $user['password_chan']]; } } // Check if the user has the required privs to log in if (Permissions::check('SITE', 'DEACTIVATED', $user['user_id'], 1)) { - return [0, 'NOT_ALLOWED']; + return [0, 'NOT_ALLOWED', $user['user_id']]; } // Create a new session diff --git a/_sakura/sakura.php b/_sakura/sakura.php index 067318a..ae136c2 100755 --- a/_sakura/sakura.php +++ b/_sakura/sakura.php @@ -8,7 +8,7 @@ namespace Sakura; // Define Sakura version -define('SAKURA_VERSION', '20151020'); +define('SAKURA_VERSION', '20151022'); define('SAKURA_VLABEL', 'Eminence'); define('SAKURA_COLOUR', '#6C3082'); define('SAKURA_STABLE', false); @@ -161,6 +161,7 @@ if (!defined('SAKURA_NO_TPL')) { 'siteTags' => implode(", ", json_decode(Configuration::getConfig('sitetags'), true)), 'dateFormat' => Configuration::getConfig('date_format'), 'currentPage' => '//' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], + 'referrer' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null), 'recaptchaPublic' => Configuration::getConfig('recaptcha_public'), 'recaptchaEnabled' => Configuration::getConfig('recaptcha'), diff --git a/_sakura/templates/yuuno/forum/posting.tpl b/_sakura/templates/yuuno/forum/posting.tpl index 68678d4..762b83c 100755 --- a/_sakura/templates/yuuno/forum/posting.tpl +++ b/_sakura/templates/yuuno/forum/posting.tpl @@ -58,6 +58,11 @@ + {% if posting.id %} + + {% endif %} + + diff --git a/_sakura/templates/yuuno/global/confirm.tpl b/_sakura/templates/yuuno/global/confirm.tpl new file mode 100644 index 0000000..97b02fd --- /dev/null +++ b/_sakura/templates/yuuno/global/confirm.tpl @@ -0,0 +1,22 @@ +{% extends 'global/master.tpl' %} + +{% block title %}Confirmation{% endblock %} + +{% block content %} +
+
+

{% block header %}Confirmation{% endblock %}

+
+ {{ message }} +
+ + + {% for key,value in conditions %} + + {% endfor %} + + +
+
+
+{% endblock %} diff --git a/public/authenticate.php b/public/authenticate.php index 0a5205c..ea646c6 100755 --- a/public/authenticate.php +++ b/public/authenticate.php @@ -178,10 +178,22 @@ if (isset($_REQUEST['mode'])) { 'INCORRECT_PASSWORD' => 'The password you entered was invalid.', 'NOT_ALLOWED' => 'Your account does not have the required permissions to log in.', 'NO_LOGIN' => 'Logging into this account is disabled.', + 'RATE_LIMIT' => 'Your IP has hit the login rate limit, try again later.', 'LOGIN_SUCCESS' => 'Login successful!', ]; + // Check if we're not RATE_LIMIT + if ($login[1] != 'RATE_LIMIT') { + // Add to database + Database::insert('login_attempts', [ + 'attempt_success' => $login[0], + 'attempt_timestamp' => time(), + 'attempt_ip' => Main::getRemoteIP(), + 'user_id' => isset($login[2]) ? $login[2] : 0, + ]); + } + // Add page specific things $renderData['page'] = [ diff --git a/public/content/data/yuuno/css/yuuno.css b/public/content/data/yuuno/css/yuuno.css index 834b494..f05a083 100755 --- a/public/content/data/yuuno/css/yuuno.css +++ b/public/content/data/yuuno/css/yuuno.css @@ -1824,6 +1824,12 @@ textarea.inputStyling { padding-left: 5px; } +@media (max-width: 512px) { + .forum .forumList .forumForum .forumLastColumn { + display: none; + } +} + .forum .topicList { width: 100%; border-spacing: 0; diff --git a/public/posting.php b/public/posting.php index 3354728..b711e47 100755 --- a/public/posting.php +++ b/public/posting.php @@ -40,7 +40,7 @@ if ($mode != 'f') { // Add page specific things $renderData['page'] = [ 'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')), - 'message' => 'The requested thread does not exist.', + 'message' => 'The requested post does not exist.', ]; // Render information page @@ -55,10 +55,98 @@ if ($mode != 'f') { // Add subject to render data $posting['text'] = '[quote]' . $post['post_text'] . '[/quote]'; + + // Post editing + } elseif ($mode == 'p' && isset($_GET['edit']) && $_GET['edit'] == $_GET['p'] && array_key_exists($_GET['p'], $topic['posts'])) { + // Checks + if ($topic['posts'][$_GET['p']]['poster_id'] != $currentUser->data['user_id']) { + // Add page specific things + $renderData['page'] = [ + 'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')), + 'message' => 'You can only edit your own posts!', + ]; + + // Render information page + print Templates::render('global/information.tpl', $renderData); + exit; + } + + // Reassign post for ease + $post = $topic['posts'][$_GET['p']]; + + // Set variables + $posting = array_merge($posting, [ + 'subject' => $post['post_subject'], + 'text' => $post['post_text'], + 'id' => $post['post_id'] + ]); + // Post deletion + } elseif ($mode == 'p' && isset($_GET['delete']) && $_GET['delete'] == $_GET['p'] && array_key_exists($_GET['p'], $topic['posts'])) { + // Checks + if ($topic['posts'][$_GET['p']]['poster_id'] != $currentUser->data['user_id']) { + // Add page specific things + $renderData['page'] = [ + 'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')), + 'message' => 'You can only delete your own posts!', + ]; + + // Render information page + print Templates::render('global/information.tpl', $renderData); + exit; + } + + // Submit mode + if (isset($_POST['timestamp'], $_POST['sessionid'], $_POST['post_id'])) { + // Post deletion code + if (isset($_POST['yes'])) { + // Delete the post + Database::delete('posts', [ + 'post_id' => [$_POST['post_id'], '='], + ]); + + // Reload the topic + $topic = Forum::getTopic($topicId, true); + + // If there's no more posts left in the topic delete it as well + if (!count($topic['posts'])) { + Database::delete('topics', [ + 'topic_id' => [$topic['topic']['topic_id'], '='], + ]); + } + + // Add page specific things + $renderData['page'] = [ + 'redirect' => (count($topic['posts']) ? $urls->format('FORUM_THREAD', [$topic['topic']['topic_id']]) : $urls->format('FORUM_INDEX')), + 'message' => 'Your post has been deleted!', + ]; + + // Render information page + print Templates::render('global/information.tpl', $renderData); + exit; + // Return to previous page + } else { + header('Location: '. $urls->format('FORUM_POST', [$_POST['post_id']])); + exit; + } + } + + // Form mode + $renderData = array_merge($renderData, [ + 'message' => 'Are you sure you want to delete your reply to ' . $topic['topic']['topic_title'] . '?', + 'conditions' => [ + 'post_id' => $topic['posts'][$_GET['p']]['post_id'] + ] + ]); + + // Render confirmation form + print Templates::render('global/confirm.tpl', $renderData); + exit; } // Add subject to render data - $posting['subject'] = 'Re: '. $topic['topic']['topic_title']; + if(!isset($posting['subject'])) { + $posting['subject'] = 'Re: ' . $topic['topic']['topic_title']; + } } // Check if a post is being made