0) { ob_end_flush(); } } if (version_compare(phpversion(), '5.3.0', '<')) { if (get_magic_quotes_gpc()) { foreach ($_GET as $key => $val) { $_GET[$key] = stripslashes($val); } foreach ($_POST as $key => $val) { $_POST[$key] = stripslashes($val); } } if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } } function fancyDie($message) { die('

' . $message . '

- Click here to go back -'); } if (!file_exists('settings.php')) { fancyDie('Please copy the file settings.default.php to settings.php'); } require 'settings.php'; if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') { fancyDie('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.'); } if (TINYIB_CAPTCHA === 'recaptcha' && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) { fancyDie('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.'); } // Check directories are writable by the script $writedirs = array("res", "src", "thumb"); if (TINYIB_DBMODE == 'flatfile') { $writedirs[] = "inc/flatfile"; } foreach ($writedirs as $dir) { if (!is_writable($dir)) { fancyDie("Directory '" . $dir . "' can not be written to. Please modify its permissions."); } } $includes = array("inc/defines.php", "inc/functions.php", "inc/html.php"); if (in_array(TINYIB_DBMODE, array('flatfile', 'mysql', 'mysqli', 'sqlite', 'sqlite3', 'pdo'))) { $includes[] = 'inc/database_' . TINYIB_DBMODE . '.php'; } else { fancyDie("Unknown database mode specified."); } foreach ($includes as $include) { include $include; } if (TINYIB_TIMEZONE != '') { date_default_timezone_set(TINYIB_TIMEZONE); } $redirect = true; // Check if the request is to make a post if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) { if (TINYIB_DBMIGRATE) { fancyDie('Posting is currently disabled.
Please try again in a few moments.'); } list($loggedin, $isadmin) = manageCheckLogIn(); $rawpost = isRawPost(); $rawposttext = ''; if (!$loggedin) { checkCAPTCHA(); checkBanned(); checkMessageSize(); checkFlood(); } $post = newPost(setParent()); $hide_fields = $post['parent'] == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields; $post['ip'] = $_SERVER['REMOTE_ADDR']; if ($rawpost || !in_array('name', $hide_fields)) { list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']); $post['name'] = cleanString(substr($post['name'], 0, 75)); } if ($rawpost || !in_array('email', $hide_fields)) { $post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75))); } if ($rawpost || !in_array('subject', $hide_fields)) { $post['subject'] = cleanString(substr($_POST['subject'], 0, 75)); } if ($rawpost || !in_array('message', $hide_fields)) { $post['message'] = $_POST['message']; if ($rawpost) { // Treat message as raw HTML $rawposttext = ($isadmin) ? ' ## Admin' : ' ## Mod'; } else { if (TINYIB_WORDBREAK > 0) { $post['message'] = preg_replace('/([^\s]{' . TINYIB_WORDBREAK . '})(?=[^\s])/', '$1' . TINYIB_WORDBREAK_IDENTIFIER, $post['message']); } $post['message'] = str_replace("\n", '
', makeLinksClickable(colorQuote(postLink(cleanString(rtrim($post['message'])))))); if (TINYIB_WORDBREAK > 0) { $post['message'] = finishWordBreak($post['message']); } } } if ($rawpost || !in_array('password', $hide_fields)) { $post['password'] = ($_POST['password'] != '') ? md5(md5($_POST['password'])) : ''; } $post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext); if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($rawpost || !in_array('embed', $hide_fields))) { if (isset($_FILES['file']) && $_FILES['file']['name'] != "") { fancyDie("Embedding a URL and uploading a file at the same time is not supported."); } list($service, $embed) = getEmbed(trim($_POST['embed'])); if (empty($embed) || !isset($embed['html']) || !isset($embed['title']) || !isset($embed['thumbnail_url'])) { fancyDie("Invalid embed URL. Only " . (implode("/", array_keys($tinyib_embeds))) . " URLs are supported."); } $post['file_hex'] = $service; $temp_file = time() . substr(microtime(), 2, 3); $file_location = "thumb/" . $temp_file; file_put_contents($file_location, url_get_contents($embed['thumbnail_url'])); $file_info = getimagesize($file_location); $file_mime = mime_content_type($file_location); $post['image_width'] = $file_info[0]; $post['image_height'] = $file_info[1]; if ($file_mime == "image/jpeg") { $post['thumb'] = $temp_file . '.jpg'; } else if ($file_mime == "image/gif") { $post['thumb'] = $temp_file . '.gif'; } else if ($file_mime == "image/png") { $post['thumb'] = $temp_file . '.png'; } else { fancyDie("Error while processing audio/video."); } $thumb_location = "thumb/" . $post['thumb']; list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post); if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight)) { fancyDie("Could not create thumbnail."); } addVideoOverlay($thumb_location); $thumb_info = getimagesize($thumb_location); $post['thumb_width'] = $thumb_info[0]; $post['thumb_height'] = $thumb_info[1]; $post['file_original'] = cleanString($embed['title']); $post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']); } else if (isset($_FILES['file']) && ($rawpost || !in_array('file', $hide_fields))) { if ($_FILES['file']['name'] != "") { validateFileUpload(); if (!is_file($_FILES['file']['tmp_name']) || !is_readable($_FILES['file']['tmp_name'])) { fancyDie("File transfer failure. Please retry the submission."); } if ((TINYIB_MAXKB > 0) && (filesize($_FILES['file']['tmp_name']) > (TINYIB_MAXKB * 1024))) { fancyDie("That file is larger than " . TINYIB_MAXKBDESC . "."); } $post['file_original'] = trim(htmlentities(substr($_FILES['file']['name'], 0, 50), ENT_QUOTES)); $post['file_hex'] = md5_file($_FILES['file']['tmp_name']); $post['file_size'] = $_FILES['file']['size']; $post['file_size_formatted'] = convertBytes($post['file_size']); checkDuplicateFile($post['file_hex']); $file_mime_split = explode(' ', trim(mime_content_type($_FILES['file']['tmp_name']))); if (count($file_mime_split) > 0) { $file_mime = strtolower(array_pop($file_mime_split)); } else { if (!@getimagesize($_FILES['file']['tmp_name'])) { fancyDie("Failed to read the MIME type and size of the uploaded file. Please retry the submission."); } $file_info = getimagesize($_FILES['file']['tmp_name']); $file_mime = mime_content_type($_FILES['file']['tmp_name']); } if (empty($file_mime) || !isset($tinyib_uploads[$file_mime])) { fancyDie(supportedFileTypes()); } $file_name = time() . substr(microtime(), 2, 3); $post['file'] = $file_name . "." . $tinyib_uploads[$file_mime][0]; $file_location = "src/" . $post['file']; if (!move_uploaded_file($_FILES['file']['tmp_name'], $file_location)) { fancyDie("Could not copy uploaded file."); } if ($_FILES['file']['size'] != filesize($file_location)) { @unlink($file_location); fancyDie("File transfer failure. Please go back and try again."); } if ($file_mime == "audio/webm" || $file_mime == "video/webm") { $post['image_width'] = max(0, intval(shell_exec('mediainfo --Inform="Video;%Width%" ' . $file_location))); $post['image_height'] = max(0, intval(shell_exec('mediainfo --Inform="Video;%Height%" ' . $file_location))); if ($post['image_width'] > 0 && $post['image_height'] > 0) { list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post); $post['thumb'] = $file_name . "s.jpg"; shell_exec("ffmpegthumbnailer -s " . max($thumb_maxwidth, $thumb_maxheight) . " -i $file_location -o thumb/{$post['thumb']}"); $thumb_info = getimagesize("thumb/" . $post['thumb']); $post['thumb_width'] = $thumb_info[0]; $post['thumb_height'] = $thumb_info[1]; if ($post['thumb_width'] <= 0 || $post['thumb_height'] <= 0) { @unlink($file_location); @unlink("thumb/" . $post['thumb']); fancyDie("Sorry, your video appears to be corrupt."); } addVideoOverlay("thumb/" . $post['thumb']); } $duration = intval(shell_exec('mediainfo --Inform="General;%Duration%" ' . $file_location)); if ($duration > 0) { $mins = floor(round($duration / 1000) / 60); $secs = str_pad(floor(round($duration / 1000) % 60), 2, "0", STR_PAD_LEFT); $post['file_original'] = "$mins:$secs" . ($post['file_original'] != '' ? (', ' . $post['file_original']) : ''); } } else if (in_array($file_mime, array('image/jpeg', 'image/pjpeg', 'image/png', 'image/gif', 'application/x-shockwave-flash'))) { $file_info = getimagesize($file_location); $post['image_width'] = $file_info[0]; $post['image_height'] = $file_info[1]; } if (isset($tinyib_uploads[$file_mime][1])) { $thumbfile_split = explode(".", $tinyib_uploads[$file_mime][1]); $post['thumb'] = $file_name . "s." . array_pop($thumbfile_split); if (!copy($tinyib_uploads[$file_mime][1], "thumb/" . $post['thumb'])) { @unlink($file_location); fancyDie("Could not create thumbnail."); } if ($file_mime == "application/x-shockwave-flash") { addVideoOverlay("thumb/" . $post['thumb']); } } else if (in_array($file_mime, array('image/jpeg', 'image/pjpeg', 'image/png', 'image/gif'))) { $post['thumb'] = $file_name . "s." . $tinyib_uploads[$file_mime][0]; list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post); if (!createThumbnail($file_location, "thumb/" . $post['thumb'], $thumb_maxwidth, $thumb_maxheight)) { @unlink($file_location); fancyDie("Could not create thumbnail."); } } if ($post['thumb'] != '') { $thumb_info = getimagesize("thumb/" . $post['thumb']); $post['thumb_width'] = $thumb_info[0]; $post['thumb_height'] = $thumb_info[1]; } } } if ($post['file'] == '') { // No file uploaded $allowed = ""; if (!empty($tinyib_uploads) && ($rawpost || !in_array('file', $hide_fields))) { $allowed = "file"; } if (!empty($tinyib_embeds) && ($rawpost || !in_array('embed', $hide_fields))) { if ($allowed != "") { $allowed .= " or "; } $allowed .= "embed URL"; } if ($post['parent'] == TINYIB_NEWTHREAD && $allowed != "" && !TINYIB_NOFILEOK) { fancyDie("A $allowed is required to start a thread."); } if (!$rawpost && str_replace('
', '', $post['message']) == "") { $die_msg = ""; if (!in_array('message', $hide_fields)) { $die_msg .= "enter a message " . ($allowed != "" ? " and/or " : ""); } if ($allowed != "") { $die_msg .= "upload a $allowed"; } fancyDie("Please $die_msg."); } } else { echo $post['file_original'] . ' uploaded.
'; } if (!$loggedin && (($post['file'] != '' && TINYIB_REQMOD == 'files') || TINYIB_REQMOD == 'all')) { $post['moderated'] = '0'; echo 'Your ' . ($post['parent'] == TINYIB_NEWTHREAD ? 'thread' : 'post') . ' will be shown once it has been approved.
'; $slow_redirect = true; } $post['id'] = insertPost($post); if ($post['moderated'] == '1') { if (TINYIB_ALWAYSNOKO || strtolower($post['email']) == 'noko') { $redirect = 'res/' . ($post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']) . '.html#' . $post['id']; } trimThreads(); echo 'Updating thread...
'; if ($post['parent'] != TINYIB_NEWTHREAD) { rebuildThread($post['parent']); if (strtolower($post['email']) != 'sage') { if (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($post['parent']) <= TINYIB_MAXREPLIES) { bumpThreadByID($post['parent']); } } } else { rebuildThread($post['id']); } echo 'Updating index...
'; rebuildIndexes(); } // Check if the request is to delete a post and/or its associated image } elseif (isset($_GET['delete']) && !isset($_GET['manage'])) { if (!isset($_POST['delete'])) { fancyDie('Tick the box next to a post and click "Delete" to delete it.'); } if (TINYIB_DBMIGRATE) { fancyDie('Post deletion is currently disabled.
Please try again in a few moments.'); } $post = postByID($_POST['delete']); if ($post) { list($loggedin, $isadmin) = manageCheckLogIn(); if ($loggedin && $_POST['password'] == '') { // Redirect to post moderation page echo '--> --> -->'; } elseif ($post['password'] != '' && md5(md5($_POST['password'])) == $post['password']) { deletePostByID($post['id']); if ($post['parent'] == TINYIB_NEWTHREAD) { threadUpdated($post['id']); } else { threadUpdated($post['parent']); } fancyDie('Post deleted.'); } else { fancyDie('Invalid password.'); } } else { fancyDie('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'); } $redirect = false; // Check if the request is to access the management area } elseif (isset($_GET['manage'])) { $text = ''; $onload = ''; $navbar = ' '; $redirect = false; $loggedin = false; $isadmin = false; $returnlink = basename($_SERVER['PHP_SELF']); list($loggedin, $isadmin) = manageCheckLogIn(); if ($loggedin) { if ($isadmin) { if (isset($_GET['rebuildall'])) { $allthreads = allThreads(); foreach ($allthreads as $thread) { rebuildThread($thread['id']); } rebuildIndexes(); $text .= manageInfo('Rebuilt board.'); } elseif (isset($_GET['bans'])) { clearExpiredBans(); if (isset($_POST['ip'])) { if ($_POST['ip'] != '') { $banexists = banByIP($_POST['ip']); if ($banexists) { fancyDie('Sorry, there is already a ban on record for that IP address.'); } $ban = array(); $ban['ip'] = $_POST['ip']; $ban['expire'] = ($_POST['expire'] > 0) ? (time() + $_POST['expire']) : 0; $ban['reason'] = $_POST['reason']; insertBan($ban); $text .= manageInfo('Ban record added for ' . $ban['ip']); } } elseif (isset($_GET['lift'])) { $ban = banByID($_GET['lift']); if ($ban) { deleteBanByID($_GET['lift']); $text .= manageInfo('Ban record lifted for ' . $ban['ip']); } } $onload = manageOnLoad('bans'); $text .= manageBanForm(); $text .= manageBansTable(); } else if (isset($_GET['update'])) { if (is_dir('.git')) { $git_output = shell_exec('git pull 2>&1'); $text .= '

Attempting update...' . "\n\n" . $git_output . '

Note: If TinyIB updates and you have made custom modifications, review the changes which have been merged into your installation. Ensure that your modifications do not interfere with any new/modified files. See the README for more information.

'; } else { $text .= '

TinyIB was not installed via Git.

If you installed TinyIB without Git, you must update manually. If you did install with Git, ensure the script has read and write access to the .git folder.

'; } } elseif (isset($_GET['dbmigrate'])) { if (TINYIB_DBMIGRATE) { if (isset($_GET['go'])) { if (TINYIB_DBMODE == 'flatfile') { if (function_exists('mysqli_connect')) { $link = @mysqli_connect(TINYIB_DBHOST, TINYIB_DBUSERNAME, TINYIB_DBPASSWORD); if (!$link) { fancyDie("Could not connect to database: " . ((is_object($link)) ? mysqli_error($link) : (($link_error = mysqli_connect_error()) ? $link_error : '(unknown error)'))); } $db_selected = @mysqli_query($link, "USE " . constant('TINYIB_DBNAME')); if (!$db_selected) { fancyDie("Could not select database: " . ((is_object($link)) ? mysqli_error($link) : (($link_error = mysqli_connect_error()) ? $link_error : '(unknown error'))); } if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBPOSTS . "'")) == 0) { if (mysqli_num_rows(mysqli_query($link, "SHOW TABLES LIKE '" . TINYIB_DBBANS . "'")) == 0) { mysqli_query($link, $posts_sql); mysqli_query($link, $bans_sql); $max_id = 0; $threads = allThreads(); foreach ($threads as $thread) { $posts = postsInThreadByID($thread['id']); foreach ($posts as $post) { mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`id`, `parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `stickied`) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "', '" . mysqli_real_escape_string($link, $post['email']) . "', '" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['stickied'] . ")"); $max_id = max($max_id, $post['id']); } } if ($max_id > 0 && !mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` AUTO_INCREMENT = " . ($max_id + 1))) { $text .= '

Warning: Unable to update the AUTO_INCREMENT value for table ' . TINYIB_DBPOSTS . ', please set it to ' . ($max_id + 1) . '.

'; } $max_id = 0; $bans = allBans(); foreach ($bans as $ban) { $max_id = max($max_id, $ban['id']); mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`id`, `ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, $ban['id']) . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . mysqli_real_escape_string($link, $ban['timestamp']) . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')"); } if ($max_id > 0 && !mysqli_query($link, "ALTER TABLE `" . TINYIB_DBBANS . "` AUTO_INCREMENT = " . ($max_id + 1))) { $text .= '

Warning: Unable to update the AUTO_INCREMENT value for table ' . TINYIB_DBBANS . ', please set it to ' . ($max_id + 1) . '.

'; } $text .= '

Database migration complete. Set TINYIB_DBMODE to mysqli and TINYIB_DBMIGRATE to false, then click Rebuild All above and ensure everything looks the way it should.

'; } else { fancyDie('Bans table (' . TINYIB_DBBANS . ') already exists! Please DROP this table and try again.'); } } else { fancyDie('Posts table (' . TINYIB_DBPOSTS . ') already exists! Please DROP this table and try again.'); } } else { fancyDie('Please install the MySQLi extension and try again.'); } } else { fancyDie('Set TINYIB_DBMODE to flatfile and enter in your MySQL settings in settings.php before migrating.'); } } else { $text .= '

This tool currently only supports migration from a flat file database to MySQL. Your original database will not be deleted. If the migration fails, disable the tool and your board will be unaffected. See the README (alternate link) for instructions.

Start the migration

'; } } else { fancyDie('Set TINYIB_DBMIGRATE to true in settings.php to use this feature.'); } } } if (isset($_GET['delete'])) { $post = postByID($_GET['delete']); if ($post) { deletePostByID($post['id']); rebuildIndexes(); if ($post['parent'] != TINYIB_NEWTHREAD) { rebuildThread($post['parent']); } $text .= manageInfo('Post No.' . $post['id'] . ' deleted.'); } else { fancyDie("Sorry, there doesn't appear to be a post with that ID."); } } elseif (isset($_GET['approve'])) { if ($_GET['approve'] > 0) { $post = postByID($_GET['approve']); if ($post) { approvePostByID($post['id']); $thread_id = $post['parent'] == TINYIB_NEWTHREAD ? $post['id'] : $post['parent']; if (strtolower($post['email']) != 'sage' && (TINYIB_MAXREPLIES == 0 || numRepliesToThreadByID($thread_id) <= TINYIB_MAXREPLIES)) { bumpThreadByID($thread_id); } threadUpdated($thread_id); $text .= manageInfo('Post No.' . $post['id'] . ' approved.'); } else { fancyDie("Sorry, there doesn't appear to be a post with that ID."); } } } elseif (isset($_GET['moderate'])) { if ($_GET['moderate'] > 0) { $post = postByID($_GET['moderate']); if ($post) { $text .= manageModeratePost($post); } else { fancyDie("Sorry, there doesn't appear to be a post with that ID."); } } else { $onload = manageOnLoad('moderate'); $text .= manageModeratePostForm(); } } elseif (isset($_GET['sticky']) && isset($_GET['setsticky'])) { if ($_GET['sticky'] > 0) { $post = postByID($_GET['sticky']); if ($post && $post['parent'] == TINYIB_NEWTHREAD) { stickyThreadByID($post['id'], (intval($_GET['setsticky']))); threadUpdated($post['id']); $text .= manageInfo('Thread No.' . $post['id'] . ' ' . (intval($_GET['setsticky']) == 1 ? 'stickied' : 'un-stickied') . '.'); } else { fancyDie("Sorry, there doesn't appear to be a thread with that ID."); } } else { fancyDie("Form data was lost. Please go back and try again."); } } elseif (isset($_GET["rawpost"])) { $onload = manageOnLoad("rawpost"); $text .= buildPostForm(0, true); } elseif (isset($_GET["logout"])) { $_SESSION['tinyib'] = ''; session_destroy(); die('--> --> -->'); } if ($text == '') { $text = manageStatus(); } } else { $onload = manageOnLoad('login'); $text .= manageLogInForm(); } echo managePage($text, $onload); } elseif (!file_exists(TINYIB_INDEX) || countThreads() == 0) { rebuildIndexes(); } if ($redirect) { echo '--> --> -->'; }