Subversion Repositories SvarDOS

Rev

Rev 1999 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1223 mateusz.vi 1
<?php
2
//
1242 mateusz.vi 3
// mateuszbb - minimalist bulletin board forum. MIT license.
4
//
1999 mateusz.vi 5
// VERSION 20240906
1242 mateusz.vi 6
//
1645 mateusz.vi 7
// Copyright (C) 2021-2024 Mateusz Viste
1223 mateusz.vi 8
//
1242 mateusz.vi 9
// Permission is hereby granted, free of charge, to any person obtaining a copy
10
// of this software and associated documentation files (the “Software”), to
11
// deal in the Software without restriction, including without limitation the
12
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
13
// sell copies of the Software, and to permit persons to whom the Software is
14
// furnished to do so, subject to the following conditions:
15
//
1651 mateusz.vi 16
// The above copyright notice and this permission notice shall be included in
1242 mateusz.vi 17
// all copies or substantial portions of the Software.
18
//
19
// THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
25
// IN THE SOFTWARE.
1223 mateusz.vi 26
 
27
global $TRIP_SALT;
28
global $INITYEAR;
29
global $DATADIR;
30
global $NICE_URLS;
31
global $STR;
32
global $LANG;
1242 mateusz.vi 33
global $TZ;
34
global $DATE_FORMAT;
35
global $MAINPAGE_MAXTHREADS;
36
global $MAINPAGE_MAXINACT;
37
global $LOCK_DELAY;
38
global $EDIT_ALLOWED_MINUTES;
39
global $MAXDAILYPOSTS;
1223 mateusz.vi 40
 
41
include 'mateuszbb-config.php';
42
 
43
 
44
// *** TRANSLATION STRINGS *****************************************
45
 
46
$STR = array();
47
$STR['en']['opnewthread'] = 'open a new thread';
48
$STR['en']['newthread']   = 'New thread';
49
$STR['en']['latestentry'] = 'latest entry:';
50
$STR['en']['searchterm']  = 'searched term:';
51
$STR['en']['noresults']   = 'No results';
52
$STR['en']['reply']       = 'reply';
53
$STR['en']['jumptoend']   = 'jump to end';
54
$STR['en']['listthreads'] = 'list of threads';
55
$STR['en']['author']      = 'author:';
56
$STR['en']['address']     = 'address:';
57
$STR['en']['date']        = 'date:';
58
$STR['en']['nameornick']  = 'your name or nick';
59
$STR['en']['threadsubj']  = 'subject';
60
$STR['en']['yourmsg']     = 'Your message';
61
$STR['en']['cancel']      = 'cancel';
62
$STR['en']['send']        = 'send';
63
$STR['en']['archives']    = 'archives';
64
$STR['en']['backtocur']   = 'go back to current threads';
65
$STR['en']['search']      = 'search';
66
$STR['en']['password']    = 'password';
67
$STR['en']['optional']    = 'optional';
68
$STR['en']['passhelp']    = 'Providing a password here will generate a unique digital signature on your message.';
1242 mateusz.vi 69
$STR['en']['locked']      = "Thread locked due to inactivity since over {$LOCK_DELAY} days.";
1223 mateusz.vi 70
$STR['en']['captcha'][1]  = 'check the FIRST box';
71
$STR['en']['captcha'][2]  = 'check the MIDDLE box';
72
$STR['en']['captcha'][3]  = 'check the LAST box';
73
$STR['en']['captcha'][4]  = 'check the FIRST and LAST boxes';
74
$STR['en']['captcha'][5]  = 'check the TWO LAST boxes';
75
 
1651 mateusz.vi 76
// DE translations by Robert Riebisch
77
$STR['de']['opnewthread'] = 'Neues Thema eröffnen';
78
$STR['de']['newthread']   = 'Neues Thema';
79
$STR['de']['latestentry'] = 'Neuester Eintrag:';
80
$STR['de']['searchterm']  = 'Gesuchter Begriff:';
81
$STR['de']['noresults']   = 'Keine Ergebnisse';
82
$STR['de']['reply']       = 'Antworten';
83
$STR['de']['jumptoend']   = 'Zum Ende springen';
84
$STR['de']['listthreads'] = 'Liste der Themen';
85
$STR['de']['author']      = 'Autor:';
86
$STR['de']['address']     = 'Adresse:';
87
$STR['de']['date']        = 'Zeitpunkt:';
88
$STR['de']['nameornick']  = 'Dein Name oder Spitzname';
89
$STR['de']['threadsubj']  = 'Thema';
90
$STR['de']['yourmsg']     = 'Deine Nachricht';
91
$STR['de']['cancel']      = 'Abbrechen';
92
$STR['de']['send']        = 'Senden';
93
$STR['de']['archives']    = 'Archiv';
94
$STR['de']['backtocur']   = 'Zurück zu den aktuellen Themen';
95
$STR['de']['search']      = 'Suchbegriff';
96
$STR['de']['password']    = 'Kennwort';
97
$STR['de']['optional']    = 'optional';
98
$STR['de']['passhelp']    = 'Wenn du hier ein Kennwort eingibst, wird deine Nachricht mit einer eindeutigen digitalen Signatur versehen.';
99
$STR['de']['locked']      = "Thema wegen Inaktivität seit über {$LOCK_DELAY} Tagen gesperrt.";
100
$STR['de']['captcha'][1]  = 'Kreuze das ERSTE Kästchen an';
101
$STR['de']['captcha'][2]  = 'Kreuze das MITTLERE Kästchen an';
102
$STR['de']['captcha'][3]  = 'Kreuze das LETZTE Kästchen an';
103
$STR['de']['captcha'][4]  = 'Kreuze das ERSTE und LETZTE Kästchen an';
104
$STR['de']['captcha'][5]  = 'Kreuze die beiden LETZTEN Kästchen an';
105
 
1230 mateusz.vi 106
// PL translations by Mateusz Viste
1223 mateusz.vi 107
$STR['pl']['opnewthread'] = 'stwórz nowy wątek';
108
$STR['pl']['newthread']   = 'Nowy wątek';
109
$STR['pl']['latestentry'] = 'ostatni wpis:';
110
$STR['pl']['searchterm']  = 'szukane wyrażenie:';
111
$STR['pl']['noresults']   = 'Brak wyników';
112
$STR['pl']['reply']       = 'odpowiedz';
113
$STR['pl']['jumptoend']   = 'skocz do końca';
114
$STR['pl']['listthreads'] = 'lista wątków';
115
$STR['pl']['author']      = 'autor:';
116
$STR['pl']['address']     = 'adres:';
117
$STR['pl']['date']        = 'data:';
118
$STR['pl']['nameornick']  = 'imię, nazwisko lub pseudonim';
119
$STR['pl']['threadsubj']  = 'tytuł wątku';
120
$STR['pl']['yourmsg']     = 'Twoja wiadomość';
121
$STR['pl']['cancel']      = 'anuluj';
122
$STR['pl']['send']        = 'wyślij';
123
$STR['pl']['archives']    = 'archiwum';
124
$STR['pl']['backtocur']   = 'powrót do bieżących wątków';
125
$STR['pl']['search']      = 'szukaj';
126
$STR['pl']['password']    = 'hasło';
1242 mateusz.vi 127
$STR['pl']['optional']    = 'opcjonalne';
1223 mateusz.vi 128
$STR['pl']['passhelp']    = 'Podanie hasła pozwoli wygenerować unikalny podpis elektroniczny przy twojej wiadomości.';
1242 mateusz.vi 129
$STR['pl']['locked']      = "Wątek zamknięty z powodu braku aktywności od ponad {$LOCK_DELAY} dni.";
1223 mateusz.vi 130
$STR['pl']['captcha'][1]  = 'zaznacz PIERWSZE pole';
131
$STR['pl']['captcha'][2]  = 'zaznacz ŚRODKOWE pole';
132
$STR['pl']['captcha'][3]  = 'zaznacz OSTATNIE pole';
133
$STR['pl']['captcha'][4]  = 'zaznacz PIERWSZE i OSTATNIE pole';
134
$STR['pl']['captcha'][5]  = 'zaznacz DWA OSTATNIE pola';
135
 
1230 mateusz.vi 136
// pt-BR translations courtesty of Luzemário Dantas
137
$STR['pt']['opnewthread'] = 'abrir novo tópico';
138
$STR['pt']['newthread']   = 'Novo tópico';
139
$STR['pt']['latestentry'] = 'entrada mais recente:';
140
$STR['pt']['searchterm']  = 'termo pesquisado:';
141
$STR['pt']['noresults']   = 'Sem resultados';
142
$STR['pt']['reply']       = 'responder';
143
$STR['pt']['jumptoend']   = 'ir para o final';
144
$STR['pt']['listthreads'] = 'lista de tópicos';
145
$STR['pt']['author']      = 'autor:';
146
$STR['pt']['address']     = 'endereço:';
147
$STR['pt']['date']        = 'data:';
148
$STR['pt']['nameornick']  = 'seu nome ou apelido';
149
$STR['pt']['threadsubj']  = 'assunto';
150
$STR['pt']['yourmsg']     = 'Sua mensagem';
151
$STR['pt']['cancel']      = 'cancelar';
152
$STR['pt']['send']        = 'enviar';
153
$STR['pt']['archives']    = 'arquivos';
154
$STR['pt']['backtocur']   = 'voltar ao tópico atuai';
155
$STR['pt']['search']      = 'pesquisar';
156
$STR['pt']['password']    = 'senha';
157
$STR['pt']['optional']    = 'opcional';
158
$STR['pt']['passhelp']    = 'Fornecer uma senha aqui vai gerar uma assinatura digital única na sua mensagem.';
1242 mateusz.vi 159
$STR['pt']['locked']      = "Este tópico está bloqueado porque está inativo há mais de {$LOCK_DELAY} dias."; // translated by google translate, wording might be poor
1230 mateusz.vi 160
$STR['pt']['captcha'][1]  = 'marque a PRIMEIRA caixa';
161
$STR['pt']['captcha'][2]  = 'marque a caixa do MEIO';
162
$STR['pt']['captcha'][3]  = 'marque a ÚLTIMA caixa';
163
$STR['pt']['captcha'][4]  = 'marque a PRIMEIRA e ÚLTIMA caixas';
164
$STR['pt']['captcha'][5]  = 'marque as DUAS ÚLTIMAS caixas';
165
 
1223 mateusz.vi 166
// *****************************************************************
167
 
168
 
169
function data_dluga($timestamp) {
1242 mateusz.vi 170
  global $DATE_FORMAT;
171
  return(date($DATE_FORMAT, $timestamp));
1223 mateusz.vi 172
}
173
 
174
 
1231 mateusz.vi 175
function selfurl($params = '') {
176
  global $SELFURL;
177
  $r = $SELFURL;
178
  if (!empty($params)) {
179
    if (strrchr($SELFURL, '?')) {
180
      $r .= '&';
181
    } else {
182
      $r .= '?';
183
    }
184
    $r .= $params;
185
  }
186
  return($r);
187
}
188
 
189
 
1223 mateusz.vi 190
// returns an array with the list of languages requested by the browser, in
191
// the order of preference
192
function getpreflang() {
193
  $res = array();
194
  if (! isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) return($res);
195
  $langlist = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
196
  foreach ($langlist as $lang) {
197
    $res[] = strtolower(substr($lang, 0, 2));
198
  }
199
  return(array_unique($res));
200
}
201
 
202
 
203
function mateuszbb_rss() {
204
  global $DATADIR;
1229 mateusz.vi 205
  global $RSS_TITLE;
1242 mateusz.vi 206
  global $NICE_URLS;
1229 mateusz.vi 207
 
1223 mateusz.vi 208
  $db = new SQLite3($DATADIR . 'mateuszbb.sqlite3', SQLITE3_OPEN_READONLY);
209
  if (! $db) {
210
    echo "SQL ERROR: ACCESS DENIED\n";
211
    return false;
212
  }
213
  $sqlres = $db->query('SELECT thread, msgid, author FROM rss ORDER BY msgid DESC, thread DESC LIMIT 100;');
214
  if (! $sqlres) {
215
    echo "SQL ERROR: QUERY FAILED\n";
216
    return false;
217
  }
218
 
219
  header('content-type: application/rss+xml');
220
 
221
  echo '<?xml version="1.0" encoding="utf-8" ?>' . "\n";
222
  echo '<rss version="2.0">' . "\n";
223
  echo "<channel>\n";
1229 mateusz.vi 224
  echo "<title>" . htmlspecialchars($RSS_TITLE, ENT_XML1) . "</title>\n";
225
  echo "<link>" . selfurl(). "</link>\n";
1645 mateusz.vi 226
  echo "<description>" . htmlspecialchars($RSS_TITLE, ENT_XML1) . "</description>\n";
1223 mateusz.vi 227
 
228
  while ($row = $sqlres->fetchArray()) {
1999 mateusz.vi 229
    // TITLE
1223 mateusz.vi 230
    $rawtitle = file_get_contents($DATADIR . 'threads/' . $row['thread'] . '/title.txt');
231
    if (empty($rawtitle)) continue;
232
    $title = htmlspecialchars($rawtitle, ENT_XML1, 'UTF-8');
1999 mateusz.vi 233
 
234
    // AUTHOR
1223 mateusz.vi 235
    $author = htmlspecialchars($row['author'], ENT_XML1, 'UTF-8');
1999 mateusz.vi 236
 
237
    // CONTENT
238
    $rawcontent = loadmsg($row['thread'], $row['msgid'])['msg'];
239
    $rawcontent_shorter =  mb_substr($rawcontent, 0, 256);
240
    if (strlen($rawcontent) > strlen($rawcontent_shorter)) $rawcontent_shorter .= " (...)";
241
    $content = htmlspecialchars($rawcontent_shorter, ENT_XHTML, 'UTF-8');
242
 
243
    // LINK
1229 mateusz.vi 244
    if ($NICE_URLS) {
245
      $link = selfurl();
246
      if (substr($link, -1) !== '/') $link .= '/';
247
      $link .= "{$row['thread']}";
248
    } else {
249
      $link = selfurl('thread=' . $row['thread']);
250
    }
251
    $link .= '#' . $row['msgid'];
1999 mateusz.vi 252
 
253
    // RSS
1223 mateusz.vi 254
    echo "<item>\n";
1229 mateusz.vi 255
    echo "<title>{$author} @ '{$title}'</title>\n";
256
    echo "<link>" . htmlspecialchars($link, ENT_XML1) . "</link>\n";
1999 mateusz.vi 257
    echo "<description>{$content}</description>\n";
1223 mateusz.vi 258
    echo "<pubDate>" . date('r', $row['msgid']) . "</pubDate>\n";
1229 mateusz.vi 259
    echo "<guid>" . htmlspecialchars($link, ENT_XML1) . "</guid>\n";
1223 mateusz.vi 260
    echo "</item>\n";
261
  }
262
  $db->close();
263
 
264
  echo "</channel>\n";
265
  echo "</rss>\n";
266
  return true;
267
}
268
 
269
 
1242 mateusz.vi 270
function formularz($thread = 0, $postid = 0, $msg = '') {
1223 mateusz.vi 271
  global $STR;
272
  global $LANG;
1242 mateusz.vi 273
  global $NICE_URLS;
1223 mateusz.vi 274
 
1242 mateusz.vi 275
  if ($thread == 0) {
1223 mateusz.vi 276
    echo '<form class="minibb" method="POST" action="' . selfurl() . '#title" id="formularz">' . "\n";
277
    echo '<input type="hidden" name="action" value="createthread">' . "\n";
278
  } else {
279
    echo '<form class="minibb" method="POST" action="' . selfurl() . '" id="formularz">' . "\n";
280
    echo '<input type="hidden" name="thread" value="' . $thread . '">' . "\n";
1242 mateusz.vi 281
    if ($postid > 0) {
282
      echo '<input type="hidden" name="action" value="editpost">' . "\n";
283
      echo '<input type="hidden" name="postid" value="' . $postid . '">' . "\n";
284
    } else {
285
      echo '<input type="hidden" name="action" value="newpost">' . "\n";
286
    }
1223 mateusz.vi 287
  }
288
 
289
  echo '<div class="minibb-formfields">' . "\n";
1242 mateusz.vi 290
  echo '<div class="minibb-formlabelgroup"><p>' . $STR[$LANG]['nameornick'] . '</p><input type="text" name="username" pattern=".*[^\s].*" minlength="1" maxlength="40" autofill="username" title="' . $STR[$LANG]['nameornick'];
291
  if (!empty($msg)) echo '" value="' . htmlspecialchars($msg['author']) . '"';
292
  echo '" required></div><div class="minibb-formlabelgroup"><p>' . $STR[$LANG]['password'] . ' (<span title="' . $STR[$LANG]['passhelp'] . '" style="text-decoration-line: underline; text-decoration-style: dotted;">' . $STR[$LANG]['optional'] . '</span>)</p><input type="password" name="password" maxlength="40" autofill="current-password"></div>' . "\n";
293
  if ($thread == 0) {
1223 mateusz.vi 294
    echo '<div class="minibb-formlabelgroup" style="width: 100%;">' . "\n";
295
    echo "<p>" . $STR[$LANG]['threadsubj'] . "</p>\n";
296
    echo '<input type="text" name="title" title="' . $STR[$LANG]['threadsubj'] . '" maxlength="64" pattern=".*[^\s].*" required>' . "\n";
297
    echo "</div>\n";
298
  }
299
  echo '<textarea name="msg" placeholder="' . $STR[$LANG]['yourmsg'] . '">' . "\n";
1242 mateusz.vi 300
  if (!empty($msg)) echo htmlspecialchars($msg['msg']);
301
  echo "</textarea><br>\n";
302
  echo "</div>\n";
1223 mateusz.vi 303
  // --- CAPTCHA ---
304
  $capid = rand(1, 5);
1242 mateusz.vi 305
  echo '<div class="minibb-formcaptcha">' . $STR[$LANG]['captcha'][$capid] . ': <span class="minibb-cboxgroup"><input type="checkbox" name=c1><input type="checkbox" name=c2><input type="checkbox" name=c3></span>' . "\n";
1223 mateusz.vi 306
  echo '<input type="hidden" name="capid" value="' . $capid . '">';
307
  // ---------------
1242 mateusz.vi 308
  echo '<div class="minibb-formbtns">' . "\n";
309
  $link = selfurl();
310
  if ($postid > 0) {
311
    $link = selfurl("thread=" . $thread);
312
    if ($NICE_URLS) $link = $thread;
313
    $link .= '#' . $postid;
314
  }
315
  echo '<a href="' . $link . '">' . $STR[$LANG]['cancel'] . '</a> <input type="submit" value="' . $STR[$LANG]['send'] . '">' . "\n";
316
  echo "</div>\n";
317
  echo "</div>\n";
1223 mateusz.vi 318
  echo '</form>';
319
}
320
 
321
function wyswietl_watek_w_liscie($threadid, $tytul, $lastauthor, $lastupdate) {
322
  global $NICE_URLS;
323
  global $STR;
324
  global $LANG;
325
 
326
  echo '<a href="';
327
  if (!$NICE_URLS) {
328
    echo selfurl("thread=$threadid");
329
  } else {
330
    echo $threadid;
331
  }
332
  echo '" class="minibb-threaditem">' . "\n";
333
  echo '<h2>' . htmlspecialchars($tytul) . "</h2>\n";
334
  echo '<p>' . $STR[$LANG]['latestentry'] . ' ' . htmlspecialchars($lastauthor) . ', ' . htmlspecialchars(data_dluga($lastupdate)) . "</p>\n";
335
  echo "</a>\n";
336
}
337
 
338
function sprawdz_captcha($CAPARR) {
339
  //echo "<!-- capid={$CAPARR['capid']} c1={$CAPARR['c1']} c2={$CAPARR['c2']} c3={$CAPARR['c3']}-->\n";
340
  switch ($CAPARR['capid']) {
341
    case 1:
342
      if (($CAPARR['c1']) && (!$CAPARR['c2']) && (!$CAPARR['c3'])) return(true);
343
      break;
344
    case 2:
345
      if ((!$CAPARR['c1']) && ($CAPARR['c2']) && (!$CAPARR['c3'])) return(true);
346
      break;
347
    case 3:
348
      if ((!$CAPARR['c1']) && (!$CAPARR['c2']) && ($CAPARR['c3'])) return(true);
349
      break;
350
    case 4:
351
      if (($CAPARR['c1']) && (!$CAPARR['c2']) && ($CAPARR['c3'])) return(true);
352
      break;
353
    case 5:
354
      if ((!$CAPARR['c1']) && ($CAPARR['c2']) && ($CAPARR['c3'])) return(true);
355
      break;
356
  }
357
  return(false);
358
}
359
 
360
 
361
// zwraca akcję na podstawie globalnych POST lub GET
362
function getvar_action() {
363
  if (!empty($_POST['action'])) return $_POST['action'];
364
  if (!empty($_GET['action'])) return $_GET['action'];
365
  return('');
366
}
367
 
368
function getvar_thread() {
369
  if (!empty($_POST['thread'])) return intval($_POST['thread']);
370
  if (!empty($_GET['thread'])) return intval($_GET['thread']);
371
  return(-1);
372
}
373
 
374
function getvar_archiveyear() {
375
  if (!empty($_POST['arch'])) return intval($_POST['arch']);
376
  if (!empty($_GET['arch'])) return intval($_GET['arch']);
377
  return(-1);
378
}
379
 
380
 
381
// funkcja która zapisuje nowe wiadomości
382
function mateuszbb_preprocess() {
383
global $TRIP_SALT;
384
global $DATADIR;
385
global $NICE_URLS;
386
global $ERRSTR; // zmienna zawierająca komunikat błędu (jeśli jakiś wystąpił)
387
global $STR;
388
global $LANG;
1242 mateusz.vi 389
global $MAXDAILYPOSTS;
390
global $EDIT_ALLOWED_MINUTES;
1223 mateusz.vi 391
 
392
$action = getvar_action();
393
$thread = getvar_thread();
394
$archiveyear = getvar_archiveyear();
395
 
1242 mateusz.vi 396
// negotiate language, unless forced by configuration
397
if (empty($LANG)) {
398
  $LANG = 'en'; // preselect english as default language
399
  foreach (getpreflang() as $l) {
400
    if (!empty($STR[$l])) {
401
      $LANG = $l;
402
      break;
403
    }
1223 mateusz.vi 404
  }
1242 mateusz.vi 405
} else { // if language forced by configuration then make sure it is supported
406
  if (empty($STR[$LANG])) $LANG = 'en'; // fall back to 'en' on error
1223 mateusz.vi 407
}
408
 
409
// write access: check how many messages the user posted during last 24h
410
if (($action === 'createthread') || ($action === 'newpost')) {
1242 mateusz.vi 411
  $db = new SQLite3($DATADIR . 'mateuszbb.sqlite3');
412
  if ($db) {
413
    $db->exec('DELETE FROM ip_msg_counters24h WHERE msgid < strftime(\'%s\', \'now\') - 24*3600;');
414
    $count24h = intval($db->querySingle("SELECT count(*) FROM ip_msg_counters24h WHERE ipaddr = '{$_SERVER['REMOTE_ADDR']}'"));
415
    $db->close();
416
    if ($count24h >= $MAXDAILYPOSTS) {
417
      $ERRSTR = "BŁĄD: Z TWOJEGO ADRESU NAPISANO JUŻ {$count24h} WIADOMOŚCI W PRZECIĄGU OSTATNICH 24H. SPRÓBUJ PONOWNIE ZA JAKIŚ CZAS.";
418
      $action = '';
419
    }
420
  }
1223 mateusz.vi 421
}
422
 
1242 mateusz.vi 423
// edit post becomes newpost, it was different just to avoid 24h counters
424
if ($action === 'editpost') $action = 'newpost';
425
 
1223 mateusz.vi 426
// new thread creation (+switch to read thread)
427
if ($action === 'createthread') {
428
  // captcha check
429
  if (!sprawdz_captcha($_POST)) {
430
    echo "<p>BŁĄD: NIEPRAWIDŁOWE CAPTCHA</p>\n";
431
    goto DONE;
432
  }
433
  //
434
  $thread = time();
1242 mateusz.vi 435
  if (empty($_POST['username']) || (empty($_POST['msg'])) || (empty($_POST['title']))) {
1223 mateusz.vi 436
    echo '<p>BŁĄD: pusty nick, wiadomość lub tytuł</p>' . "\n";
437
    goto DONE;
438
  }
439
  if (!mkdir($DATADIR . 'threads/' . $thread, 0755, true)) {
440
    echo '<p>BŁĄD: nie zdołano utworzyć wątku nr ' . $thread . "</p>\n";
441
    goto DONE;
442
  }
443
  // zapisz tytuł
444
  file_put_contents($DATADIR . 'threads/' . $thread . '/title.txt', trim($_POST['title']));
445
  // ustaw co trzeba żeby zapisać wiadomość
446
  $action = 'newpost';
447
}
448
 
449
// nowy post do istniejącego wątku
1242 mateusz.vi 450
if (($action === 'newpost') && ($thread >= 0) && (!empty($_POST['msg'])) && (!empty($_POST['username']))) {
451
  // is it really about a NEW post or about EDITING an existing one?
452
  if (empty($_POST['postid'])) {
453
    $postid = time();
454
  } else { // editing an existing post
455
    $msg = loadmsg($_POST['thread'], $_POST['postid']);
456
    if (!is_art_edition_allowed($_POST['postid'], $msg)) {
457
      $action = '';
458
      $ERRSTR = "NOT ALLOWED";
459
      goto DONE;
460
    }
461
    $postid = $_POST['postid'];
462
  }
463
 
1223 mateusz.vi 464
  if (!sprawdz_captcha($_POST)) {
465
    $ERRSTR = "BŁĄD: NIEPRAWIDŁOWE CAPTCHA";
466
    goto DONE;
467
  }
468
  // nadpisz lastauthor i lastupdate
1242 mateusz.vi 469
  $lastupdate = array('lastupdate' => $postid, 'lastauthor' => trim($_POST['username']));
1223 mateusz.vi 470
  file_put_contents($DATADIR . 'threads/' . $thread . '/lastupdate', serialize($lastupdate));
471
  // oblicz tripkod, jeśli hasło zostało ustawione
472
  $tripsig = '';
1242 mateusz.vi 473
  if (!empty(trim($_POST['password']))) {
474
    $tripsig = hash('whirlpool', trim($_POST['username']) . '#' . trim($_POST['password']) . $TRIP_SALT);
1223 mateusz.vi 475
  }
1242 mateusz.vi 476
  // wygeneruj klucz do edycji postu i prześlij go przeglądarce przez ciasteczko (chyba że przeglądarka już ma klucz)
477
  if (!empty($EDIT_ALLOWED_MINUTES)) {
478
    if (!empty($_COOKIE['mateuszbbkey'])) {
479
      $artkey = $_COOKIE['mateuszbbkey'];
480
    } else {
481
      $artkey = bin2hex(random_bytes(128));
1703 mateusz.vi 482
      setcookie('mateuszbbkey', $artkey, array('secure' => false, 'httponly' => true, 'samesite' => 'Lax'));
1242 mateusz.vi 483
    }
484
  }
1223 mateusz.vi 485
  // zapisz wiadomość
1242 mateusz.vi 486
  $msg = array('author' => trim($_POST['username']), 'ip' => $_SERVER['REMOTE_ADDR'], 'trip' => $tripsig, 'msg' => trim($_POST['msg']), 'key' => password_hash($artkey, PASSWORD_DEFAULT));
1223 mateusz.vi 487
  file_put_contents($DATADIR . 'threads/' . $thread . '/' . $postid, serialize($msg));
1242 mateusz.vi 488
  // zaktualizuj metadane dot. ostatniego wpisu, ostatniego autora i ilości wpisów dla tego IP w ciągu ostatniej godziny, ale tylko dla nowych wpisów (nie dla edycji)
489
  if (empty($_POST['postid'])) {
490
    $db = new SQLite3($DATADIR . 'mateuszbb.sqlite3');
491
    if ($db) {
492
      $db->exec('CREATE TABLE IF NOT EXISTS newest (thread INTEGER PRIMARY KEY, lastupdate INTEGER NOT NULL, lastauthor TEXT NOT NULL);');
493
      $db->exec('CREATE INDEX IF NOT EXISTS lastupdated ON newest (lastupdate);');
494
      $db->exec('CREATE TABLE IF NOT EXISTS ip_msg_counters24h (threadid INTEGER NOT NULL, msgid INTEGER NOT NULL, ipaddr TEXT NOT NULL);');
495
      $db->exec('CREATE TABLE IF NOT EXISTS rss (thread INTEGER NOT NULL, msgid INTEGER NOT NULL, author TEXT NOT NULL);');
496
      $db->exec('CREATE INDEX IF NOT EXISTS rss_msgid ON rss (msgid);');
497
      $login_escaped = $db->escapeString(trim($_POST['username']));
498
      $db->exec("INSERT OR REPLACE INTO newest (thread, lastupdate, lastauthor) VALUES ({$thread}, {$postid}, '{$login_escaped}');");
499
      $db->exec("INSERT INTO rss (thread, msgid, author) VALUES ({$thread}, {$postid}, '{$login_escaped}');");
500
      $db->exec("INSERT INTO ip_msg_counters24h (threadid, msgid, ipaddr) VALUES ({$thread}, {$postid}, '{$_SERVER['REMOTE_ADDR']}');");
501
      $db->close();
502
    } else {
503
      echo "SQL ERROR WHILE WRITING STATS\n";
504
    }
1223 mateusz.vi 505
  }
506
  // przekieruj
507
  if ($NICE_URLS) {
508
    $newurl = "{$thread}#{$postid}";
509
  } else {
510
    $newurl = selfurl("thread={$thread}") . "#{$postid}";
511
  }
512
  header("Location: {$newurl}");
513
  echo "<html><head></head><body><a href=\"{$newurl}\">KLIKNIJ TUTAJ</a></body></html>\n";
514
  exit();
515
}
516
 
517
DONE:
518
 
519
}
520
 
521
 
522
function mateuszbb_tytulwatku($id) {
523
  global $DATADIR;
2000 mateusz.vi 524
  return(trim(file_get_contents($DATADIR . 'threads/' . $id . '/title.txt')));
1223 mateusz.vi 525
}
526
 
527
 
1242 mateusz.vi 528
// returns an array of last n threads with most recent activity that had activity
529
// in last maxinact days. returns false on error or empty set.
530
// the returned result, when not false, is an array of arrays, where each
531
// leaf array represents one thread
532
function mateuszbb_getactivethreads($n, $maxinact = -1) {
533
  global $DATADIR;
534
  $result = array();
535
 
536
  $db = new SQLite3($DATADIR . 'mateuszbb.sqlite3', SQLITE3_OPEN_READONLY);
537
  if (! $db) return(false);
538
 
539
  $minupdatedate = 0;
540
  if ($maxinact >= 0) $minupdatedate = time() - (intval($maxinact) * 86400);
541
 
542
  $sqlquery = 'SELECT thread, lastupdate, lastauthor FROM newest WHERE lastupdate > ' . $minupdatedate . ' ORDER BY lastupdate DESC LIMIT ' . intval($n) . ';';
543
 
544
  $sqlres = $db->query($sqlquery);
545
  if (! $sqlres) {
546
    $db->close();
547
    return(false);
548
  }
549
 
550
  // kopiuj wpisy do nowej tablicy
551
  while ($row = $sqlres->fetchArray()) {
552
    $result[] = $row;
553
  }
554
 
555
  $db->close();
556
  return($result);
557
}
558
 
559
 
560
// returns true if post can be edited by current user
561
function is_art_edition_allowed($timestamp, $msg) {
562
  global $EDIT_ALLOWED_MINUTES;
563
  if ($EDIT_ALLOWED_MINUTES >= 0) {
564
    if (((time() - $timestamp) / 60) >= $EDIT_ALLOWED_MINUTES) return(false); // only posts from last x minutes can be edited
565
  }
566
  if (empty($_COOKIE['mateuszbbkey'])) return(false);
567
  if (empty($msg['key'])) return(false);
568
  return(password_verify($_COOKIE['mateuszbbkey'], $msg['key']));
569
}
570
 
571
 
572
function loadmsg($threadid, $postid) {
573
  global $DATADIR;
574
  $fname = $DATADIR . 'threads/' . $threadid . '/' . $postid;
575
  if (!file_exists($fname)) return(false);
576
  return(unserialize(file_get_contents($fname)));
577
}
578
 
579
 
1223 mateusz.vi 580
// wyświetlanie UI itd
581
function mateuszbb_start() {
582
global $TRIP_SALT;
583
global $ERRSTR;
584
global $DATADIR;
585
global $INITYEAR;
586
global $LANG;
587
global $STR;
588
global $NICE_URLS;
589
global $SEARCH_API_URL;
1242 mateusz.vi 590
global $TZ;
591
global $LOCK_DELAY;
592
global $MAINPAGE_MAXTHREADS;
593
global $MAINPAGE_MAXINACT;
1223 mateusz.vi 594
 
595
// read global variables
596
$action = getvar_action();
597
$thread = getvar_thread();
598
$archiveyear = getvar_archiveyear();
599
 
1242 mateusz.vi 600
// ustaw strefę czasową, jeśli jakaś jest skonfigurowana
601
if (!empty($TZ)) date_default_timezone_set($TZ);
602
 
1223 mateusz.vi 603
// wyświetl błąd, jeśli jakiś wystąpił w mateuszbb_preprocess()
604
if (!empty($ERRSTR)) {
605
  echo "<p class=\"minibb-errstr\">{$ERRSTR}</p>\n";
606
  $action = '';
607
  echo '<p><a href="./">Wróć do głównej strony</a></p>' . "\n";
608
  goto DONE;
609
}
610
 
611
// szukanie
612
if (isset($_POST['szukaj']) && (!empty(trim($_POST['szukaj'])))) {
613
  $q = trim($_POST['szukaj']);
614
  $query = $SEARCH_API_URL . urlencode($q);
615
  echo '<p>' . $STR[$LANG]['searchterm'] . ' ' . htmlentities($q) . '</p>';
616
  $results = file_get_contents($query);
617
  $resarr = json_decode($results, true)['items'];
618
 
619
  $licznik = 0;
620
  foreach ($resarr as $r) {
621
    if (mb_substr($r['link'], -1) === '/') continue;
1702 mateusz.vi 622
    if (strlen($r['link']) <= strlen(selfurl())) continue;
1223 mateusz.vi 623
    echo '<a href=' . $r['link'] . ' class="minibb-searchresult">';
624
    echo "<div><h1>{$r['title']}</h1><p>{$r['htmlSnippet']}</p></div></a>\n";
625
    $licznik++;
626
  }
627
 
628
  if ($licznik == 0) echo "<p>" . $STR[$LANG]['noresults'] . "</p>\n";
629
 
630
  goto DONE;
631
}
632
 
1242 mateusz.vi 633
// edit post
634
if ($action === 'editpostform') {
635
  $msg = loadmsg($_POST['thread'], $_POST['post']);
636
  if (is_art_edition_allowed($_POST['post'], $msg)) {
637
    formularz(intval($_POST['thread']), intval($_POST['post']), $msg);
638
  } else {
639
    echo "<p>Link expired</p>\n";
640
  }
641
  GOTO DONE;
642
}
643
 
1223 mateusz.vi 644
// new thread form
645
if ($action === 'newthread') {
646
  echo '<h2 class="minibb-threadtitle">' . $STR[$LANG]['newthread'] . '</h2>' . "\n";
647
  formularz();
648
  goto DONE;
649
}
650
 
1242 mateusz.vi 651
// zobacz listę wątków (main page)
1223 mateusz.vi 652
if ((empty($action)) && ($thread < 0) && ($archiveyear <= 0)) {
1242 mateusz.vi 653
  // display the main page header if any is defined
654
  if (file_exists($DATADIR . 'mateuszbb-main-head.html')) {
655
    readfile($DATADIR . 'mateuszbb-main-head.html');
656
  }
657
  // list wątków
1223 mateusz.vi 658
  echo '<div class="minibb-toolbar" style="justify-content: space-between;">';
659
  echo '<form action="' . selfurl() . '" method="POST"><input type="text" name="szukaj" placeholder="' . $STR[$LANG]['search'] . '"></form>';
660
  echo '<a href="' . selfurl('action=newthread') . '#formularz">' . $STR[$LANG]['opnewthread'] . '</a>';
661
  echo "</div>\n";
1242 mateusz.vi 662
 
663
  $lista_watkow = mateuszbb_getactivethreads($MAINPAGE_MAXTHREADS, $MAINPAGE_MAXINACT);
664
  if ($lista_watkow === false) {
665
    echo "<p>NO ENTRIES FOUND</p>";
666
  } else {
667
    foreach ($lista_watkow as $row) {
668
      $title = mateuszbb_tytulwatku($row['thread']);
669
      if (empty($title)) {
670
        echo "<!-- BŁĄD: nie zdołano załadować wątku nr {$row['thread']} -->\n";
671
        continue;
1223 mateusz.vi 672
      }
1242 mateusz.vi 673
      wyswietl_watek_w_liscie($row['thread'], $title, $row['lastauthor'], $row['lastupdate']);
1223 mateusz.vi 674
    }
675
  }
676
 
677
  echo '<div style="display: flex; justify-content: space-between; font-size: 0.9em; opacity: 0.8; margin: 0.6em 0.5em 0 0.5em;">' . "\n";
678
  echo '<div>' . $STR[$LANG]['archives'] . ':';
679
  for ($y = $INITYEAR; $y <= intval(gmdate('Y')); $y++) {
680
    if ($NICE_URLS) {
681
      echo " <a href=\"{$y}\">{$y}</a>";
682
    } else {
683
      echo ' <a href="' . selfurl("arch={$y}") . '">' . $y . '</a>';
684
    }
685
  }
686
  echo "</div>\n";
1242 mateusz.vi 687
  echo '<a href="rss.php"><img style="height: 1em;" src="mateuszbb_rss.svg" alt="RSS"></a>' . "\n";
1223 mateusz.vi 688
  echo "</div>\n";
689
 
690
  // display the main page footer if any is defined
1242 mateusz.vi 691
  if (file_exists($DATADIR . 'mateuszbb-main-foot.html')) {
692
    readfile($DATADIR . 'mateuszbb-main-foot.html');
1223 mateusz.vi 693
  }
694
 
695
  goto DONE;
696
}
697
 
698
// wyświetl archiwum
699
if ($archiveyear > 0) {
700
  echo '<div class="minibb-toolbar" id="title"><a href="' . selfurl() . '">' . $STR[$LANG]['backtocur'] . '</a></div>' . "\n";
1233 mateusz.vi 701
  echo '<h2 class="minibb-threadtitle">' . $STR[$LANG]['archives'] . " {$archiveyear}</h2>\n";
1223 mateusz.vi 702
  $threads = scandir($DATADIR . 'threads/', SCANDIR_SORT_ASCENDING);
703
  foreach ($threads as $t) {
704
    if (!preg_match('/^[0-9][0-9]*$/', $t)) continue; // skip anything that is not a thread id
705
    if (intval(gmdate('Y', $t)) != $archiveyear) continue; // skip threads out of the targeted year
2000 mateusz.vi 706
    $title = mateuszbb_tytulwatku($t);
1223 mateusz.vi 707
    $link = $t;
708
    if (! $NICE_URLS) $link = selfurl("thread={$t}");
2000 mateusz.vi 709
    echo '<span style="font-family: monospace;">[' . gmdate("Y-m-d", $t) . "]</span> <a href=\"{$link}\">". htmlspecialchars($title) . "</a><br>\n";
1223 mateusz.vi 710
  }
711
  goto DONE;
712
}
713
 
714
// zobacz wątek
715
if ((empty($action)) && ($thread >= 0)) {
716
  // załaduj listę postów (i zapamiętaj ostatnią pozycję)
717
  $listapostow = scandir($DATADIR . 'threads/' . $thread . '/');
718
  // usuń pozycje które nie są żadnym msgid (np. title.txt) i zapamiętaj ostatni msgid
719
  $posty = array();
720
  foreach ($listapostow as $p) {
721
    if (!preg_match('/^[0-9][0-9]*$/', $p)) continue; // skip anything that is not a messageid
722
    $posty[] = $p;
723
    $ostatnipost = $p;
724
  }
1242 mateusz.vi 725
  // is this thread locked?
726
  $islocked = false;
727
  if (($LOCK_DELAY >= 0) && ((time() - intval($ostatnipost)) / 86400 >= $LOCK_DELAY)) $islocked = true;
1223 mateusz.vi 728
  // toolbar (ostatni wątek / odpowiedz / powrót do forum)
729
  echo '<div class="minibb-toolbar" id="title">';
1242 mateusz.vi 730
  echo '<a href="#' . $ostatnipost . '">' . $STR[$LANG]['jumptoend'] . '</a>';
731
  if (! $islocked) echo ' <a href="#formularz">' . $STR[$LANG]['reply'] . '</a>';
732
  echo ' <a href="' . selfurl() . '">' . $STR[$LANG]['listthreads'] . '</a></div>' . "\n";
1223 mateusz.vi 733
  // wyświetl tytuł wątku
734
  echo '<h2 class="minibb-threadtitle">' . htmlspecialchars(file_get_contents($DATADIR . 'threads/' . $thread . '/title.txt')) . "</h2>\n";
1242 mateusz.vi 735
  // "thread is locked"
736
  if ($islocked) echo '<p class="minibb-islockedmsg">' . $STR[$LANG]['locked'] . "</p>\n";
737
  // wyświetl listę postów
1223 mateusz.vi 738
  foreach ($posty as $p) {
1242 mateusz.vi 739
    $msg = loadmsg($thread, $p);
1223 mateusz.vi 740
    echo '<div class="minibb-post" id="' . $p . '">' . "\n";
741
    echo '<div class="minibb-postheader"><a href="#' . $p . '" style="text-decoration: inherit; color: inherit;"><div class="minibb-postauthor">' . "\n";
742
    echo $STR[$LANG]['author'] . ' ' . htmlspecialchars($msg['author']) . "<br>\n";
743
    echo $STR[$LANG]['address'] . ' ' . htmlspecialchars($msg['ip']) . "<br>\n";
744
    echo $STR[$LANG]['date'] . ' ' . htmlspecialchars(data_dluga($p)) . "</div></a>\n";
745
    if (!empty($msg['trip'])) {
746
      echo '<div class="minibb-trip">';
747
      echo chunk_split($msg['trip'], 16, "\n");
748
      echo "</div>\n";
749
    }
750
    echo "</div>\n";
751
 
752
    // symbole html
753
    $bodyprocessed = htmlspecialchars($msg['msg']);
754
 
1242 mateusz.vi 755
    // ludzie czasem dodają znaczniki [img] do obrazków, usuń je (ale tylko jeśli są na początku linii)
756
    $bodyprocessed = preg_replace('~^(\[img\])(.*)(\[/img\])~m', '$2', $bodyprocessed);
757
 
1223 mateusz.vi 758
    // dodaj podgląd pod linki do obrazków, ale tylko jeśli link jest sam w linijce
1998 mateusz.vi 759
    $bodyprocessed = preg_replace('~^(http[s]?://[^<>[:space:]]+[[:alnum:]/]\.(jpg|jpeg|png))($|[\r\n]{1,2})~m', "$1\n<img src=\"$1\">\n", $bodyprocessed);
1223 mateusz.vi 760
 
761
    // olinkuj linki
1242 mateusz.vi 762
    $bodyprocessed = preg_replace("~([^\"]|^)(http[s]?://[^<>[:space:]]+[[:alnum:]/=])~", "$1<a href=\"$2\">$2</a>", $bodyprocessed);
1223 mateusz.vi 763
 
764
    // oflaguj cytaty (linijki zaczynające się od ">")
1242 mateusz.vi 765
    $bodyprocessed = preg_replace('/^(&gt;.*)[\r]?\n/m', '<blockquote>$1</blockquote>', $bodyprocessed);
1223 mateusz.vi 766
 
1242 mateusz.vi 767
    echo '<div class="minibb-postbody">';
768
    // czy mogę edytować?
769
    if (is_art_edition_allowed($p, $msg)) {
770
      echo '<form class="editbtn" method="POST" action="' . selfurl() . '"><input type="hidden" name="action" value="editpostform"><input type="hidden" name="post" value="' . $p . '"><input type="hidden" name="thread" value="' . $thread . '"><input type="submit" value="EDIT"></form>';
771
    }
772
    echo $bodyprocessed . "</div>\n";
1223 mateusz.vi 773
    echo "</div>\n";
774
  }
1242 mateusz.vi 775
  // formularz odpowiedzi albo komunikat o zamknięciu
776
  if ($islocked) {
777
    echo '<p class="minibb-islockedmsg">' . $STR[$LANG]['locked'] . "</p>\n";
778
  } else {
779
    formularz($thread);
780
  }
1223 mateusz.vi 781
  goto DONE;
782
}
783
 
784
DONE:
785
}
786
?>