search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
improve scoring to store to presubmitted localhost, fix style and
[ViQa-Kissu.git] / mod.php
blobbdf40e0a356ee4993da4e50fb78c80a526d1e3b7
1 <?php
2
3 /*
4 * Copyright (c) 2010-2014 Tinyboard Development Group
5 */
6
7 require_once 'inc/functions.php';
8
9 if ($config['debug'])
10 $parse_start_time = microtime(true);
11
12 require_once 'inc/bans.php';
13 require_once 'inc/mod/pages.php';
14
15 check_login(true);
16
17 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
18
19 $pages = array(
20 '' => ':?/', // redirect to dashboard
21 '/' => 'dashboard', // dashboard
22 '/confirm/(.+)' => 'confirm', // confirm action (if javascript didn't work)
23 '/logout' => 'secure logout', // logout
24
25 '/users' => 'users', // manage users
26 '/users/(\d+)/(promote|demote)' => 'secure user_promote', // prmote/demote user
27 '/users/(\d+)' => 'secure_POST user', // edit user
28 '/users/new' => 'secure_POST user_new', // create a new user
29
30 '/new_PM/([^/]+)' => 'secure_POST new_pm', // create a new pm
31 '/PM/(\d+)(/reply)?' => 'pm', // read a pm
32 '/inbox' => 'inbox', // pm inbox
33
34 '/log' => 'log', // modlog
35 '/log/(\d+)' => 'log', // modlog
36 '/log:([^/:]+)' => 'user_log', // modlog
37 '/log:([^/:]+)/(\d+)' => 'user_log', // modlog
38 '/log:b:([^/]+)' => 'board_log', // modlog
39 '/log:b:([^/]+)/(\d+)' => 'board_log', // modlog
40
41 '/edit_news' => 'secure_POST news', // view news
42 '/edit_news/(\d+)' => 'secure_POST news', // view news
43 '/edit_news/delete/(\d+)' => 'secure news_delete', // delete from news
44
45 '/edit_pages(?:/?(\%b)?)' => 'secure_POST pages',
46 '/edit_page/(\d+)' => 'secure_POST edit_page',
47 '/edit_pages/delete/([a-z0-9]+)' => 'secure delete_page',
48 '/edit_pages/delete/([a-z0-9]+)/(\%b)' => 'secure delete_page_board',
49
50 '/noticeboard' => 'secure_POST noticeboard', // view noticeboard
51 '/noticeboard/(\d+)' => 'secure_POST noticeboard', // view noticeboard
52 '/noticeboard/delete/(\d+)' => 'secure noticeboard_delete', // delete from noticeboard
53
54 '/edit/(\%b)' => 'secure_POST edit_board', // edit board details
55 '/new-board' => 'secure_POST new_board', // create a new board
56
57 '/rebuild' => 'secure_POST rebuild', // rebuild static files
58 '/reports' => 'reports', // report queue
59 '/proxy' => 'proxy', // rip IPs from website
60 '/reports/(\d+)/dismiss(all)?' => 'secure report_dismiss', // dismiss a report
61
62 '/IP/([\w.:]+)' => 'secure_POST ip', // view ip address
63 '/IP/([\w.:]+)/remove_note/(\d+)' => 'secure ip_remove_note', // remove note from ip address
64
65 '/ban' => 'secure_POST ban', // new ban
66 '/bans' => 'secure_POST bans', // ban list
67 '/bans.json' => 'secure bans_json', // ban list JSON
68 '/ban-appeals' => 'secure_POST ban_appeals', // view ban appeals
69
70 '/recent/(\d+)' => 'recent_posts', // view recent posts
71
72 '/search' => 'search_redirect', // search
73 '/search/(posts|IP_notes|bans|log)/(.+)/(\d+)' => 'search', // search
74 '/search/(posts|IP_notes|bans|log)/(.+)' => 'search', // search
75
76
77 '/(\%b)/archive/' => 'secure_POST view_archive', // View Archive
78 '/(\%b)/featured/' => 'secure_POST view_archive_featured', // View Featured Archive
79 '/(\%b)/archive_thread/(\d+)' => 'secure archive_thread', // send thread to archive
80
81 '/(\%b)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
82 '/(\%b)/move/(\d+)' => 'secure_POST move', // move thread
83 '/(\%b)/move_reply/(\d+)' => 'secure_POST move_reply', // move reply
84 '/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
85 '/(\%b)/delete/(\d+)' => 'secure delete', // delete post
86 '/(\%b)/delete_keeporder/(\d+)' => 'secure delete_keeporder', // delete post no catalog update
87 '/(\%b)/deletefile/(\d+)/(\d+)' => 'secure deletefile', // delete file from post
88 '/(\%b+)/spoiler/(\d+)/(\d+)' => 'secure spoiler_image', // spoiler file
89 '/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
90 '/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread
91 '/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread
92 '/(\%b)/(un)?cycle/(\d+)' => 'secure cycle', // cycle thread
93 '/(\%b)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread
94
95 '/themes' => 'themes_list', // manage themes
96 '/themes/(\w+)' => 'secure_POST theme_configure', // configure/reconfigure theme
97 '/themes/(\w+)/rebuild' => 'secure theme_rebuild', // rebuild theme
98 '/themes/(\w+)/uninstall' => 'secure theme_uninstall', // uninstall theme
99
100 '/config' => 'secure_POST config', // config editor
101 '/config/(\%b)' => 'secure_POST config', // config editor
102
103 // these pages aren't listed in the dashboard without $config['debug']
104 //'/debug/antispam' => 'debug_antispam',
105 //'/debug/recent' => 'debug_recent_posts',
106 //'/debug/apc' => 'debug_apc',
107 //'/debug/sql' => 'secure_POST debug_sql',
108
109 // This should always be at the end:
110 '/(\%b)/' => 'view_board',
111 '/(\%b)' => 'view_board',
112 '/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board',
113 '/(\%b)/' . preg_replace('/\.[a-zA-Z]+$/', '', $config['file_index']) => 'view_board',
114 '/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board',
115 '/(\%b)/' . str_replace('%d', '(\d+)', preg_quote('%d', '!')) => 'view_board',
116
117 '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
118 str_replace('%d', '(\d+)', preg_quote($config['file_page50'], '!')) => 'view_thread50',
119 '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
120 str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
121 '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
122 str_replace(array('%d', '\.html'), array('(\d+)', ''), preg_quote($config['file_page'], '!')) => 'view_thread',
123
124 '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
125 str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '!')) => 'view_thread50',
126 '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
127 str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '!')) => 'view_thread',
128 );
129
130 if (!$mod) {
131 $pages = array('!^(.+)?$!' => 'login');
132 } elseif (isset($_GET['status'], $_GET['r'])) {
133 header('Location: ' . $_GET['r'], true, (int)$_GET['status']);
134 exit;
135 }
136
137 if (isset($config['mod']['custom_pages'])) {
138 $pages = array_merge($pages, $config['mod']['custom_pages']);
139 }
140
141 $new_pages = array();
142 foreach ($pages as $key => $callback) {
143 if (is_string($callback) && preg_match('/^secure /', $callback))
144 $key .= '(/(?P<token>[a-f0-9]{8}))?';
145 $key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);
146 $new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
147 }
148 $pages = $new_pages;
149
150 foreach ($pages as $uri => $handler) {
151 if (preg_match($uri, $query, $matches)) {
152 $matches = array_slice($matches, 1);
153
154 if (isset($matches['board'])) {
155 $board_match = $matches['board'];
156 unset($matches['board']);
157 $key = array_search($board_match, $matches);
158 if (preg_match('/^' . sprintf(substr($config['board_path'], 0, -1), '(' . $config['board_regex'] . ')') . '$/u', $matches[$key], $board_match)) {
159 $matches[$key] = $board_match[1];
160 }
161 }
162
163 if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {
164 $secure_post_only = isset($m[1]);
165 if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') {
166 $token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false);
167
168 if ($token === false) {
169 if ($secure_post_only)
170 error($config['error']['csrf']);
171 else {
172 mod_confirm(substr($query, 1));
173 exit;
174 }
175 }
176
177 // CSRF-protected page; validate security token
178 $actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);
179 if ($token != make_secure_link_token(substr($actual_query, 1))) {
180 error($config['error']['csrf']);
181 }
182 }
183 $handler = preg_replace('/^secure(_POST)? /', '', $handler);
184 }
185
186 if ($config['debug']) {
187 $debug['mod_page'] = array(
188 'req' => $query,
189 'match' => $uri,
190 'handler' => $handler,
191 );
192 $debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';
193 }
194
195 if (is_string($handler)) {
196 //echo substr($handler, 1); echo "<br/><pre>";print_r($_SERVER); die;
197 if ($handler[0] == ':') {
198 header('Location: ' . substr($handler, 1), true, $config['redirect_http']);
199 } elseif (is_callable("mod_page_$handler")) {
200 call_user_func_array("mod_page_$handler", $matches);
201 } elseif (is_callable("mod_$handler")) {
202 call_user_func_array("mod_$handler", $matches);
203 } else {
204 error("Mod page '$handler' not found!");
205 }
206 } elseif (is_callable($handler)) {
207 call_user_func_array($handler, $matches);
208 } else {
209 error("Mod page '$handler' not a string, and not callable!");
210 }
211
212 exit;
213 }
214 }
215
216 error($config['error']['404']);
217