0
/
leftypol_lainchan
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge pull request #212 from towards-a-new-leftypol/op_creation_time 

Op creation time
This commit is contained in:
towards-a-new-leftypol 2021-01-29 20:29:49 -05:00 committed by GitHub
parent 048674e136 cdf2bd429f
commit a7bf3fee78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1736 additions and 1693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2944
inc/config.php
View File

File diff suppressed because it is too large Load Diff

482
inc/filters.php
View File

@ -9,245 +9,271 @@ defined('TINYBOARD') or exit;
require_once 'inc/anti-bot.php'; require_once 'inc/anti-bot.php';
class Filter { class Filter {
public $flood_check; public $flood_check;
private $condition; private $condition;
private $post; private $post;
public function __construct(array $arr) { public function __construct(array $arr) {
foreach ($arr as $key => $value) foreach ($arr as $key => $value)
$this->$key = $value; $this->$key = $value;
} }
public function match($condition, $match) { public function match($condition, $match) {
$condition = strtolower($condition); print_err("Filter condition: " . $condition);
$condition = strtolower($condition);
$post = &$this->post; $post = &$this->post;
switch($condition) { switch($condition) {
case 'custom': case 'custom':
if (!is_callable($match)) if (!is_callable($match))
error('Custom condition for filter is not callable!'); error('Custom condition for filter is not callable!');
return $match($post); return $match($post);
case 'flood-match': case 'flood-match':
if (!is_array($match)) if (!is_array($match))
error('Filter condition "flood-match" must be an array.'); error('Filter condition "flood-match" must be an array.');
// Filter out "flood" table entries which do not match this filter. // Filter out "flood" table entries which do not match this filter.
$flood_check_matched = array(); $flood_check_matched = array();
foreach ($this->flood_check as $flood_post) { foreach ($this->flood_check as $flood_post) {
foreach ($match as $flood_match_arg) { foreach ($match as $flood_match_arg) {
switch ($flood_match_arg) { switch ($flood_match_arg) {
case 'ip': case 'ip':
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
continue 3; continue 3;
break; break;
case 'body': case 'body':
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))
continue 3; continue 3;
break; break;
case 'file': case 'file':
if (!isset($post['filehash'])) if (!isset($post['filehash']))
return false; return false;
if ($flood_post['filehash'] != $post['filehash']) if ($flood_post['filehash'] != $post['filehash'])
continue 3; continue 3;
break; break;
case 'board': case 'board':
if ($flood_post['board'] != $post['board']) if ($flood_post['board'] != $post['board'])
continue 3; continue 3;
break; break;
case 'isreply': case 'isreply':
if ($flood_post['isreply'] == $post['op']) if ($flood_post['isreply'] == $post['op'])
continue 3; continue 3;
break; break;
default: default:
error('Invalid filter flood condition: ' . $flood_match_arg); error('Invalid filter flood condition: ' . $flood_match_arg);
} }
} }
$flood_check_matched[] = $flood_post; $flood_check_matched[] = $flood_post;
} }
$this->flood_check = $flood_check_matched; // is there any reason for this assignment?
$this->flood_check = $flood_check_matched;
return !empty($this->flood_check);
case 'flood-time': return !empty($this->flood_check);
foreach ($this->flood_check as $flood_post) { case 'flood-time-any':
if (time() - $flood_post['time'] <= $match) { foreach ($this->flood_check as $flood_post) {
return true; if (time() - $flood_post['time'] <= $match) {
} print_err("rejecting post with flood id: " . $flood_post['id']);
} return true;
return false; }
case 'flood-count': }
$count = 0; return false;
foreach ($this->flood_check as $flood_post) { case 'flood-time':
if (time() - $flood_post['time'] <= $this->condition['flood-time']) { foreach ($this->flood_check as $flood_post) {
++$count; if (time() - $flood_post['time'] <= $match) {
} return true;
} }
return $count >= $match; }
case 'name': return false;
return preg_match($match, $post['name']); case 'flood-count':
case 'trip': $count = 0;
return $match === $post['trip']; foreach ($this->flood_check as $flood_post) {
case 'email': if (time() - $flood_post['time'] <= $this->condition['flood-time']) {
return preg_match($match, $post['email']); ++$count;
case 'subject': }
return preg_match($match, $post['subject']); }
case 'body': return $count >= $match;
return preg_match($match, $post['body_nomarkup']); case 'name':
case 'filehash': return preg_match($match, $post['name']);
return $match === $post['filehash']; case 'trip':
case 'filename': return $match === $post['trip'];
if (!$post['files']) case 'email':
return false; return preg_match($match, $post['email']);
case 'subject':
return preg_match($match, $post['subject']);
case 'body':
return preg_match($match, $post['body_nomarkup']);
case 'filehash':
return $match === $post['filehash'];
case 'filename':
if (!$post['files'])
return false;
foreach ($post['files'] as $file) { foreach ($post['files'] as $file) {
if (preg_match($match, $file['filename'])) { if (preg_match($match, $file['filename'])) {
return true; return true;
} }
} }
return false; return false;
case 'extension': case 'extension':
if (!$post['files']) if (!$post['files'])
return false; return false;
foreach ($post['files'] as $file) { foreach ($post['files'] as $file) {
if (preg_match($match, $file['extension'])) { if (preg_match($match, $file['extension'])) {
return true; return true;
} }
} }
return false; return false;
case 'ip': case 'ip':
return preg_match($match, $_SERVER['REMOTE_ADDR']); return preg_match($match, $_SERVER['REMOTE_ADDR']);
case 'op': case 'op':
return $post['op'] == $match; return $post['op'] == $match;
case 'has_file': case 'has_file':
return $post['has_file'] == $match; return $post['has_file'] == $match;
case 'board': case 'board':
return $post['board'] == $match; return $post['board'] == $match;
case 'password': case 'password':
return $post['password'] == $match; return $post['password'] == $match;
default: default:
error('Unknown filter condition: ' . $condition); error('Unknown filter condition: ' . $condition);
} }
} }
public function action() { public function action() {
global $board; global $board;
$this->add_note = isset($this->add_note) ? $this->add_note : false; $this->add_note = isset($this->add_note) ? $this->add_note : false;
if ($this->add_note) { if ($this->add_note) {
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1); $query->bindValue(':mod', -1);
$query->bindValue(':time', time()); $query->bindValue(':time', time());
$query->bindValue(':body', "Autoban message: ".$this->post['body']); $query->bindValue(':body', "Autoban message: ".$this->post['body']);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
} }
if (isset ($this->action)) switch($this->action) { if (isset ($this->action)) switch($this->action) {
case 'reject': case 'reject':
error(isset($this->message) ? $this->message : 'Posting blocked by filter.'); error(isset($this->message) ? $this->message : 'Posting blocked by filter.');
case 'ban': case 'ban':
if (!isset($this->reason)) if (!isset($this->reason))
error('The ban action requires a reason.'); error('The ban action requires a reason.');
$this->expires = isset($this->expires) ? $this->expires : false; $this->expires = isset($this->expires) ? $this->expires : false;
$this->reject = isset($this->reject) ? $this->reject : true; $this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false; $this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1); Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) { if ($this->reject) {
if (isset($this->message)) if (isset($this->message))
error($message); error($message);
checkBan($board['uri']); checkBan($board['uri']);
exit; exit;
} }
break; break;
default: default:
error('Unknown filter action: ' . $this->action); error('Unknown filter action: ' . $this->action);
} }
} }
public function check(array $post) { public function check(array $post) {
$this->post = $post; $this->post = $post;
foreach ($this->condition as $condition => $value) { foreach ($this->condition as $condition => $value) {
if ($condition[0] == '!') { if ($condition[0] == '!') {
$NOT = true; $NOT = true;
$condition = substr($condition, 1); $condition = substr($condition, 1);
} else $NOT = false; } else {
$NOT = false;
if ($this->match($condition, $value) == $NOT) }
return false;
} if ($this->match($condition, $value) == $NOT)
return true; return false;
} }
return true;
}
} }
function purge_flood_table() { function purge_flood_table() {
global $config; global $config;
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not // Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
// aware of flood filters in other board configurations. You can solve this problem by settings the // aware of flood filters in other board configurations. You can solve this problem by settings the
// config variable $config['flood_cache'] (seconds). // config variable $config['flood_cache'] (seconds).
if (isset($config['flood_cache'])) { if (isset($config['flood_cache'])) {
$max_time = &$config['flood_cache']; $max_time = &$config['flood_cache'];
} else { } else {
$max_time = 0; $max_time = 0;
foreach ($config['filters'] as $filter) { foreach ($config['filters'] as $filter) {
if (isset($filter['condition']['flood-time'])) if (isset($filter['condition']['flood-time']))
$max_time = max($max_time, $filter['condition']['flood-time']); $max_time = max($max_time, $filter['condition']['flood-time']);
} }
} }
$time = time() - $max_time; $time = time() - $max_time;
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error()); query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
} }
function do_filters(array $post) { function do_filters(array $post) {
global $config; global $config;
print_err("do_filters begin"); print_err("do_filters begin");
if (!isset($config['filters']) || empty($config['filters'])) if (!isset($config['filters']) || empty($config['filters']))
return; return;
foreach ($config['filters'] as $filter) { // look at the flood table regardless of IP
if (isset($filter['condition']['flood-match'])) { $noip = false;
$has_flood = true;
break; foreach ($config['filters'] as $filter) {
} if (isset($filter['condition']['flood-match']) && (!isset($filter['noip']) || $filter['noip'] == false)) {
} $has_flood = true;
break;
if (isset($has_flood)) { } else if ($filter['noip'] == true) {
if ($post['has_file']) { print_err("filters noip is true");
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash"); $noip = true;
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $find_time = time() - $filter['find-time'];
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); }
$query->bindValue(':filehash', $post['filehash']); }
} else {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash"); if ($noip) {
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); print_err("SELECT * FROM flood WHERE time > " . strval($find_time));
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); $query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time");
} $query->execute() or error(db_error($query));
$query->execute() or error(db_error($query)); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
$flood_check = $query->fetchAll(PDO::FETCH_ASSOC); } else if (isset($has_flood)) {
} else { if ($post['has_file']) {
$flood_check = false; $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
} $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
foreach ($config['filters'] as $filter_array) { $query->bindValue(':filehash', $post['filehash']);
$filter = new Filter($filter_array); } else {
$filter->flood_check = $flood_check; $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");
if ($filter->check($post)) $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$filter->action(); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
} }
$query->execute() or error(db_error($query));
purge_flood_table(); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC);
} else {
$flood_check = false;
}
foreach ($config['filters'] as $filter_array) {
print_err("creating new filter, running check");
$filter = new Filter($filter_array);
$filter->flood_check = $flood_check;
if ($filter->check($post)) {
$filter->action();
}
}
purge_flood_table();
} }

3
inc/instance-config.php
View File

@ -82,6 +82,9 @@ $config['db']['password'] = '';
$config['cookies']['mod'] = 'mod'; $config['cookies']['mod'] = 'mod';
$config['cookies']['salt'] = 'MGYwNjhlNjU5Y2QxNWU3YjQ3MzQ1Yj'; $config['cookies']['salt'] = 'MGYwNjhlNjU5Y2QxNWU3YjQ3MzQ1Yj';
$config['flood_cache'] = 60 * 15; // 15 minutes. The oldest a post can be in the flood table
$config['flood_time_any'] = 40; // time between thread creation
$config['flood_time'] = 30; $config['flood_time'] = 30;
$config['flood_time_ip'] = 60; $config['flood_time_ip'] = 60;
$config['flood_time_same'] = 60; $config['flood_time_same'] = 60;