Fix commit 1c13ec98ba

- Unintentionally disabled that piece of code instead of removing adding
  the additional br tag that made double spaces between posts.
- add the postcontainers instead of post.reply (which is inside this
  container) to preserve the arrows

.gitignore

@@ -62,7 +62,7 @@ tf/
 /random/
 
 # Banners
-banners/*
+# banners/*
 !banners/lain-bottom.png
 
 #Fonts

inc/anti-bot.php

@@ -11,302 +11,364 @@ $hidden_inputs_twig = array();
 $logfile = "/tmp/lainchan_err.out";
 
 function print_err($s) {
-	global $logfile;
+  global $logfile;
-	file_put_contents($logfile, $s . "\n", FILE_APPEND);
+  $datetime = new Datetime();
+  file_put_contents(
+    $logfile,
+    $datetime->format(DateTime::ATOM) . " " . $s . "\n",
+    FILE_APPEND
+  );
 }
 
 function getStackTraceAsString() {
-    $stackTrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
+  $stackTrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
 
-    $traceString = '';
+  $traceString = '';
-    foreach ($stackTrace as $index => $entry) {
+  foreach ($stackTrace as $index => $entry) {
-        if ($index > 0) {
+    if ($index > 0) {
-            $traceString .= sprintf(
+      $traceString .= sprintf(
-                "#%d %s(%d): %s%s",
+        "#%d %s(%d): %s%s",
-                $index - 1,
+        $index - 1,
-                isset($entry['file']) ? $entry['file'] : 'unknown',
+        isset($entry['file']) ? $entry['file'] : 'unknown',
-                isset($entry['line']) ? $entry['line'] : 0,
+        isset($entry['line']) ? $entry['line'] : 0,
-                isset($entry['class']) ? $entry['class'] . $entry['type'] . $entry['function'] : $entry['function'],
+        isset($entry['class']) ? $entry['class'] . $entry['type'] . $entry['function'] : $entry['function'],
-                PHP_EOL
+        PHP_EOL
-            );
+      );
-        }
     }
+  }
 
-    return $traceString;
+  return $traceString;
 }
 
 // print_err("\n\nSTART\n\n");
 
 class AntiBot {
-	public $salt, $inputs = array(), $index = 0;
+  public $salt, $inputs = array(), $index = 0;
-	
-	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
-		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-		if ($uppercase)
-			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		if ($special_chars)
-			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
-		if ($unicode_chars) {
-			$len = strlen($chars) / 10;
-			for ($n = 0; $n < $len; $n++)
-				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
-		}
-		
-		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-		
-		$ch = array();
-		
-		// fill up $ch until we reach $length
-		while (count($ch) < $length) {
-			$n = $length - count($ch);
-			$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
-			if ($n == 1) {
-				$ch[] = $chars[$keys];
-				break;
-			}
-			shuffle($keys);
-			foreach ($keys as $key)
-				$ch[] = $chars[$key];
-		}
-		
-		$chars = $ch;
-		
-		return implode('', $chars);
-	}
-	
-	public static function make_confusing($string) {
-		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-		
-		foreach ($chars as &$c) {
-			if (mt_rand(0, 3) != 0)
-				$c = utf8tohtml($c);
-			else
-				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
-		}
-		
-		return implode('', $chars);
-	}
-	
-	public function __construct(array $salt = array()) {
-		global $config;
-		
-		if (!empty($salt)) {
-			// create a salted hash of the "extra salt"
-			$this->salt = implode(':', $salt);
-		} else { 
-			$this->salt = '';
-		}
-		
-		shuffle($config['spam']['hidden_input_names']);
-		
-		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
-		$hidden_input_names_x = 0;
-		
-		for ($x = 0; $x < $input_count ; $x++) {
-			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
-				// Use an obscure name
-				$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
-			} else {
-				// Use a pre-defined confusing name
-				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
-				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
-					$hidden_input_names_x = false;
-			}
-			
-			if (mt_rand(0, 2) == 0) {
-				// Value must be null
-				$this->inputs[$name] = '';
-			} elseif (mt_rand(0, 4) == 0) {
-				// Numeric value
-				$this->inputs[$name] = (string)mt_rand(0, 100000);
-			} else {
-				// Obscure value
-				$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
-			}
-		}
-	}
-	
-	public static function space() {
-		if (mt_rand(0, 3) != 0)
-			return ' ';
-		return str_repeat(' ', mt_rand(1, 3));
-	}
-	
-	public function html($count = false) {
-		global $config;
-		
-		$elements = array(
-			'<input type="hidden" name="%name%" value="%value%">',
-			'<input type="hidden" value="%value%" name="%name%">',
-			'<input name="%name%" value="%value%" type="hidden">',
-			'<input value="%value%" name="%name%" type="hidden">',
-			'<input style="display:none" type="text" name="%name%" value="%value%">',
-			'<input style="display:none" type="text" value="%value%" name="%name%">',
-			'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<textarea style="display:none" name="%name%">%value%</textarea>',
-			'<textarea name="%name%" style="display:none">%value%</textarea>'
-		);
-		
-		$html = '';
-		
-		if ($count === false) {
-			$count = mt_rand(1, round(abs(count($this->inputs) / 15)) + 1);
-		}
-		
-		if ($count === true) {
-			// all elements
-			$inputs = array_slice($this->inputs, $this->index);
-		} else {
-			$inputs = array_slice($this->inputs, $this->index, $count);
-		}
-		$this->index += count($inputs);
-		
-		foreach ($inputs as $name => $value) {
-			$element = false;
-			while (!$element) {
-				$element = $elements[array_rand($elements)];
-				$element = str_replace(' ', self::space(), $element);
-				if (mt_rand(0, 5) == 0)
-					$element = str_replace('>', self::space() . '>', $element);
-				if (strpos($element, 'textarea') !== false && $value == '') {
-					// There have been some issues with mobile web browsers and empty <textarea>'s.
-					$element = false;
-				}
-			}
-			
-			$element = str_replace('%name%', utf8tohtml($name), $element);
-			
-			if (mt_rand(0, 2) == 0)
-				$value = $this->make_confusing($value);
-			else
-				$value = utf8tohtml($value);
-			
-			if (strpos($element, 'textarea') === false)
-				$value = str_replace('"', '&quot;', $value);
-			
-			$element = str_replace('%value%', $value, $element);
-			
-			$html .= $element;
-		}
-		
-		return $html;
-	}
-	
-	public function reset() {
-		$this->index = 0;
-	}
-	
-	public function hash() {
-		global $config;
 
-		// This is the tricky part: create a hash to validate it after
+  public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
-		// First, sort the keys in alphabetical order (A-Z)
+    $chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-		$inputs = $this->inputs;
+    if ($uppercase)
-		ksort($inputs);
+      $chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		
+    if ($special_chars)
-		$hash = '';
+      $chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
-		// Iterate through each input
+    if ($unicode_chars) {
-		foreach ($inputs as $name => $value) {
+      $len = strlen($chars) / 10;
-			$hash .= $name . '=' . $value;
+      for ($n = 0; $n < $len; $n++)
-		}
+        $chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
-		// Add a salt to the hash
+    }
-		$hash .= $config['cookies']['salt'];
+
-		
+    $chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-		// Use SHA1 for the hash
+
-		return sha1($hash . $this->salt);
+    $ch = array();
-	}
+
+    // fill up $ch until we reach $length
+    while (count($ch) < $length) {
+      $n = $length - count($ch);
+      $keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
+      if ($n == 1) {
+        $ch[] = $chars[$keys];
+        break;
+      }
+      shuffle($keys);
+      foreach ($keys as $key)
+        $ch[] = $chars[$key];
+    }
+
+    $chars = $ch;
+
+    return implode('', $chars);
+  }
+
+  public static function make_confusing($string) {
+    $chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
+
+    foreach ($chars as &$c) {
+      if (mt_rand(0, 3) != 0)
+        $c = utf8tohtml($c);
+      else
+        $c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
+    }
+
+    return implode('', $chars);
+  }
+
+  public function __construct(array $salt = array()) {
+    global $config;
+
+    if (!empty($salt)) {
+      // create a salted hash of the "extra salt"
+      $this->salt = implode(':', $salt);
+    } else { 
+      $this->salt = '';
+    }
+
+    shuffle($config['spam']['hidden_input_names']);
+
+    $input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
+    $hidden_input_names_x = 0;
+
+    for ($x = 0; $x < $input_count ; $x++) {
+      if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
+        // Use an obscure name
+        $name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
+      } else {
+        // Use a pre-defined confusing name
+        $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
+        if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
+          $hidden_input_names_x = false;
+      }
+
+      if (mt_rand(0, 2) == 0) {
+        // Value must be null
+        $this->inputs[$name] = '';
+      } elseif (mt_rand(0, 4) == 0) {
+        // Numeric value
+        $this->inputs[$name] = (string)mt_rand(0, 100000);
+      } else {
+        // Obscure value
+        $this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
+      }
+    }
+  }
+
+  public static function space() {
+    if (mt_rand(0, 3) != 0)
+      return ' ';
+    return str_repeat(' ', mt_rand(1, 3));
+  }
+
+  public function html($count = false) {
+    global $config;
+
+    $elements = array(
+      '<input type="hidden" name="%name%" value="%value%">',
+      '<input type="hidden" value="%value%" name="%name%">',
+      '<input name="%name%" value="%value%" type="hidden">',
+      '<input value="%value%" name="%name%" type="hidden">',
+      '<input style="display:none" type="text" name="%name%" value="%value%">',
+      '<input style="display:none" type="text" value="%value%" name="%name%">',
+      '<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
+      '<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
+      '<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
+      '<textarea style="display:none" name="%name%">%value%</textarea>',
+      '<textarea name="%name%" style="display:none">%value%</textarea>'
+    );
+
+    $html = '';
+
+    if ($count === false) {
+      $count = mt_rand(1, round(abs(count($this->inputs) / 15)) + 1);
+    }
+
+    if ($count === true) {
+      // all elements
+      $inputs = array_slice($this->inputs, $this->index);
+    } else {
+      $inputs = array_slice($this->inputs, $this->index, $count);
+    }
+    $this->index += count($inputs);
+
+    foreach ($inputs as $name => $value) {
+      $element = false;
+      while (!$element) {
+        $element = $elements[array_rand($elements)];
+        $element = str_replace(' ', self::space(), $element);
+        if (mt_rand(0, 5) == 0)
+          $element = str_replace('>', self::space() . '>', $element);
+        if (strpos($element, 'textarea') !== false && $value == '') {
+          // There have been some issues with mobile web browsers and empty <textarea>'s.
+          $element = false;
+        }
+      }
+
+      $element = str_replace('%name%', utf8tohtml($name), $element);
+
+      if (mt_rand(0, 2) == 0)
+        $value = $this->make_confusing($value);
+      else
+        $value = utf8tohtml($value);
+
+      if (strpos($element, 'textarea') === false)
+        $value = str_replace('"', '&quot;', $value);
+
+      $element = str_replace('%value%', $value, $element);
+
+      $html .= $element;
+    }
+
+    return $html;
+  }
+
+  public function reset() {
+    $this->index = 0;
+  }
+
+  public function hash() {
+    global $config;
+
+    // This is the tricky part: create a hash to validate it after
+    // First, sort the keys in alphabetical order (A-Z)
+    $inputs = $this->inputs;
+    ksort($inputs);
+
+    $hash = '';
+    // Iterate through each input
+    foreach ($inputs as $name => $value) {
+      $hash .= $name . '=' . $value;
+    }
+    // Add a salt to the hash
+    $hash .= $config['cookies']['salt'];
+
+    // Use SHA1 for the hash
+    return sha1($hash . $this->salt);
+  }
+
+  public function printErrVars() { //DELETE ME
+    $inputs = $this->inputs;
+    ksort($inputs);
+
+    print_err("Antibot " . $this->hash() . " inputs: " . json_encode($inputs));
+  }
 }
 
 function _create_antibot($board, $thread) {
-	global $config, $purged_old_antispam;
+  global $config, $purged_old_antispam;
-	
+
-	$antibot = new AntiBot(array($board, $thread));
+  $antibot = new AntiBot(array($board, $thread));
-	
+
-	if (!isset($purged_old_antispam)) {
+  if (!isset($purged_old_antispam)) {
-		$purged_old_antispam = true;
+    $purged_old_antispam = true;
-		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
+    query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
-	}
+  }
-	
+
-	if ($thread)
+  if ($thread)
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
+    $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
-	else
+  else
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
+    $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
-	
+
-	$query->bindValue(':board', $board);
+  $query->bindValue(':board', $board);
-	if ($thread)
+  if ($thread)
-		$query->bindValue(':thread', $thread);
+    $query->bindValue(':thread', $thread);
-	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
+  $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
-	$query->execute() or error(db_error($query));
+  $query->execute() or error(db_error($query));
-	
+
-	$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
+  $query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
-	$query->bindValue(':board', $board);
+  $query->bindValue(':board', $board);
-	$query->bindValue(':thread', $thread);
+  $query->bindValue(':thread', $thread);
-	$query->bindValue(':hash', $antibot->hash());
+  $query->bindValue(':hash', $antibot->hash());
-	$query->execute() or error(db_error($query));
+  $query->execute() or error(db_error($query));
-	
+
-	return $antibot;
+  //$antibot->printErrVars();
+
+  return $antibot;
+}
+
+function dumpVars($extra_salt) {
+  global $config;
+
+  $json_repr = json_encode($_POST);
+  print_err("Check Spam POST data: " . $json_repr);
+
+  if ($json_repr === false) {
+    print_err("Could not jsonify POST data: " . json_last_error_message());
+  }
+
+    /*
+  foreach ($_POST as $name => $value) {
+        $is_valid_input = in_array($name, $config['spam']['valid_inputs']) ? "valid" : "invalid";
+        print_err(" $name: $value ($is_valid_input)");
+    }
+     */
+
+  if (!empty($extra_salt)) {
+    $extra_salt = implode(':', $extra_salt);
+  } else { 
+    $extra_salt = '';
+  }
+
+  print_err("extra_salt: $extra_salt");
 }
 
 function checkSpam(array $extra_salt = array()) {
-	global $config, $pdo;
+  global $config, $pdo;
 
-	if (!isset($_POST['hash']))
+  #print_err("checkSpam start");
-		return true;
+  $extra_salt_orig = $extra_salt;
 
-	$hash = $_POST['hash'];
+  /*
+  if (!isset($_POST['hash'])) {
+    print_err("checkSpam: _POST array doesn't have key 'hash', check failed.");
+    dumpVars($extra_salt_orig);
+    return true;
+  }
+  */
 
-	if (!empty($extra_salt)) {
+  if (isset($_POST['hash'])) {
-		// create a salted hash of the "extra salt"
+    $hash = $_POST['hash'];
-		$extra_salt = implode(':', $extra_salt);
+  } else {
-	} else { 
+    $hash = "";
-		$extra_salt = '';
+  }
-	}
 
-	// Reconsturct the $inputs array
+  if (!empty($extra_salt)) {
-	$inputs = array();
+    // create a salted hash of the "extra salt"
+    $extra_salt = implode(':', $extra_salt);
+  } else { 
+    $extra_salt = '';
+  }
 
-	foreach ($_POST as $name => $value) {
+  // Reconsturct the $inputs array
-		if (in_array($name, $config['spam']['valid_inputs']))
+  $inputs = array();
-			continue;
 
-		$inputs[$name] = $value;
+  foreach ($_POST as $name => $value) {
-	}
+    if (in_array($name, $config['spam']['valid_inputs']))
+      continue;
 
-	// Sort the inputs in alphabetical order (A-Z)
+    $inputs[$name] = $value;
-	ksort($inputs);
+  }
 
-	$_hash = '';
+  // Sort the inputs in alphabetical order (A-Z)
+  ksort($inputs);
 
-	// Iterate through each input
+  $_hash = '';
-	foreach ($inputs as $name => $value) {
-		$_hash .= $name . '=' . $value;
-	}
 
-	// Add a salt to the hash
+  // Iterate through each input
-	$_hash .= $config['cookies']['salt'];
+  foreach ($inputs as $name => $value) {
+    $_hash .= $name . '=' . $value;
+  }
 
-	// Use SHA1 for the hash
+  // Add a salt to the hash
-	$_hash = sha1($_hash . $extra_salt);
+  $_hash .= $config['cookies']['salt'];
 
-	if ($hash != $_hash) {
+  // Use SHA1 for the hash
-		return true;
+  $_hash = sha1($_hash . $extra_salt);
-	}
 
-	$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
+  if (empty($hash)) {
-	$query->bindValue(':hash', $hash);
+    print_err("checkSpam: hash is either empty or was never present, check failed. Not flagging as spam however.");
-	$query->execute() or error(db_error($query));
+    dumpVars($extra_salt_orig);
-	if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) {
+    // Ignore missing hash, because it was missing for some legitimate posters and bots tend to fill in any field.
-		// there was no database entry for this hash. most likely expired.
+    return false;
-		return true;
+  } else if ($hash != $_hash) {
-	}
+    print_err("checkSpam: Hash values do not match! submitted hash value from POST data: $hash ; Computed hash value: $_hash");
+    dumpVars($extra_salt_orig);
+    return true;
+  }
 
-	return $hash;
+  $query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
+  $query->bindValue(':hash', $hash);
+  $query->execute() or error(db_error($query));
+  if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) {
+    // there was no database entry for this hash. most likely expired.
+    print_err("checkSpam: there was no database entry for this hash. most likely expired. $hash");
+    dumpVars($extra_salt_orig);
+    return $hash; // do not consider this a failure case. (I would rather a spam post than a false-positive tbqh)
+    //return true;
+  }
+
+  return $hash;
 }
 
 function incrementSpamHash($hash) {
-	$query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
+  $query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
-	$query->bindValue(':hash', $hash);
+  $query->bindValue(':hash', $hash);
-	$query->execute() or error(db_error($query));
+  $query->execute() or error(db_error($query));
 }

inc/api.php

@@ -45,7 +45,7 @@ class Api {
 
 		$this->threadsPageFields = array(
 			'id' => 'no',
-			'bump' => 'last_modified',
+			'bump' => 'bump',
 			'board' => 'board',
 		);
 
@@ -197,6 +197,7 @@ class Api {
 			$ips[] = $p->ip;
 		}
 		$apiPosts['posts'][0]['unique_ips'] = count(array_unique($ips));
+		$apiPosts['posts'][0]['last_modified'] = (empty($thread->posts) ? $thread : end($thread->posts))->time;
 
 		return $apiPosts;
 	}

inc/config.php

@@ -33,6 +33,8 @@
 
     // Enables captcha
     $config['securimage'] = false;
+    // Limits captcha to TOR users
+    $config['captcha_tor_only'] = false;
 
     // Global announcement -- the very simple version.
     // This used to be wrongly named $config['blotter'] (still exists as an alias).

inc/error.php

@@ -24,6 +24,42 @@ register_shutdown_function('fatal_error_handler');
 
 $error_recursion=false;
 
+
+
+/*
+ * Global anything is always a bad idea, but since all of this website's error handling comes
+ * down to calling this error function and quitting, we have no way of catching exceptions, for example
+ * during thumbnail creation.
+ *
+ * So push things to run in case of a crash into a list, and then run all of them in error.
+ *
+ * This will be exclusive to callbacks for posting a post callflow, not mod actions or anything else.
+ */
+function global_post_cleanup() {
+    global $post_cleanup_list;
+
+    foreach ($post_cleanup_list as $f) {
+        $f();
+    }
+
+    unset($post_cleanup_list);
+}
+
+function push_global_post_cleanup($f) {
+    global $post_cleanup_list;
+
+    if (!isset($post_cleanup_list)) {
+        $post_cleanup_list = array($f);
+    } else {
+        array_push($post_cleanup_list, $f);
+    }
+}
+
+function init_global_post_cleanup() {
+    global $post_cleanup_list;
+    $post_cleanup_list = array();
+}
+
 function error($message, $priority = true, $debug_stuff = false) {
     global $board, $mod, $config, $db_error, $error_recursion;
 
@@ -75,11 +111,14 @@ function error($message, $priority = true, $debug_stuff = false) {
             $data['debug']=$debug_stuff;
         }
         print json_encode($data);
+        global_post_cleanup();
         exit();
     }
 
     header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error');
 
+    global_post_cleanup();
+
     die(Element('page.html', array(
         'config' => $config,
         'title' => _('Error'),

inc/functions.php

@@ -2905,3 +2905,34 @@ function strategy_first($fun, $array) {
         return array('defer');
     }
 }
+
+function ipIsLocal($ip) {
+    // Define the local IP ranges commonly used in private networks
+    $localRanges = [
+        '10.0.0.0/8',       // Private network range 10.0.0.0 to 10.255.255.255
+        '172.16.0.0/12',    // Private network range 172.16.0.0 to 172.31.255.255
+        '192.168.0.0/16',   // Private network range 192.168.0.0 to 192.168.255.255
+        '127.0.0.0/8',      // Loopback range for localhost
+        '169.254.0.0/16'    // Link-local addresses
+    ];
+
+    foreach ($localRanges as $range) {
+        if (ipInRange($ip, $range)) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+function ipInRange($ip, $range) {
+    // Split the range to get the base IP and the netmask
+    list($baseIP, $netmask) = explode('/', $range);
+    // Convert IPs into long format for easy comparison
+    $ipLong = ip2long($ip);
+    $rangeLong = ip2long($baseIP);
+    $maskLong = ~((1 << (32 - $netmask)) - 1);
+
+    // Check if the IP is in the given range
+    return (($ipLong & $maskLong) == ($rangeLong & $maskLong));
+}

inc/instance-config.php

@@ -22,6 +22,7 @@ $config['boards'] = array(
     'edu',
     'ga',
     'ent',
+    'music',
     '777',
     'posad',
     'i',
@@ -41,7 +42,7 @@ $config['prepended_foreign_boards'] = array(
 
 // Board categories. Only used in the "Categories" theme.
 $config['categories'] = array(
-  'Leftypol' => array(
+  'Boards' => array(
     'leftypol',
     'b',
     'WRK',
@@ -50,6 +51,7 @@ $config['categories'] = array(
     'edu',
     'ga',
     'ent',
+    'music',
     '777',
     'posad',
     'i',
@@ -64,19 +66,19 @@ $config['categories'] = array(
 // with non-board links.
 $config['custom_categories'] = array(
     'Links' => array(
-        'New Multitude' => 'https://newmultitude.org/',
+        'New Multitude' => 'https://newmultitude.org',
-        'Booru image repository' => 'https://lefty.booru.org/',
+        'Booru image repository' => 'https://lefty.pictures',
-        'Leftypedia' => 'https://leftypedia.org/',
         'Official chat room' => 'https://talk.leftychan.net/#/room/#welcome:matrix.leftychan.net',
-        'Gitea instance' => 'https://git.leftychan.net',
+        'Nukechan' => 'https://nukechan.net',
+        #'Gitea instance' => 'https://git.leftychan.net',
         'Rules' => 'rules.html',
         'Search' => 'search.php',
     ),
     'Learning resources and blogs' => array(
-        'Michael Roberts\' blog' => 'https://thenextrecession.wordpress.com/',
+        'Michael Roberts\' blog' => 'https://thenextrecession.wordpress.com',
-        'A Critique Of Crisis Theory blog' => 'https://critiqueofcrisistheory.wordpress.com/',
+        'A Critique Of Crisis Theory blog' => 'https://critiqueofcrisistheory.wordpress.com',
-        'Leftypedia' => 'https://leftypedia.org/',
+        'Leftypedia' => 'https://wiki.leftypol.org',
-        'Marxist Internet Archive' => 'https://www.marxists.org/'
+        'Marxist Internet Archive' => 'https://www.marxists.org'
     ),
 );
 
@@ -132,7 +134,8 @@ $config['post_date'] = '%F (%a) %T';
 
 $config['thread_subject_in_title'] = true;
 
-$config['spam']['enabled'] = false;
+$config['spam']['enabled'] = true;
+$config['spam']['hidden_inputs_expire'] = 60 * 60 * 24 * 120; //keep hashes for 120 days in the database just in case someone posts on a slow board.
 $config['spam_noticer']['enabled'] = true;
 $config['spam_noticer']['base_url'] = 'http://localhost:8300';
 $config['spam_noticer']['ui_url'] = 'https://spamnoticer.leftychan.net/static/index.html';
@@ -142,7 +145,8 @@ $config['spam_noticer']['website_name'] = "leftychan";
 /*
  * Basic captcha. See also: captchaconfig.php
  */
-$config['securimage'] = false;
+$config['securimage'] = true;
+$config['captcha_tor_only'] = true;
 
 /*
  * Permissions
@@ -209,6 +213,7 @@ $config['allowed_ext_files'][] = 'pdf';
 $config['allowed_ext_files'][] = 'txt';
 $config['allowed_ext_files'][] = 'epub';
 $config['allowed_ext_files'][] = 'djvu';
+$config['allowed_ext_files'][] = 'opus';
 // Compressed files
 $config['allowed_ext_files'][] = 'zip';
 $config['allowed_ext_files'][] = 'gz';
@@ -257,6 +262,7 @@ $config['user_flags'] = array (
     'egalitarianism' => 'Egalitarianism',
     'egoism' => 'Egoism',
     'eristocracy' => 'Έριστοκρατία',
+    'Eurasianism' => 'Eurasianism',
     'eureka' => 'Eureka',
     'eurocommunism' => 'Eurocommunism',
     'farc' => 'Las FARC',
@@ -280,9 +286,10 @@ $config['user_flags'] = array (
     'luck_o_the_irish' => 'Luck O\' The Irish',
     'luxemburg' => 'Luxemburg',
     'marx' => 'Marx',
+    'marxism_blackpilism' => 'Marxism Blackpillism',
     'mutualism' => 'Mutualism',
     'naxalite' => 'Naxalite',
-    'nazbol' => 'Nazbol',
+    'nazbol' => 'National Bolshevik',
     'nazi' => 'Nazi',
     'ndfp' => 'NDFP',
     'palestine' => 'Palestine',
@@ -309,13 +316,14 @@ $config['user_flags'] = array (
     'syndicalism' => 'Syndicalism',
     'tankie' => 'Tankie',
     'technocracy' => 'Technocracy',
+    'The_Other_Russia' => 'The Other Russia',
     'think' => 'Think',
     'transhumanism' => 'Transhumanism',
     'united_farm_workers' => 'United Farm Workers',
     'viet_cong' => 'Viet Cong',
     'ypg' => 'YPG',
     'yugoslavia' => 'Yugoslavia',
-    'zapatista' => 'Zapatista'
+    'zgang' => 'Z Gang'
 );
 
 
@@ -589,5 +597,5 @@ $config['filters'][] = array(
     'message' => 'New threads are being created too quickly. Wait [at most] 10 minutes'
 );
 
-$config['global_message'] = '<span><a href="https://talk.leftychan.net/#/room/#welcome:matrix.leftychan.net" class="">Matrix</a></span> &nbsp; <span><a href="ircs://irc.leftychan.net:6697/#leftychan" class="">IRC Chat</a></span> &nbsp; <span><a href="mumble://leftychan.net" class="">Mumble</a></span> &nbsp; <span><a href="https://t.me/+RegtyzzrE0M1NDMx" class="">Telegram</a></span> &nbsp; <span><a href="https://discord.gg/AcZeFKXPmZ" class="">Discord</a></span>';
+$config['global_message'] = '<span><a href="https://talk.leftychan.net/#/room/#welcome:matrix.leftychan.net">Matrix</a></span> &nbsp; <span><a href="ircs://irc.leftychan.net:6697/#leftychan">IRC Chat</a></span> &nbsp; <span><a href="mumble://leftychan.net">Mumble</a></span> &nbsp; <span><a href="https://t.me/+RegtyzzrE0M1NDMx">Telegram</a></span> &nbsp; <span><a href="https://discord.gg/AcZeFKXPmZ">Discord</a></span>';
 $config['debug'] = false;

inc/lib/securimage/securimage.php

@@ -338,6 +338,8 @@ class Securimage
 
     /*%*********************************************************************%*/
     // Properties
+    public $config_file;
+    public $gdnoisecolor;
 
     /**
      * The width of the captcha image
@@ -2232,9 +2234,9 @@ class Securimage
         $py       = array(); // y coordinates of poles
         $rad      = array(); // radius of distortion from pole
         $amp      = array(); // amplitude
-        $x        = ($this->image_width / 4); // lowest x coordinate of a pole
+        $x        = round($this->image_width / 4); // lowest x coordinate of a pole
         $maxX     = $this->image_width - $x;  // maximum x coordinate of a pole
-        $dx       = mt_rand($x / 10, $x);     // horizontal distance between poles
+        $dx       = mt_rand(intval($x / 10), $x);     // horizontal distance between poles
         $y        = mt_rand(20, $this->image_height - 20);  // random y coord
         $dy       = mt_rand(20, $this->image_height * 0.7); // y distance
         $minY     = 20;                                     // minimum y coordinate
@@ -2277,7 +2279,7 @@ class Securimage
                 $x *= $this->iscale;
                 $y *= $this->iscale;
                 if ($x >= 0 && $x < $width2 && $y >= 0 && $y < $height2) {
-                    $c = imagecolorat($this->tmpimg, $x, $y);
+                    $c = imagecolorat($this->tmpimg, intval($x), intval($y));
                 }
                 if ($c != $bgCol) { // only copy pixels of letters to preserve any background image
                     imagesetpixel($this->im, $ix, $iy, $c);
@@ -2298,7 +2300,7 @@ class Securimage
 
             $theta = ($this->frand() - 0.5) * M_PI * 0.33;
             $w = $this->image_width;
-            $len = mt_rand($w * 0.4, $w * 0.7);
+            $len = mt_rand(intval($w * 0.4), intval($w * 0.7));
             $lwid = mt_rand(0, 4);
 
             $k = $this->frand() * 0.6 + 0.2;
@@ -2318,7 +2320,7 @@ class Securimage
             for ($i = 0; $i < $n; ++ $i) {
                 $x = $x0 + $i * $dx + $amp * $dy * sin($k * $i * $step + $phi);
                 $y = $y0 + $i * $dy - $amp * $dx * sin($k * $i * $step + $phi);
-                imagefilledrectangle($this->im, $x, $y, $x + $lwid, $y + $lwid, $this->gdlinecolor);
+                imagefilledrectangle($this->im, intval($x), intval($y), intval($x + $lwid), intval($y + $lwid), $this->gdlinecolor);
             }
         }
     }

inc/mod/auth.php

@@ -6,6 +6,8 @@
 
 defined('TINYBOARD') or exit;
 
+require_once 'inc/mod/pages.php';
+
 // create a hash/salt pair for validate logins
 function mkhash($username, $password, $salt = false) {
 	global $config;

inc/mod/pages.php

@@ -1501,6 +1501,7 @@ function mod_move($originBoard, $postID) {
         } else {
             deletePost($postID);
             buildIndex();
+            rebuildThemes('post', $originBoard);
 
             openBoard($targetBoard);
             header('Location: ?/' . sprintf($config['board_path'], $newboard['uri']) . $config['dir']['res'] . link_for($op, false, $newboard), true, $config['redirect_http']);
@@ -1562,7 +1563,7 @@ function mod_merge($originBoard, $postID) {
             }
         }
 
-        if ($targetBoard === $originBoard){
+        if ($targetBoard === $originBoard) {
             // Just update the thread id for all posts in the original thread to new op
             $query = prepare(sprintf('UPDATE ``posts_%s`` SET `thread` = :newthread WHERE `id` = :oldthread OR `thread` = :oldthread', $originBoard));
             $query->bindValue(':newthread', $targetOp, PDO::PARAM_INT);
@@ -1586,8 +1587,7 @@ function mod_merge($originBoard, $postID) {
 
             // redirect
             header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . link_for($newpost) . '#' . $targetOp, true, $config['redirect_http']);
-        }
+        } else {
-            else {
             // Move thread to new board without shadow thread and then update the thread id for all posts in that thread to new op
             // indicate that the post is a thread
             if (count($boards) <= 1)
@@ -1726,6 +1726,7 @@ function mod_merge($originBoard, $postID) {
             deletePost($postID);
             modLog("Deleted post #{$postID}");
             buildIndex();
+            rebuildThemes('post', $originBoard);
 
             openBoard($targetBoard);
             // Just update the thread id for all posts in the original thread to new op

js/expand.js

@@ -28,14 +28,14 @@ $(document).ready(function(){
 					context: document.body,
 					success: function(data) {
 						var last_expanded = false;
-						$(data).find('div.post.reply').each(function() {
+						$(data).find('div.postcontainer').each(function() {
 							thread.find('div.hidden').remove();
 							var post_in_doc = thread.find('#' + $(this).attr('id'));
 							if(post_in_doc.length == 0) {
 								if(last_expanded) {
-									$(this).addClass('expanded').insertAfter(last_expanded).before('<br class="expanded">');
+									$(this).addClass('expanded').insertAfter(last_expanded);
 								} else {
-									$(this).addClass('expanded').insertAfter(thread.find('div.post:first')).after('<br class="expanded">');
+									$(this).addClass('expanded').insertAfter(thread.find('div.post:first'));
 								}
 								last_expanded = $(this);
 								$(document).trigger('new_post', this);

log.php

@@ -1,6 +1,6 @@
 <?php
-include 'inc/functions.php';
+require_once 'inc/functions.php';
-include 'inc/mod/pages.php';
+require_once 'inc/mod/pages.php';
 
 if (!isset($_GET['board']) || !preg_match("/{$config['board_regex']}/u", $_GET['board'])) {
 	http_response_code(400);

post.php

@@ -457,6 +457,8 @@ function validate_images(array $post_array) {
 function handle_post(){
     global $config,$dropped_post,$board, $mod,$pdo;
 
+    init_global_post_cleanup();
+
     if (!isset($_POST['body'], $_POST['board']) && !$dropped_post) {
         error($config['error']['bot']);
     }
@@ -511,7 +513,11 @@ function handle_post(){
             }
         }
 
-        if(isset($config['securimage']) && $config['securimage']){
+        if((isset($config['securimage']) && $config['securimage'])
+            && (
+                !(isset($config['captcha_tor_only']) && $config['captcha_tor_only'])
+                || ipIsLocal($_SERVER['REMOTE_ADDR'])
+                )){
 
             if(!isset($_POST['captcha'])){
                 error($config['error']['securimage']['missing']);
@@ -1032,6 +1038,17 @@ function handle_post(){
 
         $spam_noticer_result = checkWithSpamNoticer($config, $post, $board['uri']);
 
+        /*
+         * If we have an error with posting this later, send back the
+         * delete token to spamnoticer to remove the post from the recent
+         * posts table. (see error.php for the error cleanup function)
+         */
+        $f_spamnoticer_cleanup_on_err = function() use ($config, $delete_token) {
+            removeRecentPostFromSpamnoticer($config, array($delete_token));
+        };
+
+        push_global_post_cleanup($f_spamnoticer_cleanup_on_err);
+
         if ($spam_noticer_result->succeeded && $spam_noticer_result->noticed) {
           error($config['error']['spam_noticer'] . $spam_noticer_result->reason);
         }

stylesheets/bunker_like.css

@@ -3,184 +3,220 @@ div.sidearrows {
 }
 
 body {
-	background: #1D1F21;
+    background: #1D1F21;
-	color: #ACACAC;
+    color: #ACACAC;
-	font-family: Courier, monospace;
+    font-family: Courier, monospace;
-	font-size: 13px;
+    font-size: 15px;
+}
+
+.theme-catalog .replies {
+    font-family: serif;
+}
+
+div.post div.body {
+    font-family: serif;
+}
+
+span.heading {
+    font-size: 15px;
+}
+
+.theme-catalog .replies .meta,
+.theme-catalog .replies .intro,
+div.post div.body a,
+div.post div.body .toolong {
+    font-family: Courier, monospace;
 }
 
 /* LINKS */
 a, a:link, a:visited, .intro a.email span.name {
-	color: #FFB300;
+    color: #FFB300;
-	text-decoration: none;
+    text-decoration: none;
 }
 a:link:hover, a:visited:hover {
-	color: #FFB300;
+    color: #FFB300;
-	text-shadow: 0px 0px 5px #117743;
+    text-shadow: 0px 0px 5px #117743;
 }
 div.pages a.selected {
-	color: #FFB300;
+    color: #FFB300;
 }
 
 /* INTRO */
 h1, div.title, header div.subtitle {
-	color: #663E11;
+    color: #FFB300;
-	font-family: Courier, monospace;
+    font-family: Courier, monospace;
 }
 h1 {
-	font-size: 24pt;
+    font-size: 18pt;
-	font-weight: normal;
+    font-weight: bold;
-	letter-spacing: 0px;
+    letter-spacing: 0px;
 }
 header div.subtitle {
-	font-size: 12pt;
+    font-size: 10pt;
 }
 
 /* FORMS AND BUTTONS */
 div.banner {
-	background-color: inherit;
+    background-color: inherit;
-	color: #ACACAC;
+    color: #ACACAC;
 }
 form table {
-	border: 1px dashed #117743;
+    border: 1px dashed #117743;
-	padding-right: 1px;
+    padding-right: 1px;
+    border-radius: 3px;
 }
 form table tr th {
-	background: #282A2E;
+    background: #282A2E;
-	border: 1px solid #117743;
+    border: 1px solid #117743;
-	border-radius: 5px;
+    border-radius: 2px;
+    padding: 3px;
 }
+
 input[type="text"], input[type="password"], textarea, select {
-	border: 1px double #07371F;
+    border: 1px double #07371F;
-	border-radius: 5px;
+    border-radius: 2px;
-	background: #282A2E;
+    background: #282A2E;
-	color: #ACACAC;
+    color: #ACACAC;
-	font-family: Courier, monospace;
+    font-family: Courier, monospace;
+    margin: 0 1px;
+    padding: 3px !important;
+    box-sizing: border-box;
 }
+
 input[type="text"]:focus, input[type="password"]:focus, textarea:focus {
-  box-shadow: 0px 0px 5px 2px #117743;
+    box-shadow: 0px 0px 5px 2px #117743;
 }
+
 input[type="submit"] {
-	border: 3px double #07371F;
+    border: 3px double #07371F;
-	border-radius: 5px;
+    border-radius: 2px;
-  background: #16171A;
+    background-color: #07371F;
-	color: #ACACAC;
+    color: #ACACAC;
-	font-family: Courier, monospace;
+    font-family: Courier, monospace;
-	font-weight: bold;
+    font-weight: bold;
+    font-size: 16px;
 }
+
+input[type="submit"]:hover {
+    border-color: #117743;
+    background-color: #117743;
+}
+
 .dropzone {
-	background: #16171A;
+    background: #16171A;
-	border: 3px double #07371F;
+    border: 1px solid #07371F;
-	color: #ACACAC;
+    color: #ACACAC;
+    border-radius: 2px;
+    margin: 0 2px;
 }
 .dropzone .file-hint {
-	color: #ACACAC;
+    color: #ACACAC;
-	font-weight: bold;
+    font-weight: bold;
 }
 #quick-reply table {
-	background: #1D1F21 !important;
+    background: #1D1F21 !important;
 }
 fieldset {
-	border: 1px dashed #117743;
+    border: 1px dashed #117743;
 }
 
 /* POST IDENTIFIERS */
 .intro span.subject {
-	color: #34ED3A;
+    color: #34ED3A;
 }
 .intro span.name {
-	color: #117743;
+    color: #117743;
 }
 .intro span.trip {
-	color: #117743;
+    color: #117743;
 }
 .intro a.capcode, p.intro a.nametag {
-	color: #FF0000;
+    color: #FF0000;
-	font-weight: bold;
+    font-weight: bold;
 }
 .intro a.email, p.intro a.email span.name, p.intro a.email:hover, p.intro a.email:hover span.name {
-	color: #34ED97;
+    color: #34ED97;
 }
 .intro time {
-	font-weight: bold;
+    font-weight: bold;
 }
 .intro a.post_no {
-	color: #ACACAC;
+    color: #ACACAC;
-	font-weight: bold;
+    font-weight: bold;
 }
 
 /* POST BOXES */
 div.post.reply {
-	background: #282A2E;
+    background: #282A2E;
-	border: 1px solid #117743;
+    border: 1px solid #117743;
-	border-radius: 5px;
+    border-radius: 2px;
 }
 div.post.reply.highlighted {
-	background: rgba(59, 22, 43, 0.4);
+    background: rgba(59, 22, 43, 0.4);
-	border: 1px solid #117743;
+    border: 1px solid #117743;
-	border-radius: 5px;
+    border-radius: 2px;
 }
 
 /* POST CONTENT */
 div.post.reply div.body a {
-	color: #FFB300;
+    color: #FFB300;
 }
 .quote {
-	color: #789922;
+    color: #789922;
 }
 
 /* BARS */
 .bar {
-	background-color: #151515;
+    background-color: #151515;
 }
 .bar.top {
-	border-bottom: 1px solid #B0790A;
+    border-bottom: 1px solid #B0790A;
 }
 .bar.bottom {
-	border-top: 1px solid #B0790A;
+    border-top: 1px solid #B0790A;
 }
 div.boardlist {
-	color: #ACACAC;
+    color: #ACACAC;
 }
 hr {
-	border: none;
+    border: none;
-	border-top: 1pt solid #117743;
+    border-top: 1pt solid #117743;
 }
 
 /* CATALOG */
 .theme-catalog h1 {
-	color: #ACACAC;
+    color: #ACACAC;
-	font-size: 18pt;
+    font-size: 18pt;
-	font-weight: bold;
+    font-weight: bold;
 }
 .theme-catalog h1 a {
-	font-weight: normal;
+    font-weight: normal;
 }
 .theme-catalog div.thread, .theme-catalog div.thread:hover {
-	background: #282A2E;
+    background: #282A2E;
-	border: 1px solid #117743;
+    border: 1px solid #117743;
-	border-radius: 5px;
+    border-radius: 2px;
-	font-size: 10pt;
+    font-size: 11pt;
 }
 
 /* OPTIONS */
 #options_div, #alert_div {
-	background: #1D1F21;
+    background: #1D1F21;
-	border: 1px dashed #117743;
+    border: 1px dashed #117743;
 }
 #options_tablist {
-	border-right: 1px dashed #117743;
+    border-right: 1px dashed #117743;
 }
 .options_tab_icon {
-	color: #ACACAC;
+    color: #ACACAC;
 }
 .options_tab_icon.active {
-	color: #FFB300;
+    color: #FFB300;
 }
 
 /* FIXES */
 div.ban {
-	background: #1D1F21;
+    background: #1D1F21;
     border: 1px dashed #117743;
 }
 
@@ -225,7 +261,7 @@ table thead th {
 }
 
 .theme-catalog .thread .meta {
-    font-size: 10pt;
+    font-size: 13px;
 }
 
 .theme-catalog .thread.grid-size-small .replies {

stylesheets/jungle.css

@@ -20,7 +20,9 @@ body {
 
 .bar.top {
     position: relative;
-    width: 100vw;
+    width: calc(100% + 8px);
+    box-sizing: border-box;
+    padding: 0 .25em;
     left: -4px;
 }
 

templates/post_form.html

@@ -5,13 +5,10 @@
     method="post"
     data-max-images="{{ config.max_images }}"
     >
-{{ antibot.html() }}
 {% if id %}<input type="hidden" name="thread" value="{{ id }}">{% endif %}
-{{ antibot.html() }}
 {% if board.uri not in config.overboards|keys %}
 <input type="hidden" name="board" value="{{ board.uri }}">
 {% endif %}
-{{ antibot.html() }}
 {% if current_page %}
 	<input type="hidden" name="page" value="{{ current_page }}">
 {% endif %}
@@ -103,15 +100,38 @@
 		</tr>
 		{% endif %}
 		{% if config.securimage %}
-		<tr>
+            <tr class="post_form_captcha_row">
-			<th>
+                <th>
-				Captcha
+                    Captcha
-			</th>
+                    {% if config.captcha_tor_only %}
-			<td>
+                    <br/>
-		        <img name="captcha-img" id="captcha-img" src="/captcha.php" onClick="this.src='/captcha.php?'+Date.now();document.getElementById('captcha').value = '';"><br />
+                    <small>Tor Only</small>
-				<input type="text" name="captcha" id="captcha" size="25" maxlength="10" autocomplete="off">
+                    {% endif %}
-			</td>
+                </th>
-		</tr>
+                <td>
+                    <img name="captcha-img" id="captcha-img" src="/captcha.php" onClick="this.src='/captcha.php?'+Date.now();document.getElementById('captcha').value = '';"><br />
+                    <input type="text" name="captcha" id="captcha" size="25" maxlength="10" autocomplete="off">
+                </td>
+            </tr>
+            {% if config.captcha_tor_only %}
+            <script>
+                (() => {
+                    function isHiddenService() {
+                        const hostname = window.location.hostname;
+                        return hostname.endsWith('.onion') || hostname.endsWith('.i2p');
+                    }
+
+                    function removeCaptchaField() {
+                        document.querySelectorAll('.post_form_captcha_row')
+                            .forEach(e => e.parentNode.removeChild(e));
+                    }
+
+                    if (!isHiddenService()) {
+                        removeCaptchaField();
+                    }
+                })();
+            </script>
+            {% endif %}
 		{% endif %}
 		{% if config.user_flag %}
 			<tr>
@@ -204,7 +224,6 @@
 			</td>
 		</tr>{% endif %}
 	</table>
-{{ antibot.html(true) }}
 <input type="hidden" name="hash" value="{{ antibot.hash() }}">
 </form>
 

templates/themes/categories/frames.html

@@ -8,23 +8,18 @@
     <link rel="stylesheet" media="screen" href="/stylesheets/bunker_like.css">
     <style type="text/css">
         .sidebar {
-          grid-column: 1;
+          grid-column: 1 / 3;
           grid-row: 1 / 3;
-            width: 200px;
-            border-right-color: gray;
-            border-right-style: solid;
-            border-width: 2px;
-            margin-right: 15px;
         }
         
         .introduction {
-          grid-column: 2 / 9;
+          grid-column: 3 / 9;
           grid-row: 1;
           width: 100%;
          }
          
         .content {
-          grid-column: 2 / 9;
+          grid-column: 3 / 9;
           grid-row: 2;
           width: 100%;
           max-width: 100%;
@@ -33,8 +28,8 @@
 
         body {
             display: grid;
-            grid-template-columns: repeat(auto-fill,minmax(200px, 1fr));
+            grid-template-columns: repeat(auto-fill,minmax(120px, 20%));
-            gap: 20px;
+            min-height: 100vh;
         }
         
         .modlog {
@@ -70,6 +65,16 @@
         li a.system {
             font-weight: bold;
         }
+
+        footer {
+            grid-column: 1 / 9;
+        }
+
+        div.news.ban {
+            width: 100%;
+            max-width: 100%;
+            box-sizing: border-box;
+        }
         
         @media (max-width:768px) {
             body{

templates/themes/categories/news.html

@@ -25,7 +25,7 @@
 	</header>
 </div>
 <div class="content">
-	<div class="ban">
+	<div class="ban news">
 		{% if not news %}
 			<p style="text-align:center" class="unimportant">{% trans %}(No news to show.){% endtrans %}</p>
 		{% else %}
@@ -98,14 +98,14 @@
 				</tbody>
 			</table>
 		{% endif %}
-	<footer>
-			<p class="unimportant" style="margin-top:20px;text-align:center;">- Tinyboard +
-					<a href="https://engine.vichan.net/">vichan</a> {{ config.version }} -
-			<br>Tinyboard Copyright &copy; 2010-2014 Tinyboard Development Group
-			<br><a href="https://engine.vichan.net/">vichan</a> Copyright &copy; 2012-2016 vichan-devel
-		<br><br>
-		<br><b>Leftychan.net is not currently under investigation by any Federal, State, or Local Authorities.</b></p>
-	</footer>
 </div>
+<footer>
+  <p class="unimportant" style="margin-top:20px;text-align:center;">- Tinyboard +
+  <a href="https://engine.vichan.net/">vichan</a> {{ config.version }} -
+  <br>Tinyboard Copyright &copy; 2010-2014 Tinyboard Development Group
+  <br><a href="https://engine.vichan.net/">vichan</a> Copyright &copy; 2012-2016 vichan-devel
+  <br><br>
+  <br><b>Leftychan.net is not currently under investigation by any Federal, State, or Local Authorities.</b></p>
+</footer>
 {% endapply %}