secure captcha + post buttons + post password saving

2025-01-17 15:58:15 +01:00 · 2021-08-30 06:57:43 +02:00 · 2021-08-30 06:57:43 +02:00 · b4e95a3446
commit b4e95a3446
parent 6ce29e3d39
10 changed files with 90 additions and 43 deletions
--- a/README.md
+++ b/README.md
@ -57,4 +57,4 @@ I basically reinvented the wheel except instead of making it nice and round I ma

 License
 --------
-See [LICENSE.md](http://github.com/ithrts/ImoutoIB/blob/master/README.md).
+See [LICENSE.md](http://github.com/ithrts/ImoutoIB/blob/master/LICENSE.md).
--- a/assets/css/Yotsuba
+++ b/assets/css/Yotsuba
@ -282,19 +282,14 @@ label {
 }

 div.post details {
-  float: right;
+	display: inline;
 }
 div.post details summary {
-  margin-top: -2px;
-  font-size: 14pt
+  font-size: 16px;
 }

 div.post details table {
 	position: absolute;
 	background: #d6daf0;
 	border: 1px solid #b7c5d9;
-}
-
-.post-info details form table input[type="submit"] {
-    width: 50px;
 }
--- a/includes/custom.php
+++ b/includes/custom.php
@ -8,5 +8,8 @@ $prefix_folder = '/ib'; // empty for root dir
 $main_file = ''; //empty with handler using main.php as index

 $site_name = 'ImoutoIB';
+$domain = '3dpd.moe'; //MUST BE SET FOR COOKIES
+$secure_hash = "SQp3FaEgyMyHe3=Zc!-vS%ya6W!JAt+9fqwdbGk&ev!hbG!nSMgN_KUbLrmRpCQy"; //Will be used to hash your post passwords. You should change this.
+

 ?>
--- a/includes/default.php
+++ b/includes/default.php
@ -7,9 +7,11 @@ $main_file = 'main.php'; //leave empty if using handlers like apache to hide fil
 $post_file = 'post.php'; //i cant imagine any reason to change this, but i suppose it could be in a different folder if you want to

 $site_name = 'ImoutoIB';
-
+$domain = ''; //MUST BE SET FOR COOKIES
 $captcha_required = false;

+$secure_hash = "SQp3FaEgyMyHe3=Zc!-vS%ya6W!JAt+9fqwdbGk&ev!hbG!nSMgN_KUbLrmRpCQy"; //Will be used to hash your post passwords. You should change this.
+
 $time_method = 'since'; //(iso:iso8601 unix:numberstamp since:howlongsince human:humanreadable
 $time_method_hover = "human"; //unix will always be in data-timestamp for potential js use

@ -23,6 +25,7 @@ $config['display_banner'] = true;

 $post_buttons = true; //adds a no-JS friendly post button on each post for delete/report using html5 details

+
 // STYLESHEETS
 $config['css'][] = 'Yotsuba B'; //mandatory, foundation for all other styles.
 $config['css'][] = 'Yotsuba';
--- a/includes/inits.php
+++ b/includes/inits.php
@ -28,17 +28,31 @@ if (!isset($_GET["page"])) {
 if (!isset($_GET["board"])) {
 	$_GET["board"] = '';
 }
+
+if ($prefix_folder == '') {
+	$cookie_location = '/';
+} else {
+	$cookie_location = $prefix_folder;
+}
+
+
 // SET THEME COOKIE FOR NO-JS USERS (CUZ IM COOL LIKE DAT)
 if (!isset($_COOKIE["theme"])) {
-	setcookie("theme", $config['css'][0], time() + (60 * 60 * 24 * 365 )); // 1 year expiry, default to first theme in default.php.
+	setcookie("theme", $config['css'][0], 0,  $cookie_location, $domain, isset($_SERVER["HTTPS"]), true);
 }
 if (isset($_GET["theme"])) {
 	unset($_COOKIE["theme"]);
-	setcookie("theme", htmlspecialchars($_GET["theme"]), time() + (60 * 60 * 24 * 365 ));
+	setcookie("theme", htmlspecialchars($_GET["theme"]), 0, $cookie_location, $domain, isset($_SERVER["HTTPS"]), true);
 }
-$current_theme = ''; //prevent some cookie blockers throwing notice errors
+	$current_theme = ''; //prevent some cookie blockers throwing notice errors
 if (isset($_COOKIE["theme"])) {
-$current_theme = $_COOKIE["theme"];
+	$current_theme = $_COOKIE["theme"];
+}
+
+if (isset(($_POST['password'])) && (($_POST['password']) !== '')) {
+	$post_password = crypt(htmlspecialchars($_POST['password']), $secure_hash);
+} else {
+	$post_password = crypt((rand() + time()),$secure_hash); //sets a random hashed password
 }

 ?>
--- a/post.php
+++ b/post.php
@ -96,6 +96,7 @@ if ((isset($post_board)) && (isset($_POST['index']))) {
 	$create_OP .= '$op_email = "' . $post_email . '";';
 	$create_OP .= '$op_subject = "' . $post_subject . '";';
 	$create_OP .= '$op_body = "' . $post_body . '";';
+	$create_OP .= '$op_password = "' . $post_password . '";';
 	$create_OP .= '$op_time = "' . time() . '"; ?>';

 	//SAVE POST INFORMATION
@ -137,6 +138,7 @@ if ((isset($post_board)) && (isset($_POST['thread']))) {
 		$create_reply .= '$reply_email = "' . $post_email . '";';
 		$create_reply .= '$reply_subject = "' . $post_subject . '";';
 		$create_reply .= '$reply_body = "' . $post_body . '";';
+		$create_reply .= '$reply_password = "' . $post_password . '";';
 		$create_reply .= '$reply_time = "' . time() . '"; ?>';

 		//SAVE POST INFORMATION
--- a/require.php
+++ b/require.php
@ -6,8 +6,8 @@ $path = dirname(__FILE__);
 // CONFIGURATIONS

 require $path . '/includes/default.php'; //sets defaults
-require $path . '/includes/inits.php'; //defines possibly unused variables
 require $path . '/includes/custom.php'; // only change this, it will replace the default initialized settings.
+require $path . '/includes/inits.php'; //defines possibly unused variables
 require $path . '/includes/functions.php'; //defines functions
 	// require per board setting?

--- a/templates/post-form.html
+++ b/templates/post-form.html
@ -49,11 +49,11 @@
 	    <table>
 	    	<tr>
 	    		<th>Password</th>
-	    		<td><input type="password" name="password" size="25" maxlength="256" autocomplete="off" value=""></td>
+	    		<td><input type="password" name="password" size="25" maxlength="256" value=""></td>
 	    	</tr>
 	    	<tr>
 	    		<th>Options</th>
-	    		<td><label for="checkbox1"><input type="checkbox" id="checkbox1" name="checkbox1"> Spoiler Image</label> <label for="sage"><input type="checkbox" id="sage" name="sage"> No Bump</label></td>
+	    		<td><label for="spoiler"><input type="checkbox" id="spoiler" name="spoiler" autocomplete="off"> Spoiler Image</label> <label for="sage"><input type="checkbox" id="sage" name="sage" autocomplete="off"> No Bump</label></td>
 	    	</tr>
 	    </table>
 	</details>
--- a/templates/reply.html
+++ b/templates/reply.html
@ -2,38 +2,39 @@
 <div class="post reply" data-postid="<?php echo $post_number_reply; ?>">
 	<div class="post-info">

-	<?php if ($post_buttons == true) {
-		echo '
-		<details>
-		    <summary></summary>
-		    <form name="post_button" action="' . $prefix_folder . '/delete-report.php" method="post">
-			    <table>
-			    	<tbody>
-			    		<tr>
-							<td>
-								<input type="password" id="password_' . $post_number_reply . '" name="password" maxlength="256" autocomplete="off" placeholder="Password">
-								<input type="submit" name="delete" value="Delete">
-								<label for="file_' . $post_number_reply . '"><input type="checkbox" id="file_' . $post_number_reply . '" name="file">File only</label>
-							</td>
-						</tr>
-						<tr>
-							<td>
-								<input type="text" id="reason_' . $post_number_reply . '" name="report" maxlength="256" autocomplete="off" value="" placeholder="Reason">
-								<input type="submit" name="report" value="Report">
-								<label for="global_' . $post_number_reply . '"><input type="checkbox" id="global_' . $post_number_reply . '" name="global"></input>Global</label>
-							</td>
-						</tr>
-					</tbody>
-				</table>
-			</form>
-			</details>';
-		}?>
-
 		<input type="checkbox" id="post_<?php echo $post_number_reply; ?>" name="post_<?php echo $post_number_reply; ?>" value="<?php echo $post_number_reply; ?>">
 		<?php if ($reply_subject != '') { echo '<span class="subject">' . $reply_subject . '&nbsp;</span>'; }?>
 		<?php if (($reply_email != '') && ($show_email != false)) { echo '<a href="mailto:' . $reply_email . '">';}?><span class="<?php if(($reply_email != '') && ($show_email != false)) { echo 'link '; } ?>name"><?php echo $reply_name; ?></span>&nbsp;<?php if (($reply_email != '') && ($show_email != false)) { echo '</a>'; }?>
 		<span class="post-time" data-timestamp="<?php echo $reply_time;?>" data-tooltip="<?php echo timeConvert($reply_time, $time_method_hover); ?>"><?php echo timeConvert($reply_time, $time_method); ?>&nbsp;</span>
 		<span class="post-number"><a href="<?php echo $prefix_folder . '/' . $main_file . '?board=' . $current_board . '&thread=' . $post_number_op . '#' . $post_number_reply; ?>">No.</a><a href="<?php echo $prefix_folder . '/' . $main_file . '?board=' . $current_board . '&thread=' . $post_number_op . '#' . $post_number_reply; ?>"><?php echo $post_number_reply; ?></a>&nbsp;</span>
+
+		<?php if ($post_buttons == true) {
+			echo '
+				<details>
+				    <summary></summary>
+				    <form name="post_button" action="' . $prefix_folder . '/delete-report.php" method="post">
+					    <table>
+					    	<tbody>
+					    		<tr>
+									<td>
+										<input type="password" id="password_' . $post_number_reply . '" name="password" maxlength="256" placeholder="Password">
+										<input type="submit" name="delete" value="Delete">
+										<label for="file_' . $post_number_reply . '"><input type="checkbox" id="file_' . $post_number_reply . '" name="file">File only</label>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<input type="text" id="reason_' . $post_number_reply . '" name="report" maxlength="256" autocomplete="off" value="" placeholder="Reason">
+										<input type="submit" name="report" value="Report">
+										<label for="global_' . $post_number_reply . '"><input type="checkbox" id="global_' . $post_number_reply . '" name="global"></input>Global</label>
+									</td>
+								</tr>
+							</tbody>
+						</table>
+					</form>
+					</details>';
+		}?>
+
 	</div>
 	<blockquote class="post-content"><?php echo $reply_body; ?></blockquote>
 </div>
--- a/templates/thread.html
+++ b/templates/thread.html
@ -7,11 +7,40 @@
 		<?php if (($op_email != '') && ($show_email != false)) { echo '<a href="mailto:' . $op_email . '">';}?><span class="<?php if(($op_email != '') && ($show_email != false)) { echo 'link '; } ?>name"><?php echo $op_name; ?></span>&nbsp;<?php if ($op_email != '') { echo '</a>'; }?>
 		<span class="post-time" data-timestamp="<?php echo $op_time;?>" data-tooltip="<?php echo timeConvert($op_time, $time_method_hover); ?>"><?php echo timeConvert($op_time, $time_method); ?>&nbsp;</span>
 		<span class="post-number"><a href="<?php echo $prefix_folder . '/' . $main_file . '?board=' . $current_board . '&thread=' . $post_number_op . '#' . $post_number_op; ?>">No.</a><a href="<?php echo $prefix_folder . '/' . $main_file . '?board=' . $current_board . '&thread=' . $post_number_op . '#' . $post_number_op; ?>"><?php echo $post_number_op; ?></a>&nbsp;</span>
+
+		<?php if ($post_buttons == true) {
+			echo '
+				<details>
+				    <summary></summary>
+				    <form name="post_button" action="' . $prefix_folder . '/delete-report.php" method="post">
+					    <table>
+					    	<tbody>
+					    		<tr>
+									<td>
+										<input type="password" id="password_' . $post_number_op . '" name="password" maxlength="256" placeholder="Password">
+										<input type="submit" name="delete" value="Delete">
+										<label for="file_' . $post_number_op . '"><input type="checkbox" id="file_' . $post_number_op . '" name="file">File only</label>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<input type="text" id="reason_' . $post_number_op . '" name="report" maxlength="256" autocomplete="off" value="" placeholder="Reason">
+										<input type="submit" name="report" value="Report">
+										<label for="global_' . $post_number_op . '"><input type="checkbox" id="global_' . $post_number_op . '" name="global"></input>Global</label>
+									</td>
+								</tr>
+							</tbody>
+						</table>
+					</form>
+					</details>';
+		}?>
+
 		<?php 
 			if ($current_page === 'index') { 
 				echo '&nbsp;<span>[<a href="' . $prefix_folder . '/' . $main_file . '?board=' . $current_board . '&thread=' . $post_number_op . '">Reply</a>]</span>';
 			}
 		?>
+
 	</div>
 	<blockquote class="post-content">
 		<?php echo $op_body; ?>