commit 9b7081ed9bf4f1a510160f97993bed5dce4bde6a Author: Josh Sherman Date: Sun Nov 6 16:19:16 2016 -0600 Initial commit diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000..b476741 --- /dev/null +++ b/CHANGES @@ -0,0 +1,83 @@ +April 16, 2002 - version 0.6.1 +-------------------------------------------------------------------------------- + Finally eliminated any exploits that allow someone to execute arbitrary code + (I think). Also added an "email detect" that will detect if the user was a + dummy and put in their email address instead of a URL, and add "mailto: to the + front of it. + +April 15, 2002 - version 0.6.0 +-------------------------------------------------------------------------------- + Recoded the majority of the script. Optimized the code for speed and to fit + cleancode.org's coding standards. Also added timestamping. + +March 26, 2002 - version 0.5.1 +-------------------------------------------------------------------------------- + Fixed a security bug that allowed for a user to execute JavaScript from the + URL field. + +March 14, 2002 - version 0.5.0 +-------------------------------------------------------------------------------- + Fixed some problems with the code I optimized that killed the ability to use a + MySQL database. This version works with both the flat file, or MySQL, hence + the jump in version number. Also added a couple more variables to customize + the email that is sent when someone posts (if you have that option enabled). + +February 25, 2002 - version 0.4.1 +-------------------------------------------------------------------------------- + Fixed an error that occured when the 'notify by email' option was enabled. + +February 23, 2002 - version 0.4.0 +-------------------------------------------------------------------------------- + Compatibility issues with Mozilla, Netscape and older version of IE have been + resolved. The error messages are now customizable from within the + 'required.php' file, and the index page for the tag board is generated + dynamically with the version number, set the max length of each field, and + will post a link for emoticon help if emoticons are enabled. Quite a bit of + the code has been optimized. The big feature is the ability to choose either + using a MySQL database, or a flat file (./tagboard.dat). The new flat file + has to have the correct permissions to run correctly (chmod 666), and runs in + the same fashion as the MySQL version does. The only limitation to the flat + file is that it posts the entire contents of the file, and doesn't allow you + to choose the order (yet). + +February 17, 2002 - version 0.3.2 +-------------------------------------------------------------------------------- + Fixed the problem where the tag board wouldn't refresh itself after a user + posts a message. + +February 15, 2002 - version 0.3.1 +-------------------------------------------------------------------------------- + Fixed a security hole allowing the use of server-side includes, as well as + HTML comments, . + +February 14, 2002 - version 0.3.0 +-------------------------------------------------------------------------------- + Tweaked out some code, and added emoticons. + +January 31, 2002 - version 0.2.0 +-------------------------------------------------------------------------------- + Added the ability to limit the length of words (to prevent postings such as + "wwwwwaaaaaassssssssuuuuupppppp!". A global variable has been added to + determine what character will be used to seperate the name and the message, + for easy customization. The flood protection is not optional, in case you + want to turn it off. You can now specify the max length of the nick and the + message. Please note, if you go over the recommended max, without updating + the database, then your messages will be cut off. The final update is the + addition of an HTML filter, to prohibit people from posting HTML to the tag + board, this will keep the kids from posting

text, and screwing everything + up. + +January 28, 2002 - version 0.1.1 +-------------------------------------------------------------------------------- + Added the option to display the posts in ascending or descending order, based + on when it was posted. + +December 13, 2001 - version 0.1.0 +-------------------------------------------------------------------------------- + All cusomizable variables added to required.php for easy cusomization. Better + flood protection added by not letting the same IP post twice, and the addition + of an optional keyword (profanity) checker. + +December 12, 2001 - version 0.0.2 +-------------------------------------------------------------------------------- + Initial release. \ No newline at end of file diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..72a044f --- /dev/null +++ b/COPYING @@ -0,0 +1,21 @@ +/******************************************************************************\ + * Copyright (C) 2001-2002 Tag Board by Josh Sherman * + * * + * This source and program come as is, WITHOUT ANY WARRANTY and/or WITHOUT * + * ANY IMPLIED WARRANTY. * + * * + * Users of said software should realize that they cannot and will not hold * + * bombthebox.com reliable or responsible for any purpose WHAT SO EVER. * + * Please read all documentation and use said software responsibly. * + * * + * ANY COMMERCIAL REDISTRIBUTION OR ANY PROPRIETARY REDISTRIBUTION OF THIS * + * OR ANY SOURCE FROM BOMBTHEBOX.COM IS PROHIBITED UNDER CERTAIN CONDITIONS * + * AND SHALL NOT BE RE-SOLD OR REDISTRIBUTED WITHOUT PRIOR AGREEMENTS WITH * + * BOMBTHEBOX.COM * + * * + * I can be reached by electronic mail if there are any questions or * + * concerns about this or any other software that was written/distributed by * + * bombthebox.com - josh@bombthebox.com * + * * + * Software supplied and written by http://www.bombthebox.com/ * +\******************************************************************************/ \ No newline at end of file diff --git a/README b/README new file mode 100644 index 0000000..ca6b74b --- /dev/null +++ b/README @@ -0,0 +1,29 @@ +Before the tag board will function, we have to do a few things... + + 1. Make sure you have PHP on your server, if not, it won't work + + 2. Unpack the .ZIP file to a directory on your server (/tagboard will be fine) + + 3. a. If you decide to use a text file, then make sure you change the + permissions on the file to 666 (chmod 666 tagboard) + + b. If you are going to use a MySQL database, you will need to create your + database for the script to work off of: + + create table tagboard + ( + id int(10) not null auto_increment, + nick varchar(16) not null, + url varchar(128) not null, + message varchar(128) not null, + datetime varchar(255) not null, + ip varchar(15) not null, + primary key(id) + ); + + 4. Edit required.php to reflect your set up, along with the other + customizations + + 5. Enjoy your new tag board! + +CHEERS! \ No newline at end of file diff --git a/THANKS b/THANKS new file mode 100644 index 0000000..d756b2a --- /dev/null +++ b/THANKS @@ -0,0 +1,16 @@ +No one has really contributed to the coding portion of this project, but a +couple of people are worth mentioning. + + ME! Who else would waste this much time on a project so + mediocre in size? + + Dean All around good coder, and is always making + suggestions, even when they aren't asked for. + + Matt Not sure if he has a personal vendetta against me, + or if he is starving for my attention, but this guy + keeps breaking my code and finding holes in it. + Hopefully mentioning him here will get him to move + on to bigger and better things. + +If your name wasn't mentioned, then you mustn't be that important! \ No newline at end of file diff --git a/TODO b/TODO new file mode 100644 index 0000000..a8214ae --- /dev/null +++ b/TODO @@ -0,0 +1,7 @@ +I would like to add in a way to use plugins, to make it easier for me to keep my +version and the version I release to the public in sync, and so that way you +kids don't get to use some of my custom mods ;) + +Eventually I want to add more dummy proof filters to the URL field, and give +you the option to specify if they put in their URL, an email address, or either +one. \ No newline at end of file diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..7ceb040 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.6.1 \ No newline at end of file diff --git a/emoticons.php b/emoticons.php new file mode 100644 index 0000000..3a3c3fd --- /dev/null +++ b/emoticons.php @@ -0,0 +1,66 @@ +\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo "
\n"; +echo "

\n"; +echo " The following is a run down of the emoticons supported by $scriptname version $version. They are case insensitive, so if someone uses :-X or :-x it will still show up as . If you're daring, then feel free to change out the images with your own, or even code in more faces and expressions and such.\n"; +echo "

\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo "
Smile:-) or :)
Frown:-( or :(
Big grin:-D or :D
Surprise:-O or :O
Sticking out tongue:-P or :P
My lips are sealed:-X or :X
Foot in mouth:-! or :!
Put your money where your mouth is:-$ or :$
Kiss:-* or :*
Embarassed:-[ or :[
Unsure:-\ or :\
Wink;-) or ;)
Wearing sun glasses8-) or 8)
Crying:'(
AngelO:-) or O:)
Yelling>:-O or >:O
\n"; +echo "
\n"; +echo " \n"; +echo "\n"; + +?> \ No newline at end of file diff --git a/images/angel.gif b/images/angel.gif new file mode 100644 index 0000000..581f8f4 Binary files /dev/null and b/images/angel.gif differ diff --git a/images/cry.gif b/images/cry.gif new file mode 100644 index 0000000..35c971b Binary files /dev/null and b/images/cry.gif differ diff --git a/images/embarass.gif b/images/embarass.gif new file mode 100644 index 0000000..67e9cea Binary files /dev/null and b/images/embarass.gif differ diff --git a/images/foot.gif b/images/foot.gif new file mode 100644 index 0000000..49913b6 Binary files /dev/null and b/images/foot.gif differ diff --git a/images/frown.gif b/images/frown.gif new file mode 100644 index 0000000..11d7601 Binary files /dev/null and b/images/frown.gif differ diff --git a/images/grin.gif b/images/grin.gif new file mode 100644 index 0000000..7954d2f Binary files /dev/null and b/images/grin.gif differ diff --git a/images/kiss.gif b/images/kiss.gif new file mode 100644 index 0000000..fb66353 Binary files /dev/null and b/images/kiss.gif differ diff --git a/images/lipssealed.gif b/images/lipssealed.gif new file mode 100644 index 0000000..2e04003 Binary files /dev/null and b/images/lipssealed.gif differ diff --git a/images/money.gif b/images/money.gif new file mode 100644 index 0000000..78f1c23 Binary files /dev/null and b/images/money.gif differ diff --git a/images/shades.gif b/images/shades.gif new file mode 100644 index 0000000..4fdd64c Binary files /dev/null and b/images/shades.gif differ diff --git a/images/smile.gif b/images/smile.gif new file mode 100644 index 0000000..8b037a9 Binary files /dev/null and b/images/smile.gif differ diff --git a/images/surprise.gif b/images/surprise.gif new file mode 100644 index 0000000..f85dd9a Binary files /dev/null and b/images/surprise.gif differ diff --git a/images/tongue.gif b/images/tongue.gif new file mode 100644 index 0000000..2b207bf Binary files /dev/null and b/images/tongue.gif differ diff --git a/images/unsure.gif b/images/unsure.gif new file mode 100644 index 0000000..67210c2 Binary files /dev/null and b/images/unsure.gif differ diff --git a/images/wink.gif b/images/wink.gif new file mode 100644 index 0000000..28869d3 Binary files /dev/null and b/images/wink.gif differ diff --git a/images/yell.gif b/images/yell.gif new file mode 100644 index 0000000..3a390d1 Binary files /dev/null and b/images/yell.gif differ diff --git a/index.php b/index.php new file mode 100644 index 0000000..64ffcde --- /dev/null +++ b/index.php @@ -0,0 +1,78 @@ +\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo "
\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo "
\n"; +echo " $scriptname v$version:\n"; +echo "
\n"; +echo " \n"; +echo "
\n"; +echo " \n"; +echo "
\n"; +echo " \n"; +echo "
\n"; +echo " \n"; +echo "
\n"; +echo " \n"; + +if ($emoticon=="1") + echo "
[ Emoticon Help ]\n"; + +echo "
\n"; +echo "
\n"; +echo " \n"; +echo "\n"; + +?> \ No newline at end of file diff --git a/post.php b/post.php new file mode 100644 index 0000000..1feb454 --- /dev/null +++ b/post.php @@ -0,0 +1,212 @@ +\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; + +$beginning = "
"; +$ending = "

Return
"; + +if ($REQUEST_METHOD == "POST") + { + /* Determine if the nick and message exceed their limits */ + if (strlen($nick) > $nicklength || strlen($message) > $messagelength || strlen($url) > $urllength ) + { + echo "
$error_length

Return
"; + exit; + } + + /* Filter out HTML commands */ + if ($htmlfilter == 1) + { + $nick = strip_tags ($nick); + $url = strip_tags ($url); + $message = strip_tags ($message); + } + + /* Make sure the person isn't trying to exploit the board */ + $url = trim($url); + + if ( !eregi("^(http://|ftp://)?(www\.)?([a-z0-9\.-])+(\.[a-z])+(:[0-9])?(/{1}[\.a-z0-9\+_-])*", $url) && $url != "" && $url != "http://" ) + { + if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $url)) + $url = "mailto:" . $url; + else + { + echo $beginning . "Don't you have better shit to do with your time? Go read a book, bitch." . $ending; + exit; + } + } + else + { + if( !stristr($url, "http://") && !stristr($url, "ftp://") ) + $url = "http://" . $url; + } + + /* Filters out big words, larger than X characters long */ + if ($bigword == 1) + { + $word_array = split(" ", $message); + for($i = 0; $i < count($word_array); $i++) + { + if (strlen($word_array[$i]) > $maxword) + { + echo "$beginning$error_wordlen$ending"; + exit; + } + } + } + + /* Filters out keywords, can be used to limit profanity */ + if ($filter == 1) + { + for ($i = 0; $i <= sizeof($keywords); $i++) + { + if (stristr($nick, $keywords[$i]) || stristr($message, $keywords[$i])) + { + $error = str_replace("[KEYWORD]", $keywords[$i], $error_keyword); + echo "$beginning$error$ending"; + exit; + } + } + } + + /* Check to make sure they aren't trying to post a blank message or use the default values */ + if ( $nick == "" || substr($nick, 0, 4) == "nick" || trim($nick) == "" ) + { + echo "$beginning$error_nonick$ending"; + exit; + } + + if ( $message == "" || substr($message, 0, 7) == "message" || trim($message) == "" ) + { + echo "$beginning$error_nomsg$ending"; + exit; + } + + if ($usemysql == 1) + { + if ($floodprotect == 1) + { + /* This part will limit flooding of the board */ + $SQL = "SELECT * FROM $tablname ORDER BY -id LIMIT 1;"; + $results = mysql_db_query($database, "$SQL", $connection); + if (!$results) + return ("ERROR: " . mysql_error() . "\n$SQL\n"); + + while ($row = mysql_fetch_array($results)) + $prev_ip = $row["ip"]; + + $SQL = "SELECT COUNT(*) as dupeips FROM $tablname WHERE ip='$REMOTE_ADDR' ORDER BY -id LIMIT $floodtotal;"; + $results = mysql_db_query($database, "$SQL", $connection); + if (!$results) + return ("ERROR: " . mysql_error() . "\n$SQL\n"); + + while ($row = mysql_fetch_array($results)) + $dupeips = $row["dupeips"]; + + /* If the IP was the same IP that posted last time, then deny them */ + if ($dupeips >= $floodtotal) + { + echo "$beginning$error_flood$ending"; + exit; + } + } + + /* Put the tag into the database... */ + $SQL = "INSERT INTO $tablname (nick, url, message, datetime, ip) VALUES ('$nick', '$url', '$message', '" . date($ts_format) . "', '$REMOTE_ADDR');"; + $results = mysql_db_query($database, "$SQL", $connection); + if (!$results) + return ("ERROR: " . mysql_error() . "\n$SQL\n"); + + /* Close up that databsae connection like a good code monkey */ + mysql_close($connection); + } + else + { + if ($floodprotect == 1) + { + $file_lines = file($flatfile); + $how_many_times = 0; + $ip_addy = substr($file_lines[0], ((strpos($file_lines[0], "##")) + 2), ((strlen(substr($file_lines[0], ((strpos($file_lines[0], "##")) + 2)))) - 1)); + + if ($REMOTE_ADDR == $ip_addy) + { + + for ($i = 0; $i+1 <= $floodtotal; $i++) + { + $ip_addy = substr($file_lines[$i], (strpos($file_lines[$i], "##"))+2, (strlen(substr($file_lines[$i], ((strpos($file_lines[0], "##")) + 2)))) - 1); + + if ($ip_addy == $REMOTE_ADDR) + { + $how_many_times++; + + if ($how_many_times == $floodtotal) + { + echo "$beginning$error_flood$ending"; + exit; + } + } + } + } + } + + $output = ""; + $file_lines = file($flatfile); + + foreach($file_lines as $line) + $output .= $line; + + if ($url != "" && $url != "http://") + { + $nick = "$nick"; + } + + $ff_input = "$nick%%$message@@" . date($ts_format) . "##$REMOTE_ADDR\n" . $output; + $fp = fopen($flatfile, "w"); + fwrite($fp, stripslashes($ff_input)); + fclose($fp); + } + + if ($emailnotify == 1) + mail($emailaddy, $emailsubject, $emailbody, "From: $scriptname"); + + /* Then redirect back to the board, instead of saying "click here to see your post"... lame. */ + echo " \n"; + } + +echo " \n"; +echo ""; + +?> \ No newline at end of file diff --git a/required.php b/required.php new file mode 100644 index 0000000..9e663d1 --- /dev/null +++ b/required.php @@ -0,0 +1,164 @@ + \ No newline at end of file diff --git a/tagboard.css b/tagboard.css new file mode 100644 index 0000000..3e08bdf --- /dev/null +++ b/tagboard.css @@ -0,0 +1,24 @@ +INPUT, IFRAME + { + border: #000000 1px solid; + font-family: Verdana; + font-size: 7pt; + } + +BODY, TD + { + font-family: Verdana; + font-size: 7pt; + } + +A + { + color: #666666; + text-decoration: none; + } + +A:hover + { + color: #000000; + text-decoration: underline; + } \ No newline at end of file diff --git a/tagboard.dat b/tagboard.dat new file mode 100644 index 0000000..9f275ba --- /dev/null +++ b/tagboard.dat @@ -0,0 +1,3 @@ +josh%%cheers! you got the tag board working!@@04/15/2002 12:00:00 PM##000.000.000.000 +josh%%you probably want to clear this file out before you implement the board :)@@04/15/2002 12:00:00 PM##000.000.000.000 +josh%%remember to chmod 666 this file, so that people have access to write to it!@@04/15/2002 12:00:00 PM##000.000.000.000 \ No newline at end of file diff --git a/tagboard.php b/tagboard.php new file mode 100644 index 0000000..d5223bb --- /dev/null +++ b/tagboard.php @@ -0,0 +1,170 @@ +\n\n"; +echo "\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; + +if ($usemysql == 1) + { + /* Load the tagboard, the X number of most recent posts */ + if ($order == "0") + $SQL = "SELECT * FROM $tablname ORDER BY -id LIMIT $howmany"; + else + $SQL = "SELECT * FROM $tablname ORDER BY id LIMIT $howmany"; + + $results = mysql_db_query($database, "$SQL", $connection); + if (!$results) + return ("ERROR: " . mysql_error() . "\n$SQL\n"); + + while ($row = mysql_fetch_array($results)) + { + $nick = $row["nick"]; + $url = $row["url"]; + $message = $row["message"]; + $datetime = $row["datetime"]; + + /* Add Emoticons to the user's message */ + if ($emoticon == 1) + emoticon($message); + + /* Some people don't have web sites, so we check to see if they put a URL in the database */ + if ($url=="" or $url=="http://") /* If they didn't then we just display the nick and the message */ + $nick = "$nick"; + else /* If they did, then we link it!! */ + $nick = "$nick"; + + if ($timestamping == 1) + echo " $nick ($datetime)$spacer $message
\n"; + else + echo " $nick$spacer $message
\n"; + } + + /* Like always, we close the connection to the database */ + mysql_close($connection); + } +else + { + $i = 0; + $file_lines = file($flatfile); + + foreach($file_lines as $line) + { + if ($i <= $howmany) + { + $delim = strpos($line, "%%"); + $ts_delim = strpos($line, "@@"); + $ip_delim = strpos($line, "##"); + + $nick = substr($line, 0, $delim); + $message = substr($line, $delim + 2, $ts_delim - $delim - 2); + $ts = substr($line, $ts_delim + 2, $ip_delim - $ts_delim - 2); + + if ($timestamping == 1) + echo " $nick ($ts)$spacer "; + else + echo " $nick$spacer "; + + if ($emoticon == 1) + echo (emoticon($message)); + else + echo "$message"; + + echo "
\n"; + + $i++; + } + } + } + +echo "
\n"; +echo "
\n"; +echo " $scriptname v$version\n"; +echo "
\n"; +echo " \n"; +echo "\n"; +echo "\n"; + +function emoticon($msg) + { + $msg = str_replace("o:-)", "", $msg); + $msg = str_replace("o:)", "", $msg); + $msg = str_replace("O:-)", "", $msg); + $msg = str_replace("O:)", "", $msg); + $msg = str_replace(":-)", "", $msg); + $msg = str_replace(":)", "", $msg); + $msg = str_replace(":-(", "", $msg); + $msg = str_replace(":(", "", $msg); + $msg = str_replace(":-\\", "", $msg); + $msg = str_replace(":\\", "", $msg); + $msg = str_replace(":-p", "", $msg); + $msg = str_replace(":p", "", $msg); + $msg = str_replace(":-P", "", $msg); + $msg = str_replace(":P", "", $msg); + $msg = str_replace(";-)", "", $msg); + $msg = str_replace(";)", "", $msg); + $msg = str_replace(":-*", "", $msg); + $msg = str_replace(":*", "", $msg); + $msg = str_replace(":-*", "", $msg); + $msg = str_replace(":*", "", $msg); + $msg = str_replace(":-!", "", $msg); + $msg = str_replace(":!", "", $msg); + $msg = str_replace(":'(", "", $msg); + $msg = str_replace(">:-o", "", $msg); + $msg = str_replace(">:o", "", $msg); + $msg = str_replace(">:-O", "", $msg); + $msg = str_replace(">:O", "", $msg); + $msg = str_replace(":-o", "", $msg); + $msg = str_replace(":o", "", $msg); + $msg = str_replace(":-O", "", $msg); + $msg = str_replace(":O", "", $msg); + $msg = str_replace(":-$", "", $msg); + $msg = str_replace(":$", "", $msg); + $msg = str_replace(":-[", "", $msg); + $msg = str_replace(":[", "", $msg); + $msg = str_replace(":-X", "", $msg); + $msg = str_replace(":X", "", $msg); + $msg = str_replace(":-x", "", $msg); + $msg = str_replace(":x", "", $msg); + $msg = str_replace("8-)", "", $msg); + $msg = str_replace("8)", "", $msg); + $msg = str_replace(":-d", "", $msg); + $msg = str_replace(":d", "", $msg); + $msg = str_replace(":-D", "", $msg); + $msg = str_replace(":D", "", $msg); + + return $msg; + } + +?> \ No newline at end of file