novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 25 Pull Requests Releases Wiki Activity

Begin adding ability to modify layout, etc. based on User-Agent.

This commit is contained in:
Retro_Guy 2023-09-04 06:06:43 -07:00
parent 1aa93edf6f
commit 3550e09894
11 changed files with 1421 additions and 1348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

747
Rocksolid_Light/common/register.php
View File

@ -1,170 +1,167 @@
<?php
include "config.inc.php";
include "alphabet.inc.php";
$title.=' - Register';
$title .= ' - Register';
include "head.inc";
$keyfile = $spooldir.'/keys.dat';
$keyfile = $spooldir . '/keys.dat';
$keys = unserialize(file_get_contents($keyfile));
$email_registry = $spooldir.'/email_registry.dat';
$email_registry = $spooldir . '/email_registry.dat';
if(!file_exists($config_dir.'/phpmailer.inc.php')) {
if (! file_exists($config_dir . '/phpmailer.inc.php')) {
$CONFIG['verify_email'] = false;
}
if(isset($_POST['captchaimage']) && file_exists($_POST['captchaimage'])) {
unlink($_POST['captchaimage']);
if (isset($_POST['captchaimage']) && file_exists($_POST['captchaimage'])) {
unlink($_POST['captchaimage']);
}
if(!isset($_POST['username'])) {
if (! isset($_POST['username'])) {
$_POST['username'] = null;
}
if(!isset($_POST['key'])) {
if (! isset($_POST['key'])) {
$_POST['key'] = null;
}
if(!isset($_POST['user_email'])) {
if (! isset($_POST['user_email'])) {
$_POST['user_email'] = null;
}
$username_allowed_chars = "a-zA-Z0-9_.";
$clean_username = preg_replace("/[^$username_allowed_chars]/", "", $_POST['username']);
if((password_verify($keys[0],$_POST['key'])) || (password_verify($keys[1],$_POST['key']))) {
$auth_ok = true;
if ((password_verify($keys[0], $_POST['key'])) || (password_verify($keys[1], $_POST['key']))) {
$auth_ok = true;
} else {
$auth_ok = false;
unset($_POST['command']);
$auth_ok = false;
unset($_POST['command']);
}
if(!isset($_POST['command'])) {
if (isset($_COOKIE["ts_limit"])) {
echo "It appears you already have an active account<br/>";
echo "More than one account may not be created in 30 days<br/>";
echo '<br/><a href="/">Return to Home Page</a>';
} else {
$captchaImage = '../tmp/captcha'.time().'.png';
$captchacode = prepareCaptcha($captchaImage);
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<tr>';
echo '<form name="form1" method="post" action="register.php">';
echo '<td><tr>';
echo '<td><strong>Register Username </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td><input name="username" type="text" id="username"value="'.$_POST['username'].'" maxlength="30"></td>';
echo '</tr><tr>';
echo '<td>Email:</td>';
echo '<td><input name="user_email" type="text" id="user_email" value="'.$_POST['user_email'].'"></td>';
echo '</tr><tr>';
echo '<td>Password:</td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><img src="'.$captchaImage.'" /></td>';
echo '<td><input name="captcha" type="text" id="captcha"></td>';
echo '</tr><tr>';
echo '<td><input name="captchacode" type="hidden" id="captchacode" value="'.$captchacode.'" readonly="readonly"></td>';
echo '<td><input name="captchaimage" type="hidden" id="captchaimage" value="'.$captchaImage.'" readonly="readonly"></td>';
echo '<td><input name="command" type="hidden" id="command" value="Create" readonly="readonly"></td>';
echo '<td><input name="key" type="hidden" value="'.password_hash($keys[0], PASSWORD_DEFAULT).'"></td>';
echo '</tr><tr>';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Create"></td>';
echo '</tr>';
echo '<tr><td><a href="changepw.php">Change current password</a></td></tr>';
echo '<tr><td>';
echo '<td></td><td></td>';
echo '</td></tr>';
echo '</td>';
echo '</form>';
echo '</tr>';
echo '</table>';
}
echo '</body>';
echo '</html>';
exit(0);
}
if(isset($_POST['command']) && $_POST['command'] == 'CreateNew') {
include $config_dir.'/synchronet.conf';
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
$username = $_POST['username'];
$password = $_POST['password'];
$user_email = $_POST['user_email'];
if(isset($_POST['code'])) {
$code = $_POST['code'];
} else {
$code = false;
}
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
@mkdir($workpath.'new/');
$verified = 0;
$no_verify=explode(' ', $CONFIG['no_verify']);
foreach($no_verify as $no) {
if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) {
$CONFIG['verify_email'] = false;
if (! isset($_POST['command'])) {
if (isset($_COOKIE["ts_limit"])) {
echo "It appears you already have an active account<br/>";
echo "More than one account may not be created in 30 days<br/>";
echo '<br/><a href="/">Return to Home Page</a>';
} else {
$captchaImage = '../tmp/captcha' . time() . '.png';
$captchacode = prepareCaptcha($captchaImage);
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<tr>';
echo '<form name="form1" method="post" action="register.php">';
echo '<td><tr>';
echo '<td><strong>Register Username </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td><input name="username" type="text" id="username"value="' . $_POST['username'] . '" maxlength="30"></td>';
echo '</tr><tr>';
echo '<td>Email:</td>';
echo '<td><input name="user_email" type="text" id="user_email" value="' . $_POST['user_email'] . '"></td>';
echo '</tr><tr>';
echo '<td>Password:</td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><img src="' . $captchaImage . '" /></td>';
echo '<td><input name="captcha" type="text" id="captcha"></td>';
echo '</tr><tr>';
echo '<td><input name="captchacode" type="hidden" id="captchacode" value="' . $captchacode . '" readonly="readonly"></td>';
echo '<td><input name="captchaimage" type="hidden" id="captchaimage" value="' . $captchaImage . '" readonly="readonly"></td>';
echo '<td><input name="command" type="hidden" id="command" value="Create" readonly="readonly"></td>';
echo '<td><input name="key" type="hidden" value="' . password_hash($keys[0], PASSWORD_DEFAULT) . '"></td>';
echo '</tr><tr>';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Create"></td>';
echo '</tr>';
echo '<tr><td><a href="changepw.php">Change current password</a></td></tr>';
echo '<tr><td>';
echo '<td></td><td></td>';
echo '</td></tr>';
echo '</td>';
echo '</form>';
echo '</tr>';
echo '</table>';
}
}
if($CONFIG['verify_email'] == true) {
$saved_code = file_get_contents(sys_get_temp_dir()."/".$username);
if((strcmp(trim($code), trim($saved_code))) !== 0) {
echo "Code does not match. Try again.<br />";
echo '<form name="create1" method="post" action="register.php">';
echo '<input name="code" type="text" id="code">&nbsp;';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="'.$password.'" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<input name="key" type="hidden" value="'.password_hash($keys[0], PASSWORD_DEFAULT).'">';
echo '<br/><br/><a href="'.$CONFIG['default_content'].'">Cancel and return to home page</a>';
exit(2);
}
$verified = 1;
}
if ($userFileHandle = @fopen($userFilename, 'w+'))
{
echo '</body>';
echo '</html>';
exit(0);
}
if (isset($_POST['command']) && $_POST['command'] == 'CreateNew') {
include $config_dir . '/synchronet.conf';
$workpath = $config_dir . "users/";
$keypath = $config_dir . "userconfig/";
$username = $_POST['username'];
$password = $_POST['password'];
$user_email = $_POST['user_email'];
if (isset($_POST['code'])) {
$code = $_POST['code'];
} else {
$code = false;
}
$userFilename = $workpath . $username;
$keyFilename = $keypath . $username;
@mkdir($workpath . 'new/');
$verified = 0;
$no_verify = explode(' ', $CONFIG['no_verify']);
foreach ($no_verify as $no) {
if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) {
$CONFIG['verify_email'] = false;
}
}
if ($CONFIG['verify_email'] == true) {
$saved_code = file_get_contents(sys_get_temp_dir() . "/" . $username);
if ((strcmp(trim($code), trim($saved_code))) !== 0) {
echo "Code does not match. Try again.<br />";
echo '<form name="create1" method="post" action="register.php">';
echo '<input name="code" type="text" id="code">&nbsp;';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="' . $password . '" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<input name="key" type="hidden" value="' . password_hash($keys[0], PASSWORD_DEFAULT) . '">';
echo '<br/><br/><a href="' . $CONFIG['default_content'] . '">Cancel and return to home page</a>';
exit(2);
}
$verified = 1;
}
if ($userFileHandle = @fopen($userFilename, 'w+')) {
fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
fclose($userFileHandle);
chmod($userFilename, 0666);
}
// Create synchronet account
if(isset($synch_create) && $synch_create == true) {
// Create synchronet account
if (isset($synch_create) && $synch_create == true) {
putenv("SBBSCTRL=$synch_path/ctrl");
$result = shell_exec("$synch_path/exec/makeuser $username -P $password");
}
$newkey = make_key($username);
if ($userFileHandle = @fopen($keyFilename, 'w+'))
{
fwrite($userFileHandle, 'encryptionkey:'.$newkey."\r\n");
fwrite($userFileHandle, 'email:'.$user_email."\r\n");
if($verified == 1) {
fwrite($userFileHandle, "email_verified:true\r\n");
if ($userFileHandle = @fopen($keyFilename, 'w+')) {
fwrite($userFileHandle, 'encryptionkey:' . $newkey . "\r\n");
fwrite($userFileHandle, 'email:' . $user_email . "\r\n");
if ($verified == 1) {
fwrite($userFileHandle, "email_verified:true\r\n");
}
fclose($userFileHandle);
chmod($userFilename, 0666);
}
if(file_exists(sys_get_temp_dir()."/".$username)) {
unlink(sys_get_temp_dir()."/".$username);
if (file_exists(sys_get_temp_dir() . "/" . $username)) {
unlink(sys_get_temp_dir() . "/" . $username);
}
echo "User:".$username." Created\r\n";
echo '<br /><a href="'.$CONFIG['default_content'].'">Back</a>';
echo "User:" . $username . " Created\r\n";
echo '<br /><a href="' . $CONFIG['default_content'] . '">Back</a>';
exit(0);
exit(0);
}
if($CONFIG['verify_email'] == true) {
include($config_dir.'/phpmailer.inc.php');
if(class_exists('PHPMailer')) {
$mail = new PHPMailer();
} else {
$mail = new PHPMailer\PHPMailer\PHPMailer();
}
if ($CONFIG['verify_email'] == true) {
include ($config_dir . '/phpmailer.inc.php');
if (class_exists('PHPMailer')) {
$mail = new PHPMailer();
} else {
$mail = new PHPMailer\PHPMailer\PHPMailer();
}
}
# $hostname: '{POPaddress:port/pop3}INBOX'
@ -172,8 +169,8 @@ $hostname = '{mail.example.com:110/pop3}INBOX';
# $external: Using external POP auth?
$external = 0;
# $workpath: Where to cache users (must be writable by calling program)
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
$workpath = $config_dir . "users/";
$keypath = $config_dir . "userconfig/";
$ok = FALSE;
$command = "Login";
@ -187,122 +184,118 @@ echo '<center>';
$thisusername = $username;
$username = strtolower($username);
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
$userFilename = $workpath . $username;
$keyFilename = $keypath . $username;
# Check all input
if (empty($_POST['username'])) {
echo "Please enter a Username\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
echo "Please enter a Username\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
if (strlen($clean_username) > 30)
{
echo "The maximum username length is 30 characters. You entered ". $clean_username . " which is " . strlen($cleanusername) . " characters long.<br />";
if (strlen($clean_username) > 30) {
echo "The maximum username length is 30 characters. You entered " . $clean_username . " which is " . strlen($cleanusername) . " characters long.<br />";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$clean_username.'" readonly="readonly" maxlength="22">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input name="username" type="hidden" id="username" value="' . $clean_username . '" readonly="readonly" maxlength="22">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Please try again"></td>';
exit(2);
}
if($clean_username != $_POST['username']) {
echo "The username entered contains disallowed characters.<br />";
echo "Allowed characters:<br />letters, numbers, underscore, hypen, full stop<br /><br />";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$clean_username.'" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Please try again"></td>';
exit(2);
}
if(filter_var($user_email, FILTER_VALIDATE_EMAIL) == false) {
echo "Email address format appears incorrect\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
if($CONFIG['verify_email']) {
$user_domain = explode('@', $user_email);
if((checkdnsrr($user_domain[1].'.', "MX") == false) && (checkdnsrr($user_domain[1].'.', "A") == false)) {
echo "Email domain appears to not exist\n";
if ($clean_username != $_POST['username']) {
echo "The username entered contains disallowed characters.<br />";
echo "Allowed characters:<br />letters, numbers, underscore, hypen, full stop<br /><br />";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
echo '<input name="username" type="hidden" id="username" value="' . $clean_username . '" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Please try again"></td>';
exit(2);
}
if (filter_var($user_email, FILTER_VALIDATE_EMAIL) == false) {
echo "Email address format appears incorrect\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
if ($CONFIG['verify_email']) {
$user_domain = explode('@', $user_email);
if ((checkdnsrr($user_domain[1] . '.', "MX") == false) && (checkdnsrr($user_domain[1] . '.', "A") == false)) {
echo "Email domain appears to not exist\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
}
if (($_POST['password'] !== $_POST['password2']) || $_POST['password'] == '') {
echo "Your passwords entered do not match\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
echo "Your passwords entered do not match\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
if (getExpressionResult($_POST['captchacode']) != $_POST['captcha']) {
echo "Incorrect captcha response\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
echo "Incorrect captcha response\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
/* Check for existing email address */
$users = scandir($config_dir."/userconfig");
foreach($users as $user) {
if(!is_file($config_dir."/userconfig/".$user)) {
continue;
}
if(strcmp(get_user_config($user, 'mail'), $user_email) == 0) {
echo "Email exists in database\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
$users = scandir($config_dir . "/userconfig");
foreach ($users as $user) {
if (! is_file($config_dir . "/userconfig/" . $user)) {
continue;
}
if (strcmp(get_user_config($user, 'mail'), $user_email) == 0) {
echo "Email exists in database\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
}
# Check email address attempts to avoid abuse
if(file_exists($email_registry)) {
$tried_email = unserialize(file_get_contents($email_registry));
if(isset($tried_email[$user_email])) {
echo "Email address already used\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
if (file_exists($email_registry)) {
$tried_email = unserialize(file_get_contents($email_registry));
if (isset($tried_email[$user_email])) {
echo "Email address already used\r\n";
echo '<form name="return1" method="post" action="register.php">';
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Back"></td>';
exit(2);
}
}
if (!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,3})$^",$user_email)) {
echo "Email must be in the form of an email address\r\n";
echo '<br /><a href="register.php">Back</a>';
exit(2);
if (! preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,3})$^", $user_email)) {
echo "Email must be in the form of an email address\r\n";
echo '<br /><a href="register.php">Back</a>';
exit(2);
}
# Does user file already exist?
if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases.conf', strtolower($thisusername)) !== false))
{
if ($command == "Create")
{
echo "User:".$thisusername." Already Exists\r\n";
echo '<br /><a href="register.php">Back</a>';
exit(2);
if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases.conf', strtolower($thisusername)) !== false)) {
if ($command == "Create") {
echo "User:" . $thisusername . " Already Exists\r\n";
echo '<br /><a href="register.php">Back</a>';
exit(2);
}
$userFileInfo = fread($userFileHandle, filesize($userFilename));
fclose($userFileHandle);
# User/Pass is correct
if (password_verify ( $password , $userFileInfo))
{
if (password_verify($password, $userFileInfo)) {
touch($userFilename);
$ok = TRUE;
} else {
@ -313,209 +306,205 @@ if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases
}
# Ok to log in. User authenticated.
if ($ok)
{
echo "User:".$thisusername."\r\n";
exit(0);
if ($ok) {
echo "User:" . $thisusername . "\r\n";
exit(0);
}
# Using external authentication
if ($external)
{
$mbox = @imap_open ( $hostname , $username , $password );
if ($mbox)
{
if ($external) {
$mbox = @imap_open($hostname, $username, $password);
if ($mbox) {
$ok = TRUE;
imap_close($mbox);
}
}
# User is authenticated or to be created. Either way, create the file
if ($ok || ($command == "Create") )
{
echo 'Create account: '.$_POST['username'].'<br/><br />';
/* Generate email */
# only check for no verification is the field has been populated
if (!empty($CONFIG['no_verify']))
{
$no_verify=explode(' ', $CONFIG['no_verify']);
foreach($no_verify as $no) {
if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) {
$CONFIG['verify_email'] = false;
}
}
}
if($CONFIG['verify_email']) {
# Log email address attempts to avoid abuse
if(file_exists($email_registry)) {
$tried_email = unserialize(file_get_contents($email_registry));
}
$tried_email[$user_email]['time'] = time();
file_put_contents($email_registry, serialize($tried_email));
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
if ($ok || ($command == "Create")) {
echo 'Create account: ' . $_POST['username'] . '<br/><br />';
/* Generate email */
# only check for no verification is the field has been populated
if (! empty($CONFIG['no_verify'])) {
$no_verify = explode(' ', $CONFIG['no_verify']);
foreach ($no_verify as $no) {
if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) {
$CONFIG['verify_email'] = false;
}
}
}
if ($CONFIG['verify_email']) {
# Log email address attempts to avoid abuse
if (file_exists($email_registry)) {
$tried_email = unserialize(file_get_contents($email_registry));
}
$tried_email[$user_email]['time'] = time();
file_put_contents($email_registry, serialize($tried_email));
$mail->IsSMTP();
#uncomment below to enable debugging
#$mail->SMTPDebug = 3;
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
$mail->CharSet = 'UTF-8';
$mail->Host = $mailer['host'];
$mail->SMTPAuth = true;
$mail->IsSMTP();
# uncomment below to enable debugging
# $mail->SMTPDebug = 3;
$mail->Port = $mailer['port'];
$mail->Username = $mailer['username'];
$mail->Password = $mailer['password'];;
$mail->SMTPSecure = 'tls';
$mail->setFrom($mail_user.'@'.$mail_domain, $mail_name);
$mail->addAddress($user_email);
$mail->CharSet = 'UTF-8';
$mail->Host = $mailer['host'];
$mail->SMTPAuth = true;
$mail->Subject = "Confirmation code for ".$_SERVER['HTTP_HOST'];
$mail->Port = $mailer['port'];
$mail->Username = $mailer['username'];
$mail->Password = $mailer['password'];
;
$mail->SMTPSecure = 'tls';
foreach($mail_custom_header as $key => $value) {
$mail->addCustomHeader($key, $value);
}
$mail->setFrom($mail_user . '@' . $mail_domain, $mail_name);
$mail->addAddress($user_email);
$mycode = create_code($username);
$msg="A request to create an account on ".$_SERVER['HTTP_HOST'];
$msg.=" has been made using ".$user_email.".\n\n";
$msg.="If you did not request this, please ignore and the request will fail.\n\n";
$msg.="This is your account creation code: ".$mycode."\n\n";
$msg.="Note: replies to this email address are checked daily.";
$mail->Body = wordwrap($msg,70);
if (!$mail->send())
{
echo 'The message could not be sent.';
echo '<p>Error: ' . $mail->ErrorInfo;
}
else
{
echo 'An email has been sent to '.$user_email.'<br />';
echo 'Please enter the code from the email below:<br />';
}
}
$mail->Subject = "Confirmation code for " . $_SERVER['HTTP_HOST'];
echo '<form name="create1" method="post" action="register.php">';
if($CONFIG['verify_email'] == true) {
echo '<input name="code" type="text" id="code">&nbsp;';
}
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="'.$password.'" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input name="key" type="hidden" value="'.password_hash($keys[0], PASSWORD_DEFAULT).'">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<br/><br/><a href="'.$CONFIG['default_content'].'">Cancel and return to home page</a>';
}
else {
foreach ($mail_custom_header as $key => $value) {
$mail->addCustomHeader($key, $value);
}
$mycode = create_code($username);
$msg = "A request to create an account on " . $_SERVER['HTTP_HOST'];
$msg .= " has been made using " . $user_email . ".\n\n";
$msg .= "If you did not request this, please ignore and the request will fail.\n\n";
$msg .= "This is your account creation code: " . $mycode . "\n\n";
$msg .= "Note: replies to this email address are checked daily.";
$mail->Body = wordwrap($msg, 70);
if (! $mail->send()) {
echo 'The message could not be sent.';
echo '<p>Error: ' . $mail->ErrorInfo;
} else {
echo 'An email has been sent to ' . $user_email . '<br />';
echo 'Please enter the code from the email below:<br />';
}
}
echo '<form name="create1" method="post" action="register.php">';
if ($CONFIG['verify_email'] == true) {
echo '<input name="code" type="text" id="code">&nbsp;';
}
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="' . $password . '" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">';
echo '<input name="key" type="hidden" value="' . password_hash($keys[0], PASSWORD_DEFAULT) . '">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<br/><br/><a href="' . $CONFIG['default_content'] . '">Cancel and return to home page</a>';
} else {
echo "Authentication Failed\r\n";
exit(1);
}
function get_user_config($username,$request) {
global $config_dir;
$userconfigpath = $config_dir."userconfig/";
$username = strtolower($username);
$userFilename = $userconfigpath.$username;
function get_user_config($username, $request)
{
global $config_dir;
$userconfigpath = $config_dir . "userconfig/";
$username = strtolower($username);
$userFilename = $userconfigpath . $username;
if ($userFileHandle = @fopen($userFilename, 'r'))
{
while (!feof($userFileHandle))
{
$buffer = fgets($userFileHandle);
if(strpos($buffer, $request.':') !== FALSE) {
$userdataline=$buffer;
if ($userFileHandle = @fopen($userFilename, 'r')) {
while (! feof($userFileHandle)) {
$buffer = fgets($userFileHandle);
if (strpos($buffer, $request . ':') !== FALSE) {
$userdataline = $buffer;
fclose($userFileHandle);
$userdatafound = explode(':', $userdataline);
return trim($userdatafound[1]);
}
}
fclose($userFileHandle);
$userdatafound = explode(':',$userdataline);
return trim($userdatafound[1]);
}
return FALSE;
} else {
return FALSE;
}
fclose($userFileHandle);
return FALSE;
} else {
return FALSE;
}
}
function make_key($username) {
function make_key($username)
{
$key = openssl_random_pseudo_bytes(44);
return base64_encode($key);
}
function create_code($username) {
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$code = substr(str_shuffle($permitted_chars), 0, 16);
$userfile = sys_get_temp_dir()."/".$username;
file_put_contents($userfile, $code);
return $code;
function create_code($username)
{
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$code = substr(str_shuffle($permitted_chars), 0, 16);
$userfile = sys_get_temp_dir() . "/" . $username;
file_put_contents($userfile, $code);
return $code;
}
function get_config_value($configfile,$request) {
global $config_dir;
if ($configFileHandle = @fopen($config_dir.'/'.$configfile, 'r'))
{
while (!feof($configFileHandle))
{
$buffer = fgets($configFileHandle);
if(strpos($buffer, $request.':') !== FALSE) {
$dataline=$buffer;
fclose($configFileHandle);
$datafound = explode(':',$dataline);
return $datafound[1];
}
}
fclose($configFileHandle);
return FALSE;
} else {
return FALSE;
}
}
function get_config_value($configfile, $request)
{
global $config_dir;
function generateImage($text, $file) {
$im = @imagecreate(74, 25) or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 200, 200, 200);
$text_color = imagecolorallocate($im, 0, 0, 0);
imagestring($im, 5, 5, 5, $text, $text_color);
imagepng($im, $file);
imagedestroy($im);
}
function getIndex($alphabet, $letter) {
for($i=0; $i<count($alphabet); $i++) {
$l = $alphabet[$i];
if($l === $letter) return $i;
if ($configFileHandle = @fopen($config_dir . '/' . $configfile, 'r')) {
while (! feof($configFileHandle)) {
$buffer = fgets($configFileHandle);
if (strpos($buffer, $request . ':') !== FALSE) {
$dataline = $buffer;
fclose($configFileHandle);
$datafound = explode(':', $dataline);
return $datafound[1];
}
}
fclose($configFileHandle);
return FALSE;
} else {
return FALSE;
}
function getExpressionResult($code) {
global $alphabet, $alphabetsForNumbers;
$userAlphabetIndex = getIndex($alphabet, substr($code, 0, 1));
$number1 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 1, 1));
$number2 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 2, 1));
return $number1 + $number2;
}
function generateImage($text, $file)
{
$im = @imagecreate(74, 25) or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 200, 200, 200);
$text_color = imagecolorallocate($im, 0, 0, 0);
imagestring($im, 5, 5, 5, $text, $text_color);
imagepng($im, $file);
imagedestroy($im);
}
function getIndex($alphabet, $letter)
{
for ($i = 0; $i < count($alphabet); $i ++) {
$l = $alphabet[$i];
if ($l === $letter)
return $i;
}
function prepareCaptcha($captchaImage) {
global $alphabet, $alphabetsForNumbers;
// generating expression
}
function getExpressionResult($code)
{
global $alphabet, $alphabetsForNumbers;
$userAlphabetIndex = getIndex($alphabet, substr($code, 0, 1));
$number1 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 1, 1));
$number2 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 2, 1));
return $number1 + $number2;
}
function prepareCaptcha($captchaImage)
{
global $alphabet, $alphabetsForNumbers;
// generating expression
$expression = (object) array(
"n1" => rand(0, 9),
"n1" => rand(0, 9),
"n2" => rand(0, 9)
);
generateImage($expression->n1.' + '.$expression->n2.' =', $captchaImage);
generateImage($expression->n1 . ' + ' . $expression->n2 . ' =', $captchaImage);
$usedAlphabet = rand(0, 9);
$code = $alphabet[$usedAlphabet].
$alphabetsForNumbers[$usedAlphabet][$expression->n1].
$alphabetsForNumbers[$usedAlphabet][$expression->n2];
return($code);
}
$code = $alphabet[$usedAlphabet] . $alphabetsForNumbers[$usedAlphabet][$expression->n1] . $alphabetsForNumbers[$usedAlphabet][$expression->n2];
return ($code);
}
?>

11
Rocksolid_Light/rocksolid/article-flat.php
View File

@ -61,8 +61,6 @@ if (strpos($id, '@') !== false) {
if (isset($_REQUEST["first"]))
$first = $_REQUEST["first"];
$_SESSION['rsactive'] = true;
if (! isset($_SERVER['REQUEST_STRING'])) {
$_SERVER['REQUEST_STRING'] = '';
}
@ -103,6 +101,11 @@ if (! $message) {
$title .= ' - ' . $group . ' - ' . $subject;
}
include "head.inc";
if ($client_device != "bot") {
$_SESSION['rsactive'] = true;
}
echo '<h1 class="np_thread_headline">';
echo '<a href="' . $file_index . '" target=' . $frame['menu'] . '>' . basename(getcwd()) . '</a> / ';
echo '<a href="' . $file_thread . '?group=' . rawurlencode($group) . '" target=' . $frame["content"] . '>' . htmlspecialchars(group_display_name($group)) . '</a> / ' . $subject . '</h1>';
@ -117,6 +120,10 @@ if ($message) {
// load thread-data and get IDs of the actual subthread
$thread = thread_load($group);
$subthread = thread_getsubthreadids($message->header->id, $thread);
if (! $subthread) {
echo '<center>Group is rebuilding... Please try again later</center>';
exit();
}
if ($thread_articles == false) {
sort($subthread);
}

48
Rocksolid_Light/rocksolid/head.inc
View File

@ -1,20 +1,50 @@
<?php
echo '<html><head>';
echo '<title>'.htmlspecialchars($title).'</title>';
echo '<title>' . htmlspecialchars($title) . '</title>';
echo '<meta name="viewport" content="width=device-width, initial-scale=1.0">';
echo '<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=<?=$www_charset?>">';
include "config.inc.php";
if(file_exists($config_dir.'/googleanalytics.conf')) {
include $config_dir.'/googleanalytics.conf';
// Try to get browser info to use for extra formatting of page
$ua = strtolower($_SERVER["HTTP_USER_AGENT"]);
$devices = array(
"bot",
"spider",
"mobile",
"lynx",
"w3m",
"links",
"ipad",
"tablet"
);
$client_device = "desktop";
foreach ($devices as $device) {
if (strpos($ua, $device) !== false) {
$client_device = $device;
break;
}
}
if($client_device == "spider") {
$client_device = "bot";
}
// Log client device if enabled by semaphore
if (file_exists($config_dir . '/devicelog.enable')) {
$client_ip = getenv("REMOTE_ADDR");
$logfile = $logdir . '/device.log';
file_put_contents($logfile, "\n" . date('M d H:i:s') . " " . $config_name . " Client: " . $client_ip . " browser: " . $client_device, FILE_APPEND);
file_put_contents($logfile, "\nFull UA: ".$ua, FILE_APPEND);
}
if(isset($frames_on) && $frames_on === false) {
if (file_exists('../common/mods/header.php')) {
include "../common/mods/header.php";
} else {
include "../common/header.php";
}
if (file_exists($config_dir . '/googleanalytics.conf')) {
include $config_dir . '/googleanalytics.conf';
}
if (isset($frames_on) && $frames_on === false) {
if (file_exists('../common/mods/header.php')) {
include "../common/mods/header.php";
} else {
include "../common/header.php";
}
}
echo '<hr></head>';
echo '<body textcolor="black" bgcolor="white">';

1504
Rocksolid_Light/rocksolid/lib/message.inc.php
View File

File diff suppressed because it is too large Load Diff

17
Rocksolid_Light/rocksolid/newsportal.php
View File

@ -1715,6 +1715,23 @@ function get_config_value($configfile, $request)
}
}
function disable_page_by_user_agent($client_device, $useragent, $script = "Page")
{
global $logdir, $config_name, $count_bots;
if ($client_device == $useragent) {
$logfile = $logdir . '/device.log';
file_put_contents($logfile, "\n" . date('M d H:i:s') . " " . $config_name . " " . $script . " disabled for '" . $useragent . "' Exiting...", FILE_APPEND);
if ($client_device == "bot") {
if (isset($_SESSION['rsactive'])) {
unset($_SESSION['rsactive']);
}
}
return true;
} else {
return false;
}
}
function throttle_hits()
{
global $CONFIG, $logdir;

7
Rocksolid_Light/rocksolid/post.php
View File

@ -55,6 +55,13 @@ if ((isset($post_port)) && ($post_port != ""))
include $file_newsportal;
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Post")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
global $synchro_user, $synchro_pass;
// check to which groups the user is allowed to post to
$thisgroup = _rawurldecode($_REQUEST['group']);

6
Rocksolid_Light/rocksolid/search.php
View File

@ -20,6 +20,12 @@ if (isset($_REQUEST['data']) && $_REQUEST['data'] == '') {
if ((! isset($_POST['key']) || ! password_verify($CONFIG['thissitekey'], $_POST['key'])) || ((strlen(trim($_REQUEST['terms'])) < 2) && ! $_REQUEST['data'])) {
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Search")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
echo '<h1 class="np_thread_headline">';
echo '<a href="' . $file_index . '" target=' . $frame['menu'] . '>' . basename(getcwd()) . '</a> / ';
echo 'search</h1>';

302
Rocksolid_Light/rslight/scripts/cron.php Executable file → Normal file
View File

@ -1,187 +1,193 @@
<?php
// This file runs maintenance scripts and should be executed by cron regularly
include "config.inc.php";
include "newsportal.php";
include $config_dir."/scripts/rslight-lib.php";
include $config_dir."/gpg.conf";
include "config.inc.php";
include "newsportal.php";
include $config_dir . "/scripts/rslight-lib.php";
include $config_dir . "/gpg.conf";
$menulist = file($config_dir."menu.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if (file_exists($config_dir . '/cron.disable')) {
$logfile = $logdir . '/cron.log';
file_put_contents($logfile, "\n" . date('M d H:i:s') . " " . $config_name . " cron.php disabled by semaphore: ".$config_dir . "/cron.disable Exiting...", FILE_APPEND);
exit;
}
$menulist = file($config_dir . "menu.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
# Start or verify NNTP server
if(isset($CONFIG['enable_nntp']) && $CONFIG['enable_nntp'] == true) {
if (isset($CONFIG['enable_nntp']) && $CONFIG['enable_nntp'] == true) {
# Create group list for nntp.php
$fp1=$spooldir."/".$config_name."/groups.txt";
$fp1 = $spooldir . "/" . $config_name . "/groups.txt";
unlink($fp1);
touch($fp1);
foreach($menulist as $menu) {
if(($menu[0] == '#') || trim($menu) == "") {
continue;
}
$menuitem=explode(':', $menu);
if($menuitem[2] == '1') {
$in_gl = file($config_dir.$menuitem[0]."/groups.txt");
foreach($in_gl as $ok_group) {
if(($ok_group[0] == ':') || (trim($ok_group) == "")) {
continue;
}
$ok_group = preg_split("/( |\t)/", trim($ok_group), 2);
file_put_contents($fp1, $ok_group[0]."\r\n", FILE_APPEND);
}
}
foreach ($menulist as $menu) {
if (($menu[0] == '#') || trim($menu) == "") {
continue;
}
$menuitem = explode(':', $menu);
if ($menuitem[2] == '1') {
$in_gl = file($config_dir . $menuitem[0] . "/groups.txt");
foreach ($in_gl as $ok_group) {
if (($ok_group[0] == ':') || (trim($ok_group) == "")) {
continue;
}
$ok_group = preg_split("/( |\t)/", trim($ok_group), 2);
file_put_contents($fp1, $ok_group[0] . "\r\n", FILE_APPEND);
}
}
}
exec($CONFIG['php_exec']." ".$config_dir."/scripts/nntp.php > /dev/null 2>&1");
if(is_numeric($CONFIG['local_ssl_port'])) {
exec($CONFIG['php_exec']." ".$config_dir."/scripts/nntp-ssl.php > /dev/null 2>&1");
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/nntp.php > /dev/null 2>&1");
if (is_numeric($CONFIG['local_ssl_port'])) {
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/nntp-ssl.php > /dev/null 2>&1");
}
}
}
# Generate user count file (must be root)
exec($CONFIG['php_exec']." ".$config_dir."/scripts/count_users.php");
echo "Updated user count\n";
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/count_users.php");
echo "Updated user count\n";
$uinfo=posix_getpwnam($CONFIG['webserver_user']);
$cwd = getcwd();
$webtmp = preg_replace('/spoolnews/','tmp/',$cwd);
$keydir = preg_replace('/spoolnews/','pubkey/',$cwd);
@mkdir($webtmp,0755,'recursive');
@chown($webtmp, $uinfo["uid"]);
@chgrp($webtmp, $uinfo["gid"]);
@mkdir($keydir,0755,'recursive');
@chown($keydir, $uinfo["uid"]);
@chgrp($keydir, $uinfo["gid"]);
@mkdir($ssldir,0755);
@chown($ssldir, $uinfo["uid"]);
@chgrp($ssldir, $uinfo["gid"]);
$uinfo = posix_getpwnam($CONFIG['webserver_user']);
$cwd = getcwd();
$webtmp = preg_replace('/spoolnews/', 'tmp/', $cwd);
$keydir = preg_replace('/spoolnews/', 'pubkey/', $cwd);
$pemfile = $ssldir.'/server.pem';
create_node_ssl_cert($pemfile);
@mkdir($webtmp, 0755, 'recursive');
@chown($webtmp, $uinfo["uid"]);
@chgrp($webtmp, $uinfo["gid"]);
@mkdir($keydir, 0755, 'recursive');
@chown($keydir, $uinfo["uid"]);
@chgrp($keydir, $uinfo["gid"]);
@mkdir($ssldir, 0755);
@chown($ssldir, $uinfo["uid"]);
@chgrp($ssldir, $uinfo["gid"]);
$overview = $spooldir.'/articles-overview.db3';
touch($overview);
@chown($overview, $uinfo["uid"]);
@chgrp($overview, $uinfo["gid"]);
if($rslight_gpg['enable'] == '1') {
$pemfile = $ssldir . '/server.pem';
create_node_ssl_cert($pemfile);
$overview = $spooldir . '/articles-overview.db3';
touch($overview);
@chown($overview, $uinfo["uid"]);
@chgrp($overview, $uinfo["gid"]);
if ($rslight_gpg['enable'] == '1') {
$gnupg = $rslight_gpg['gnupghome'];
if(!is_dir($gnupg)) {
mkdir($gnupg, 0700);
chown($gnupg, $uinfo["uid"]);
chgrp($gnupg, $uinfo["gid"]);
if (! is_dir($gnupg)) {
mkdir($gnupg, 0700);
chown($gnupg, $uinfo["uid"]);
chgrp($gnupg, $uinfo["gid"]);
}
}
}
/* Change to non root user */
change_identity($uinfo["uid"],$uinfo["gid"]);
change_identity($uinfo["uid"], $uinfo["gid"]);
/* Everything below runs as $CONFIG['webserver_user'] */
@mkdir($logdir,0755,'recursive');
@mkdir($lockdir,0755,'recursive');
@mkdir($logdir, 0755, 'recursive');
@mkdir($lockdir, 0755, 'recursive');
if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
@mkdir($spooldir."nocem",0755,'recursive');
exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
if (isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
@mkdir($spooldir . "nocem", 0755, 'recursive');
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/nocem.php");
}
// Set up server gpg keys
if($rslight_gpg['enable'] == '1') {
if(!is_file($keydir.'/server_pubkey.txt')) {
$domain = 'rslight@'.$rslight_gpg['domain_name'];
$pubkey = $keydir.'/server_pubkey.txt';
$fingerprint = $keydir.'/server_fingerprint.txt';
$create_gpg_keys = $config_dir.'/scripts/create_gpg_keys.sh "'.$gnupg.'" "'.$pubkey.'" "'.$fingerprint.'" "'.$domain.'"';
exec($create_gpg_keys);
}
exec($CONFIG['php_exec']." ".$config_dir."/scripts/interBBS_mail.php");
if ($rslight_gpg['enable'] == '1') {
if (! is_file($keydir . '/server_pubkey.txt')) {
$domain = 'rslight@' . $rslight_gpg['domain_name'];
$pubkey = $keydir . '/server_pubkey.txt';
$fingerprint = $keydir . '/server_fingerprint.txt';
$create_gpg_keys = $config_dir . '/scripts/create_gpg_keys.sh "' . $gnupg . '" "' . $pubkey . '" "' . $fingerprint . '" "' . $domain . '"';
exec($create_gpg_keys);
}
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/interBBS_mail.php");
}
reset($menulist);
foreach($menulist as $menu) {
if(($menu[0] == '#') || (trim($menu) == "")) {
continue;
}
$menuitem=explode(':', $menu);
chdir("../".$menuitem[0]);
if($CONFIG['remote_server'] !== '') {
# Send articles
echo "Sending articles\n";
echo exec($CONFIG['php_exec']." ".$config_dir."/scripts/send.php");
# Refresh spool
if(isset($spoolnews) && ($spoolnews == true)) {
exec($CONFIG['php_exec']." ".$config_dir."/scripts/spoolnews.php");
echo "Refreshed spoolnews\n";
}
}
# Expire articles
exec($CONFIG['php_exec']." ".$config_dir."/scripts/expire.php");
echo "Expired articles\n";
foreach ($menulist as $menu) {
if (($menu[0] == '#') || (trim($menu) == "")) {
continue;
}
$menuitem = explode(':', $menu);
chdir("../" . $menuitem[0]);
if ($CONFIG['remote_server'] !== '') {
# Send articles
echo "Sending articles\n";
echo exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/send.php");
# Refresh spool
if (isset($spoolnews) && ($spoolnews == true)) {
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/spoolnews.php");
echo "Refreshed spoolnews\n";
}
}
# Expire articles
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/expire.php");
echo "Expired articles\n";
}
# Run RSS Feeds
exec($CONFIG['php_exec']." ".$config_dir."/scripts/rss-feeds.php");
echo "RSS Feeds updated\n";
exec($CONFIG['php_exec'] . " " . $config_dir . "/scripts/rss-feeds.php");
echo "RSS Feeds updated\n";
# Rotate log files
log_rotate();
echo "Log files rotated\n";
log_rotate();
echo "Log files rotated\n";
# Rotate keys
rotate_keys();
echo "Keys rotated\n";
rotate_keys();
echo "Keys rotated\n";
function log_rotate() {
global $logdir;
$rotate = filemtime($logdir.'/rotate');
if((time() - $rotate) > 86400) {
$log_files=scandir($logdir);
foreach($log_files as $logfile) {
if(substr($logfile, -4) != '.log' ) {
continue;
}
$logfile=$logdir.'/'.$logfile;
@unlink($logfile.'.5');
@rename($logfile.'.4', $logfile.'.5');
@rename($logfile.'.3', $logfile.'.4');
@rename($logfile.'.2', $logfile.'.3');
@rename($logfile.'.1', $logfile.'.2');
@rename($logfile, $logfile.'.1');
echo 'Rotated: '.$logfile."\n";
function log_rotate()
{
global $logdir;
$rotate = filemtime($logdir . '/rotate');
if ((time() - $rotate) > 86400) {
$log_files = scandir($logdir);
foreach ($log_files as $logfile) {
if (substr($logfile, - 4) != '.log') {
continue;
}
$logfile = $logdir . '/' . $logfile;
@unlink($logfile . '.5');
@rename($logfile . '.4', $logfile . '.5');
@rename($logfile . '.3', $logfile . '.4');
@rename($logfile . '.2', $logfile . '.3');
@rename($logfile . '.1', $logfile . '.2');
@rename($logfile, $logfile . '.1');
echo 'Rotated: ' . $logfile . "\n";
}
unlink($logdir . '/rotate');
touch($logdir . '/rotate');
}
unlink($logdir.'/rotate');
touch($logdir.'/rotate');
}
}
function rotate_keys() {
global $spooldir;
$keyfile = $spooldir.'/keys.dat';
$newkeys = array();
if(filemtime($keyfile)+14400 > time()) {
return;
} else {
$new = true;
if(is_file($keyfile)) {
$keys = unserialize(file_get_contents($keyfile));
$new = false;
}
if($new !== true) {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = $keys[0];
function rotate_keys()
{
global $spooldir;
$keyfile = $spooldir . '/keys.dat';
$newkeys = array();
if (filemtime($keyfile) + 14400 > time()) {
return;
} else {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = base64_encode(openssl_random_pseudo_bytes(44));
$new = true;
if (is_file($keyfile)) {
$keys = unserialize(file_get_contents($keyfile));
$new = false;
}
if ($new !== true) {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = $keys[0];
} else {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = base64_encode(openssl_random_pseudo_bytes(44));
}
}
}
file_put_contents($keyfile, serialize($newkeys));
touch($keyfile);
file_put_contents($keyfile, serialize($newkeys));
touch($keyfile);
}
function change_identity( $uid, $gid )
{
if( !posix_setgid( $gid ) )
{
print "Unable to setgid to " . $gid . "!\n";
exit;
}
if( !posix_setuid( $uid ) )
{
print "Unable to setuid to " . $uid . "!\n";
exit;
}
function change_identity($uid, $gid)
{
if (! posix_setgid($gid)) {
print "Unable to setgid to " . $gid . "!\n";
exit();
}
if (! posix_setuid($uid)) {
print "Unable to setuid to " . $uid . "!\n";
exit();
}
}
?>

7
Rocksolid_Light/spoolnews/files.php
View File

@ -24,6 +24,13 @@ if ((isset($_REQUEST['command']) && $_REQUEST['command'] == 'Show') && password_
}
$title .= ' - Browse files';
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Files")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
echo '<h1 class="np_thread_headline">';
echo '<a href="../spoolnews/files.php" target=' . $frame['menu'] . '>files</a> / ';
echo htmlspecialchars($_COOKIE['mail_name']) . '</h1>';

109
Rocksolid_Light/spoolnews/mail.php
View File

@ -55,6 +55,12 @@ if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['use
$title .= ' - Mail';
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Mail")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
echo '<h1 class="np_thread_headline">';
echo '<a href="mail.php" target=' . $frame['menu'] . '>mail</a> / ';
@ -323,57 +329,64 @@ if (isset($_POST['command']) && $_POST['command'] == 'Send') {
echo "<td></td><td><input type='submit' value='Send Mail' name='sendMessage' /></td>";
echo '</tr></tbody></table></form>';
}
// Show My Messages
$database = $spooldir . '/mail.db3';
$dbh = mail_db_open($database);
echo '<hr><h1 class="np_thread_headline">My Messages:</h1>';
echo '<table cellspacing="0" width="100%" class="np_results_table">';
$query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC');
$query->execute([
'mail_from' => $user
]);
echo '<tr class="np_thread_head"><td class="np_thread_head">Subject</td><td class="np_thread_head">From</td><td class="np_thread_head">To</td><td class="np_thread_head">Date</td></tr>';
$i = 1;
while (($row = $query->fetch()) !== false) {
if (($row['mail_from'] == $user) && ($row['from_hide'] == 'true')) {
continue;
}
if (($row['rcpt_to'] == $user) && ($row['to_hide'] == 'true')) {
continue;
}
if (($i % 2) != 0) {
echo '<tr class="np_result_line1"><td class="np_result_line1" style="word-wrap:break-word";>';
} else {
echo '<tr class="np_result_line2"><td class="np_result_line2" style="word-wrap:break-word";>';
}
$button_link = 'np_mail_button_link';
;
if (($row['mail_from'] == $user) && ($row['mail_viewed'] == 'true')) {
$button_link = 'np_mail_button_read';
} elseif (($row['rcpt_to'] == $user) && ($row['rcpt_viewed'] == 'true')) {
$button_link = 'np_mail_button_read';
}
// Use local timezone if possible
$ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC'));
$ts->add(DateInterval::createFromDateString($offset . ' minutes'));
if ($offset != 0) {
$newdate = $ts->format('D, j M Y H:i');
} else {
$newdate = $ts->format('D, j M Y H:i T');
view_mailbox($user);
// Show My Messages
function view_mailbox($user)
{
global $spooldir, $offset;
$database = $spooldir . '/mail.db3';
$dbh = mail_db_open($database);
echo '<hr><h1 class="np_thread_headline">My Messages:</h1>';
echo '<table cellspacing="0" width="100%" class="np_results_table">';
$query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC');
$query->execute([
'mail_from' => $user
]);
echo '<tr class="np_thread_head"><td class="np_thread_head">Subject</td><td class="np_thread_head">From</td><td class="np_thread_head">To</td><td class="np_thread_head">Date</td></tr>';
$i = 1;
while (($row = $query->fetch()) !== false) {
if (($row['mail_from'] == $user) && ($row['from_hide'] == 'true')) {
continue;
}
if (($row['rcpt_to'] == $user) && ($row['to_hide'] == 'true')) {
continue;
}
if (($i % 2) != 0) {
echo '<tr class="np_result_line1"><td class="np_result_line1" style="word-wrap:break-word";>';
} else {
echo '<tr class="np_result_line2"><td class="np_result_line2" style="word-wrap:break-word";>';
}
$button_link = 'np_mail_button_link';
;
if (($row['mail_from'] == $user) && ($row['mail_viewed'] == 'true')) {
$button_link = 'np_mail_button_read';
} elseif (($row['rcpt_to'] == $user) && ($row['rcpt_viewed'] == 'true')) {
$button_link = 'np_mail_button_read';
}
// Use local timezone if possible
$ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC'));
$ts->add(DateInterval::createFromDateString($offset . ' minutes'));
if ($offset != 0) {
$newdate = $ts->format('D, j M Y H:i');
} else {
$newdate = $ts->format('D, j M Y H:i T');
}
unset($ts);
echo '<form action="mail.php" method="post">';
echo '<button class="' . $button_link . '" type="submit">' . $row["subject"] . '</button>';
echo "<input type='hidden' name='id' value='" . $row['id'] . "' />";
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<input name="command" type="hidden" id="command" value="Message" readonly="readonly">';
echo '</form>';
echo '</td><td>' . $row["mail_from"] . '</td><td>' . $row["rcpt_to"] . '</td><td>' . $newdate . '</td></tr>';
$i ++;
}
unset($ts);
echo '<form action="mail.php" method="post">';
echo '<button class="' . $button_link . '" type="submit">' . $row["subject"] . '</button>';
echo "<input type='hidden' name='id' value='" . $row['id'] . "' />";
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<input name="command" type="hidden" id="command" value="Message" readonly="readonly">';
echo '</form>';
echo '</td><td>' . $row["mail_from"] . '</td><td>' . $row["rcpt_to"] . '</td><td>' . $newdate . '</td></tr>';
$i ++;
echo '</tbody></table><br />';
include "tail.inc";
}
echo '</tbody></table><br />';
include "tail.inc";
function send_external_mail($sender, $recipient, $date, $subject, $message)
{

11
Rocksolid_Light/spoolnews/user.php
View File

@ -1,8 +1,8 @@
<?php
session_start();
include "config.inc.php";
include "newsportal.php";
include("config.inc.php");
include("newsportal.php");
if (isset($_COOKIE['tzo'])) {
$offset = $_COOKIE['tzo'];
@ -37,6 +37,12 @@ if ($_POST['command'] == 'Logout') {
$title .= ' - User Configuration';
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "User")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
// How long should cookie allow user to stay logged in?
// 14400 = 4 hours
$auth_expire = 14400;
@ -76,6 +82,7 @@ if (((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST[
echo 'Login failed.';
}
}
if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
echo '<h1 class="np_thread_headline">';
echo '<a href="user.php" target=' . $frame['menu'] . '>Configuration</a> / ';