Security features
This commit is contained in:
parent
cf45d095da
commit
be0053c827
12
board.php
12
board.php
|
@ -379,6 +379,13 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
||||||
} else {
|
} else {
|
||||||
$post['country'] = 'xx';
|
$post['country'] = 'xx';
|
||||||
}
|
}
|
||||||
|
if (I0_DISABLE_BAD_PROXY_POSTING && $post['country'] == 'xx') {
|
||||||
|
exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (I0_DISABLE_TOR_POSTING && $post['country'] == 't1') {
|
||||||
|
exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
|
||||||
|
}
|
||||||
$post['board'] = $board_class->board['name'];
|
$post['board'] = $board_class->board['name'];
|
||||||
$post['name'] = mb_substr($name, 0, KU_MAXNAMELENGTH);
|
$post['name'] = mb_substr($name, 0, KU_MAXNAMELENGTH);
|
||||||
$post['name_save'] = true;
|
$post['name_save'] = true;
|
||||||
|
@ -497,6 +504,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
||||||
if ($thread_replyto != '0') { // If it's a reply...
|
if ($thread_replyto != '0') { // If it's a reply...
|
||||||
$page_to = $board_class->GetPageNumber($thread_replyto)['page'];
|
$page_to = $board_class->GetPageNumber($thread_replyto)['page'];
|
||||||
if (
|
if (
|
||||||
|
!I0_SAGE_DISABLED
|
||||||
isset($_POST['em'])
|
isset($_POST['em'])
|
||||||
&&
|
&&
|
||||||
(
|
(
|
||||||
|
@ -553,7 +561,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
||||||
// $timer->mark('15_regenerated');
|
// $timer->mark('15_regenerated');
|
||||||
|
|
||||||
// Regenerate overboard if it makes sense
|
// Regenerate overboard if it makes sense
|
||||||
if ($need_overboard) {
|
if ($need_overboard && I0_OVERBOARD_ENABLED) {
|
||||||
RegenerateOverboard($board_class->board['boardlist']);
|
RegenerateOverboard($board_class->board['boardlist']);
|
||||||
// $timer->mark('16_regen_overboard');
|
// $timer->mark('16_regen_overboard');
|
||||||
}
|
}
|
||||||
|
@ -936,7 +944,7 @@ elseif (
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Regenerate overboard if it makes sense
|
// Regenerate overboard if it makes sense
|
||||||
if ($need_overboard) {
|
if ($need_overboard && I0_OVERBOARD_ENABLED && isset($over_boardlist)) {
|
||||||
RegenerateOverboard($over_boardlist);
|
RegenerateOverboard($over_boardlist);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
29
captcha.php
29
captcha.php
|
@ -148,20 +148,23 @@ function opsmaz($img,$ncolor){
|
||||||
}
|
}
|
||||||
return $img2;
|
return $img2;
|
||||||
}
|
}
|
||||||
|
if (I0_FORCE_CAPTCHA_LANG === false) {
|
||||||
if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
|
if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
|
||||||
$captchalang = $_GET['lang'];
|
$captchalang = $_GET['lang'];
|
||||||
elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
|
elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
|
||||||
$captchalang = $_COOKIE['captchalang'];
|
$captchalang = $_COOKIE['captchalang'];
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
$captchalang = KU_CAPTCHALANG;
|
||||||
|
if (isset($_GET['switch'])) {
|
||||||
|
$current_lang = array_search($captchalang, $langs) + 1;
|
||||||
|
if ($current_lang >= count($langs))
|
||||||
|
$current_lang = 0;
|
||||||
|
$captchalang = $langs[$current_lang];
|
||||||
|
setcookie('captchalang', $captchalang, time() + 31556926, '/'/*, KU_DOMAIN*/);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
$captchalang = KU_CAPTCHALANG;
|
$captchalang = KU_CAPTCHALANG;
|
||||||
if (isset($_GET['switch'])) {
|
|
||||||
$current_lang = array_search($captchalang, $langs) + 1;
|
|
||||||
if ($current_lang >= count($langs))
|
|
||||||
$current_lang = 0;
|
|
||||||
$captchalang = $langs[$current_lang];
|
|
||||||
setcookie('captchalang', $captchalang, time() + 31556926, '/'/*, KU_DOMAIN*/);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate the word
|
// Generate the word
|
||||||
|
|
|
@ -89,6 +89,7 @@ if (!$cache_loaded) {
|
||||||
$cf['KU_CAPTCHALANG'] = 'num'; // Default captcha language to be used if no captchalang cookie is present. Supported values: ru, en, num (numeric)
|
$cf['KU_CAPTCHALANG'] = 'num'; // Default captcha language to be used if no captchalang cookie is present. Supported values: ru, en, num (numeric)
|
||||||
$cf['KU_CAPTCHALIFE'] = 150; // Captcha time-to-live in seconds
|
$cf['KU_CAPTCHALIFE'] = 150; // Captcha time-to-live in seconds
|
||||||
$cf['KU_CAPTCHALENGTH'] = rand(4, 7); // Captcha length in letters, rand(a, b) can be used to create random length from a to b.
|
$cf['KU_CAPTCHALENGTH'] = rand(4, 7); // Captcha length in letters, rand(a, b) can be used to create random length from a to b.
|
||||||
|
$cf['I0_FORCE_CAPTCHA_LANG'] = false; // Prevent users from changing captcha lang
|
||||||
|
|
||||||
|
|
||||||
// ---------------------------------- Userboards (aka 2.0) ----------------------------------
|
// ---------------------------------- Userboards (aka 2.0) ----------------------------------
|
||||||
|
@ -117,7 +118,9 @@ if (!$cache_loaded) {
|
||||||
$cf['I0_ERASE_DELETED'] = false; // Whether or not the contents of posts deleted by user should be erased
|
$cf['I0_ERASE_DELETED'] = false; // Whether or not the contents of posts deleted by user should be erased
|
||||||
$cf['I0_MAX_ACCESS_ATTEMPTS'] = 3; // How many attempts at deleting a post are allowed before it gets locked with catpcha
|
$cf['I0_MAX_ACCESS_ATTEMPTS'] = 3; // How many attempts at deleting a post are allowed before it gets locked with catpcha
|
||||||
$cf['I0_FULL_ANONYMITY_MODE'] = false; // In full anonymity mode, no information about user will be stored in the posts table. Bans will not work.
|
$cf['I0_FULL_ANONYMITY_MODE'] = false; // In full anonymity mode, no information about user will be stored in the posts table. Bans will not work.
|
||||||
|
$cf['I0_SAGE_DISABLED'] = false; // Disable sage function if you don't want anyone to abuse CSAM necroposting
|
||||||
|
$cf['I0_DISABLE_BAD_PROXY_POSTING'] = false; // If CF can't get user's GeoIP - then the proxy is marked as bad (xx country)
|
||||||
|
$cf['I0_DISABLE_TOR_POSTING'] = false; // Disable posting with T1 country detected by CF
|
||||||
|
|
||||||
// --------------------------------------- CSS styles ---------------------------------------
|
// --------------------------------------- CSS styles ---------------------------------------
|
||||||
$cf['KU_STYLES'] = 'modern:newdark:photon'; // Styles which are available to be used for the boards, separated by colons, in lower case. These will be displayed next to [Home] [Manage] if KU_STYLESWIKUHER is set to true
|
$cf['KU_STYLES'] = 'modern:newdark:photon'; // Styles which are available to be used for the boards, separated by colons, in lower case. These will be displayed next to [Home] [Manage] if KU_STYLESWIKUHER is set to true
|
||||||
|
|
Loading…
Reference in New Issue