Close #481

Also improve CAPTCHA portability into other parrts of the software by removing weird CAPTCHA-specific config file

8chan-captcha/cool-php-captcha-0.3.1/captcha.php

@@ -31,7 +31,7 @@ class SimpleCaptcha {
      * directory to another location outise the web server
      *
      */
-    public $resourcesPath = 'cool-php-captcha-0.3.1/resources';
+    public $resourcesPath = '8chan-captcha/cool-php-captcha-0.3.1/resources';
 
     /** Min word length (for non-dictionary random text generation) */
     public $minWordLength = 5;

8chan-captcha/entrypoint.php

@@ -3,8 +3,8 @@
 
 $mode = @$_GET['mode'];
 
-require_once("config.php");
-require_once("functions.php");
+chdir('..'); // for "cool PHP CAPTCHA"'s resourcesPath
+include "inc/functions.php"; // general 8chan functions
 
 switch ($mode) {
 // Request: GET entrypoint.php?mode=get&extra=1234567890
@@ -26,7 +26,7 @@
 	  echo "<html><body>You do not have JavaScript enabled. To fill out the CAPTCHA, please copy the ID to the post form in the ID field, and write the answer in the answer field.<br><br>CAPTCHA ID: $cookie<br>CAPTCHA image: $html</body></html>";
   } else {
 	  header("Content-type: application/json");
-	  echo json_encode(["cookie" => $cookie, "captchahtml" => $html, "expires_in" => $expires_in]);
+	  echo json_encode(["cookie" => $cookie, "captchahtml" => $html, "expires_in" => $config['captcha']['expires_in']]);
   }
 
   break;
@@ -41,18 +41,17 @@
     die();
   }
 
-  cleanup($pdo, $expires_in);
+  cleanup();
 
-  $query = $pdo->prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+  $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
   $query->execute([$_GET['cookie'], $_GET['extra']]);
-
   $ary = $query->fetchAll();
 
   if (!$ary) {
     echo "0";
   }
   else {
-    $query = $pdo->prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+    $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
     $query->execute([$_GET['cookie'], $_GET['extra']]);
 
     if ($ary[0]['text'] !== $_GET['text']) {

8chan-captcha/functions.php

@@ -1,12 +1,9 @@
 <?php
-if (strpos(getcwd(), '8chan-captcha') === false) chdir('8chan-captcha');
-require_once("config.php");
-require_once("cool-php-captcha-0.3.1/captcha.php");
-
+require_once 'cool-php-captcha-0.3.1/captcha.php';
 function generate_captcha($extra = '1234567890') {
-  global $length, $pdo;
+  global $config;
 
-  $text = rand_string($length, $extra);
+  $text = rand_string($config['captcha']['length'], $extra);
 
   $captcha = new SimpleCaptcha();
 
@@ -18,7 +15,7 @@ function generate_captcha($extra = '1234567890') {
   ob_end_clean();
   $html = '<image src="data:image/png;base64,'.base64_encode($image).'">';
 
-  $query = $pdo->prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
+  $query = prepare("INSERT INTO `captchas` (`cookie`, `extra`, `text`, `created_at`) VALUES (?, ?, ?, ?)");
   $query->execute(                               [$cookie,  $extra,  $text,  time()]);
 
   return array("cookie" => $cookie, "html" => $html);
@@ -32,7 +29,8 @@ function rand_string($length, $charset) {
   return $ret;
 }
 
-function cleanup ($pdo, $expires_in) {
-  $pdo->prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
+function cleanup () {
+  global $config;
+  prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $config['captcha']['expires_in']]);
 }
 

inc/config.php

@@ -308,14 +308,22 @@
 	// Enable custom captcha provider
 	$config['captcha']['enabled'] = false;
 
+	// Custom CAPTCHA provider general settings
+
+	// Captcha expiration:
+	$config['captcha']['expires_in'] = 120; // 120 seconds
+
+	// Captcha length:
+	$config['captcha']['length'] = 6;
+
 	/* 
 	 * Custom captcha provider path (You will need to change these depending on your configuration! It cannot be
 	 * automatically determined because provider_check requires curl which needs to know the domain of your site.)
 	 * 
 	 * Specify yourimageboard.com/$config['root']/8chan-captcha/entrypoint.php for the default provider or write your own
 	 */
-	$config['captcha']['provider_get']   = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
-	$config['captcha']['provider_check'] = 'http://localhost/infinity/8chan-captcha/entrypoint.php';
+	$config['captcha']['provider_get']   = 'http://localhost/8chan-captcha/entrypoint.php';
+	$config['captcha']['provider_check'] = 'http://localhost/8chan-captcha/entrypoint.php';
 
 	// Custom captcha extra field (eg. charset)
 	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';

inc/functions.php

@@ -24,6 +24,7 @@
 }
 require_once 'inc/lib/parsedown/Parsedown.php'; // todo: option for parsedown instead of Tinyboard/STI markup
 require_once 'inc/mod/auth.php';
+require_once '8chan-captcha/functions.php';
 
 // the user is not currently logged in as a moderator
 $mod = false;

post.php

@@ -148,10 +148,22 @@ function strip_array($var) {
 		]));
 
 		if ($resp !== '1') {
-                        error($config['error']['captcha']);
+			$error = $config['error']['captcha'];
 		}
 	}
 
+	if (isset($error)) {
+		if ($config['report_captcha']) {
+			$captcha = generate_captcha($config['captcha']['extra']);
+		} else {
+			$captcha = null;
+		}
+
+		$body = Element('report.html', array('board' => $board, 'config' => $config, 'error' => $error, 'reason_prefill' => $_POST['reason'], 'post' => 'delete_'.$report[0], 'captcha' => $captcha));
+		echo Element('page.html', ['config' => $config, 'body' => $body]);
+		die();
+	}
+
 	$reason = escape_markup_modifiers($_POST['reason']);
 	markup($reason);
 

report.php

@@ -10,8 +10,6 @@
 }
 
 if ($config['report_captcha']) {
-	include '8chan-captcha/functions.php';
-
 	$captcha = generate_captcha($config['captcha']['extra']);
 } else {
 	$captcha = null;

templates/report.html

@@ -1,16 +1,21 @@
 <form action="{{ config.post_url }}" method="post" id="report_form">
+	{% if error %}
+		<div class="error">
+			<strong>{{ error|e }}</strong>
+		</div>
+	{% endif %}
 	<input type="hidden" name="board" value="{{ board.uri }}">
 	<input type="hidden" name="{{ post|e }}" value="1">
 	{% if global %}
 		<input type="hidden" name="global" value="1">
 		<div><h1>Attention!</h1><p>This form is only for reporting <strong>child pornography</strong>, <strong>bot spam</strong> and <strong>credit card numbers, social security numbers or banking information</strong>. DMCA requests and all other deletion requests <em>MUST</em> be sent via email to admin@8chan.co.</p><p>8chan is unmoderated and allows posts without collecting <em>ANY</em> information from the poster less the details of their post. Furthermore, all boards on 8chan are user created and not actively monitored by anyone but the board creator.</p><p>8chan has a small volunteer staff to handle this queue, please do not waste their time by filling it with nonsense! <em>If you made a report with this tool and the post was not deleted, <strong>do not make the report again!</strong> Email admin@8chan.co instead.</em> Abuse of the global report system could lead to address blocks against your IP from 8chan.</p><p>Again, 8chan's global volunteers <em>do not</em> handle board specific issues. You most likely want to click "Report" instead to reach the creator and volunteers he assigned to this board.</p>
 	{% endif %}
 	<p>{% trans %}Enter reason below...{% endtrans %}</p>
-	<input type="text" id="reason" name="reason">
+	<input type="text" id="reason" name="reason" value="{{ reason_prefill|e|addslashes }}">
 	{% if config.report_captcha %}
 		<p>{% trans %}To submit your report, please fill out the CAPTCHA below.{% endtrans %}</p>
 		{{ captcha['html'] }}<br/>
-		<input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text">
+		<input class="captcha_text" name="captcha_text" size="25" maxlength="6" autocomplete="off" type="text" value="">
 		<input class="captcha_cookie" name="captcha_cookie" type="hidden" autocomplete="off" value="{{ captcha['cookie']|e }}"><br/>
 	{% endif %}
 	<input name="report" value="{% trans %}Submit{% endtrans %}" type="submit">