Beispiel #1
0
        /// <summary>
        /// 
        /// </summary>
        /// <param name="data"></param>
        /// <param name="thread_id"></param>
        /// <param name="files"></param>
        /// <param name="dump">File in each post</param>
        /// <param name="count_files"></param>
        /// <param name="con"></param>
        /// <returns></returns>
        public static int ReplyTo(OPData data, int thread_id, HttpPostedFile[] files, bool dump, bool count_files, DbConnection con)
        {
            if (files.Length > 1) //multiple files
            {
                data.HasFile = true;
                if (dump) //file in each post
                {
                    int file_count = files.Length;

                    int last_post_id = 0;

                    for (int file_index = 0; file_index < file_count; file_index++)
                    {

                        HttpPostedFile file = files[file_index];

                        if (count_files)
                        {
                            if (file_index == 0)
                            {
                                //first post, keep comment data
                                data.Comment = data.Comment + Environment.NewLine + string.Format("{0}/{1}", file_index + 1, file_count);
                            }
                            else
                            {
                                data.Comment = string.Format("{0}/{1}", file_index + 1, file_count);
                            }
                        }
                        else
                        {
                            //file are not counted, but all posts except the first one have null comment
                            if (file_index != 0)
                            {
                                data.Comment = "";
                            }
                        }

                        int post_id = save_single_post(data, thread_id, con);

                        try
                        {
                            save_post_file(post_id, file, con);
                            last_post_id = post_id;
                        }
                        catch (Exception)
                        {
                            //unable to save the file, so we delete the blank post
                            delete_post_from_database(post_id, con);
                        }

                    }
                    return last_post_id;
                }
                else //single post with multiple files
                {
                    int post_id = save_single_post(data, thread_id, con);
                    int saved_files = 0;
                    foreach (HttpPostedFile file in files)
                    {
                        try
                        {
                            save_post_file(post_id, file, con);
                            saved_files++;
                        }
                        catch (Exception)
                        { }
                    }

                    if (string.IsNullOrEmpty(data.Comment))
                    {
                        if (saved_files == 0)
                        {
                            delete_post_from_database(post_id, con);
                        }
                    }

                    return post_id;
                }
            }
            else if (files.Length == 1) //single files
            {
                data.HasFile = true;
                int post_id = save_single_post(data, thread_id, con);

                try
                {
                    save_post_file(post_id, files[0], con);
                }
                catch (Exception)
                {
                    delete_post_from_database(post_id, con);
                    throw;
                }

                return post_id;
            }
            else //no files
            {
                data.HasFile = false;
                return save_single_post(data, thread_id, con);
            }
        }
Beispiel #2
0
        public static int MakeThread(OPData data, HttpPostedFile file, DbConnection con)
        {
            using (DbCommand dc = DatabaseEngine.GenerateDbCommand(con))
            {
                dc.CommandText = "INSERT INTO board (type, time, comment, postername, trip, email, password, subject, IP, ua, mta, locked, sticky, hasFile, bumplevel) VALUES " +
                 "(@type, @time, @comment, @postername, @trip, @email, @password, @subject, @IP, @ua, @mta, @locked, @sticky, @hasFile, @bumplevel) ; SELECT ID FROM board WHERE (time = @time) AND (IP = @IP)";

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@type", 0, System.Data.DbType.Int32)); // Mark the post as a thread

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@time", data.Time, System.Data.DbType.DateTime));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@comment", data.Comment, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@postername", data.Name, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@trip", data.Trip, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@email", data.Email, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@password", data.Password, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@subject", data.Subject, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@IP", data.IP, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@ua", data.UserAgent, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@mta", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@locked", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@sticky", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@hasFile", data.HasFile, System.Data.DbType.Boolean));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@bumplevel", DateTime.UtcNow, System.Data.DbType.DateTime));

                int post_id = -1;

                using (DbDataReader reader = dc.ExecuteReader())
                {
                    while (reader.Read())
                    {
                        post_id = reader.GetInt32(0);
                    }
                }

                if (post_id > 0)
                {
                    if (ApplicationSettings.EnableUserID)
                    {
                        dc.Parameters.Clear();
                        dc.CommandText = "UPDATE board SET posterID = @posterID WHERE (ID = @tid)";

                        dc.Parameters.Add(DatabaseEngine.MakeParameter("@posterID", GenerateUserID(post_id, data.IP), System.Data.DbType.String));
                        dc.Parameters.Add(DatabaseEngine.MakeParameter("@tid", post_id, System.Data.DbType.Int32));

                        dc.ExecuteNonQuery();
                    }

                    if (data.HasFile)
                    {
                        try
                        {
                            save_post_file(post_id, file, con);
                        }
                        catch (Exception)
                        {
                            //delete the thread
                            delete_post_from_database(post_id, con);
                            throw;
                        }
                    }
                }

                return post_id;
            }
        }
Beispiel #3
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!ApplicationSettings.PostingEnabled)
            {
                Response.StatusCode = 403;
                this.Response.Write(Language.Lang.postingisdisabled);
                this.Response.End();
            }

            if (string.IsNullOrEmpty(Request["mode"]))
            {
                Response.StatusCode = 403;
                Response.Write("403");
                Response.End();
            }

            using (DbConnection con = DatabaseEngine.GetDBConnection())
            {
                con.Open();

                //check bans
                if (Board.BanHandler.IsIPBanned(Request.UserHostAddress, con))
                {
                    Response.Redirect(Paths.WebRoot + "banned.aspx", true);
                }

                //bool is_admin = false;
                //bool is_mod = false;

                bool all_ok = true;

                //check flood

                //check captcha
                if (!CaptchaProvider.Verifiy(this.Context))
                {
                    this.Response.Write(Language.Lang.wrongcaptcha);
                    this.Response.End();
                }

                //check file sizes
                for (int i = 0; i < Request.Files.Count; i++)
                {
                    HttpPostedFile file = Request.Files[i];
                    if (file.ContentLength > ApplicationSettings.MaximumFileSize)
                    {
                        Response.Write(string.Format("The file '{0}' is larger than the allowed limit {1}.", file.FileName, ApplicationSettings.MaximumFileSize));
                        all_ok = false;
                        break;
                    }
                }

                if (all_ok)
                {
                    switch (Request["mode"])
                    {
                    case "thread":
                        if (Request.Files.Count == 0 | Request.Files["ufile"].ContentLength == 0)
                        {
                            Response.Write("You need a file to start a thread");
                        }
                        else
                        {
                            OPData op_data = new DataTypes.OPData()
                            {
                                Comment   = Request["comment"],
                                Email     = Request["email"],
                                Name      = Request["name"],
                                Subject   = Request["subject"],
                                Password  = Request["password"],
                                HasFile   = true,
                                IP        = Request.UserHostAddress,
                                UserAgent = Request.UserAgent,
                                Time      = DateTime.UtcNow
                            };

                            int thread_id = -1;

                            try
                            {
                                thread_id = Board.BoardCommon.MakeThread(op_data, Request.Files["ufile"], con);
                                Response.Redirect(Paths.WebRoot + "default.aspx?id=" + thread_id.ToString(), true);
                            }
                            catch (Exception ex)
                            {
                                Response.Write(ex.Message);
                            }
                        }
                        break;

                    case "reply":

                        if (string.IsNullOrEmpty(Request["threadid"]))
                        {
                            Response.Write("Thread id is not specified");
                        }
                        else
                        {
                            int thread_id = -1;

                            try
                            {
                                thread_id = Convert.ToInt32(Request["threadid"]);

                                if (thread_id <= 0)
                                {
                                    Response.Write("Invalid thread id");
                                    Response.End();
                                }
                            }
                            catch (Exception)
                            {
                                Response.Write("Invalid thread id");
                                Response.End();
                            }

                            ThreadInfo t_info = BoardCommon.GetThreadInfo(thread_id, con);

                            if (t_info.isGone)
                            {
                                Response.Write("Thread does not exist.");
                                Response.End();
                            }

                            if (t_info.isLocked)
                            {
                                Response.Write("Thread is locked.");
                                Response.End();
                            }

                            if (t_info.isArchived)
                            {
                                Response.Write("Thread is archived.");
                                Response.End();
                            }

                            if (ApplicationSettings.EnableImpresonationProtection)
                            {
                                //do stuffs
                            }

                            List <HttpPostedFile> proper_files = new List <HttpPostedFile>();

                            //Discard any empty file field
                            for (int i = 0; i < Request.Files.Count; i++)
                            {
                                HttpPostedFile file = Request.Files[i];
                                if (file.ContentLength > 0)
                                {
                                    proper_files.Add(file);
                                }
                            }

                            bool file_in_each_post = (Request["finp"] == "yes");
                            bool count_files       = (Request["countf"] == "yes");

                            bool sage = (Request["email"] == "sage");

                            OPData op_data = new OPData()
                            {
                                Comment   = Request["comment"],
                                Email     = sage ? "" : Request["email"],
                                Name      = Request["name"],
                                Subject   = Request["subject"],
                                Password  = Request["password"],
                                IP        = Request.UserHostAddress,
                                UserAgent = Request.UserAgent,
                                Time      = DateTime.UtcNow
                            };

                            int reply_id = -1;

                            try
                            {
                                reply_id = BoardCommon.ReplyTo(op_data, thread_id, proper_files.ToArray(), file_in_each_post, count_files, con);
                                if (reply_id > 0)
                                {
                                    //Update thread body
                                    if (ApplicationSettings.CacheIndexView)
                                    {
                                        IndexView.UpdateThreadIndex(thread_id, con);
                                    }
                                    if (ApplicationSettings.CacheThreadView)
                                    {
                                        ThreadView.UpdateThreadBody(thread_id, con);
                                    }
                                    if (!sage)
                                    {
                                        BoardCommon.BumpThread(thread_id, con);
                                    }
                                    Response.Redirect(Paths.WebRoot + string.Format("default.aspx?id={0}#p{1}", thread_id, reply_id));
                                }
                            }
                            catch (Exception ex)
                            {
                                Response.Write(ex.Message);
                            }
                        }


                        break;

                    default:
                        Response.Write(string.Format("Invalid posting mode '{0}'", Request["mode"]));
                        break;
                    } //mode switch block
                }     // if all ok block
            }         // database connection using block
        }             //page load void
Beispiel #4
0
        private static int save_single_post(OPData data, int thread_id, DbConnection con)
        {
            using (DbCommand dc = DatabaseEngine.GenerateDbCommand(con))
            {
                dc.CommandText = "INSERT INTO board (type, time, comment, postername, trip, email, password, parentT, subject, IP, ua, posterID, mta, locked, sticky, hasFile) VALUES " +
                                "(@type, @time, @comment, @postername, @trip, @email, @password, @parentT, @subject, @IP, @ua, @posterId, @mta, @locked, @sticky, @hasFile) ; SELECT ID FROM board WHERE (time = @time) AND (IP = @IP)";

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@type", 1, System.Data.DbType.Int32)); // Mark the post as a reply

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@parentT", thread_id, System.Data.DbType.Int32));//Set the post owner thread

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@time", data.Time, System.Data.DbType.DateTime));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@comment", data.Comment, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@postername", data.Name, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@trip", data.Trip, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@email", data.Email, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@password", data.Password, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@subject", data.Subject, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@IP", data.IP, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@ua", data.UserAgent, System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@posterId", ApplicationSettings.EnableUserID ? GenerateUserID(thread_id, data.IP) : "", System.Data.DbType.String));

                dc.Parameters.Add(DatabaseEngine.MakeParameter("@mta", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@locked", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@sticky", false, System.Data.DbType.Boolean));
                dc.Parameters.Add(DatabaseEngine.MakeParameter("@hasFile", data.HasFile, System.Data.DbType.Boolean));

                int post_id = -1;

                using (DbDataReader reader = dc.ExecuteReader())
                {
                    while (reader.Read())
                    {
                        post_id = reader.GetInt32(0);
                    }
                }

                return post_id;
            }
        }
Beispiel #5
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!ApplicationSettings.PostingEnabled)
            {
                Response.StatusCode = 403;
                this.Response.Write(Language.Lang.postingisdisabled);
                this.Response.End();
            }

            if (string.IsNullOrEmpty(Request["mode"]))
            {
                Response.StatusCode = 403;
                Response.Write("403");
                Response.End();
            }

            using (DbConnection con = DatabaseEngine.GetDBConnection())
            {
                con.Open();

                //check bans
                if (Board.BanHandler.IsIPBanned(Request.UserHostAddress, con))
                {
                    Response.Redirect(Paths.WebRoot + "banned.aspx", true);
                }

                //bool is_admin = false;
                //bool is_mod = false;

                bool all_ok = true;

                //check flood

                //check captcha
                if (!CaptchaProvider.Verifiy(this.Context))
                {
                    this.Response.Write(Language.Lang.wrongcaptcha);
                    this.Response.End();
                }

                //check file sizes
                for (int i = 0; i < Request.Files.Count; i++)
                {
                    HttpPostedFile file = Request.Files[i];
                    if (file.ContentLength > ApplicationSettings.MaximumFileSize)
                    {
                        Response.Write(string.Format("The file '{0}' is larger than the allowed limit {1}.", file.FileName, ApplicationSettings.MaximumFileSize));
                        all_ok = false;
                        break;
                    }
                }

                if (all_ok)
                {
                    switch (Request["mode"])
                    {
                        case "thread":
                            if (Request.Files.Count == 0 | Request.Files["ufile"].ContentLength == 0)
                            {
                                Response.Write("You need a file to start a thread");
                            }
                            else
                            {

                                OPData op_data = new DataTypes.OPData()
                                {
                                    Comment = Request["comment"],
                                    Email = Request["email"],
                                    Name = Request["name"],
                                    Subject = Request["subject"],
                                    Password = Request["password"],
                                    HasFile = true,
                                    IP = Request.UserHostAddress,
                                    UserAgent = Request.UserAgent,
                                    Time = DateTime.UtcNow
                                };

                                int thread_id = -1;

                                try
                                {
                                    thread_id = Board.BoardCommon.MakeThread(op_data, Request.Files["ufile"], con);
                                    Response.Redirect(Paths.WebRoot + "default.aspx?id=" + thread_id.ToString(), true);
                                }
                                catch (Exception ex)
                                {
                                    Response.Write(ex.Message);
                                }
                            }
                            break;
                        case "reply":

                            if (string.IsNullOrEmpty(Request["threadid"]))
                            {
                                Response.Write("Thread id is not specified");
                            }
                            else
                            {
                                int thread_id = -1;

                                try
                                {
                                    thread_id = Convert.ToInt32(Request["threadid"]);

                                    if (thread_id <= 0)
                                    {
                                        Response.Write("Invalid thread id");
                                        Response.End();
                                    }
                                }
                                catch (Exception)
                                {
                                    Response.Write("Invalid thread id");
                                    Response.End();
                                }

                                ThreadInfo t_info = BoardCommon.GetThreadInfo(thread_id, con);

                                if (t_info.isGone)
                                {
                                    Response.Write("Thread does not exist.");
                                    Response.End();
                                }

                                if (t_info.isLocked)
                                {
                                    Response.Write("Thread is locked.");
                                    Response.End();
                                }

                                if (t_info.isArchived)
                                {
                                    Response.Write("Thread is archived.");
                                    Response.End();
                                }

                                if (ApplicationSettings.EnableImpresonationProtection)
                                {
                                    //do stuffs
                                }

                                List<HttpPostedFile> proper_files = new List<HttpPostedFile>();

                                //Discard any empty file field
                                for (int i = 0; i < Request.Files.Count; i++)
                                {
                                    HttpPostedFile file = Request.Files[i];
                                    if (file.ContentLength > 0)
                                    {
                                        proper_files.Add(file);
                                    }
                                }

                                bool file_in_each_post = (Request["finp"] == "yes");
                                bool count_files = (Request["countf"] == "yes");

                                bool sage = (Request["email"] == "sage");

                                OPData op_data = new OPData()
                                {
                                    Comment = Request["comment"],
                                    Email = sage ? "" : Request["email"],
                                    Name = Request["name"],
                                    Subject = Request["subject"],
                                    Password = Request["password"],
                                    IP = Request.UserHostAddress,
                                    UserAgent = Request.UserAgent,
                                    Time = DateTime.UtcNow
                                };

                                int reply_id = -1;

                                try
                                {
                                    reply_id = BoardCommon.ReplyTo(op_data, thread_id, proper_files.ToArray(), file_in_each_post, count_files, con);
                                    if (reply_id > 0)
                                    {
                                        //Update thread body
                                        if (ApplicationSettings.CacheIndexView)
                                        {
                                            IndexView.UpdateThreadIndex(thread_id, con);
                                        }
                                        if (ApplicationSettings.CacheThreadView)
                                        {
                                            ThreadView.UpdateThreadBody(thread_id, con);
                                        }
                                        if (!sage)
                                        {
                                            BoardCommon.BumpThread(thread_id, con);
                                        }
                                        Response.Redirect(Paths.WebRoot + string.Format("default.aspx?id={0}#p{1}", thread_id, reply_id));
                                    }
                                }
                                catch (Exception ex)
                                {
                                    Response.Write(ex.Message);
                                }

                            }

                            break;
                        default:
                            Response.Write(string.Format("Invalid posting mode '{0}'", Request["mode"]));
                            break;
                    } //mode switch block
                } // if all ok block
            } // database connection using block
        }