protected void Page_Load(object sender, EventArgs e) { if (!ApplicationSettings.PostingEnabled) { Response.StatusCode = 403; this.Response.Write(Language.Lang.postingisdisabled); this.Response.End(); } if (string.IsNullOrEmpty(Request["mode"])) { Response.StatusCode = 403; Response.Write("403"); Response.End(); } using (DbConnection con = DatabaseEngine.GetDBConnection()) { con.Open(); //check bans if (Board.BanHandler.IsIPBanned(Request.UserHostAddress, con)) { Response.Redirect(Paths.WebRoot + "banned.aspx", true); } //bool is_admin = false; //bool is_mod = false; bool all_ok = true; //check flood //check captcha if (!CaptchaProvider.Verifiy(this.Context)) { this.Response.Write(Language.Lang.wrongcaptcha); this.Response.End(); } //check file sizes for (int i = 0; i < Request.Files.Count; i++) { HttpPostedFile file = Request.Files[i]; if (file.ContentLength > ApplicationSettings.MaximumFileSize) { Response.Write(string.Format("The file '{0}' is larger than the allowed limit {1}.", file.FileName, ApplicationSettings.MaximumFileSize)); all_ok = false; break; } } if (all_ok) { switch (Request["mode"]) { case "thread": if (Request.Files.Count == 0 | Request.Files["ufile"].ContentLength == 0) { Response.Write("You need a file to start a thread"); } else { OPData op_data = new DataTypes.OPData() { Comment = Request["comment"], Email = Request["email"], Name = Request["name"], Subject = Request["subject"], Password = Request["password"], HasFile = true, IP = Request.UserHostAddress, UserAgent = Request.UserAgent, Time = DateTime.UtcNow }; int thread_id = -1; try { thread_id = Board.BoardCommon.MakeThread(op_data, Request.Files["ufile"], con); Response.Redirect(Paths.WebRoot + "default.aspx?id=" + thread_id.ToString(), true); } catch (Exception ex) { Response.Write(ex.Message); } } break; case "reply": if (string.IsNullOrEmpty(Request["threadid"])) { Response.Write("Thread id is not specified"); } else { int thread_id = -1; try { thread_id = Convert.ToInt32(Request["threadid"]); if (thread_id <= 0) { Response.Write("Invalid thread id"); Response.End(); } } catch (Exception) { Response.Write("Invalid thread id"); Response.End(); } ThreadInfo t_info = BoardCommon.GetThreadInfo(thread_id, con); if (t_info.isGone) { Response.Write("Thread does not exist."); Response.End(); } if (t_info.isLocked) { Response.Write("Thread is locked."); Response.End(); } if (t_info.isArchived) { Response.Write("Thread is archived."); Response.End(); } if (ApplicationSettings.EnableImpresonationProtection) { //do stuffs } List <HttpPostedFile> proper_files = new List <HttpPostedFile>(); //Discard any empty file field for (int i = 0; i < Request.Files.Count; i++) { HttpPostedFile file = Request.Files[i]; if (file.ContentLength > 0) { proper_files.Add(file); } } bool file_in_each_post = (Request["finp"] == "yes"); bool count_files = (Request["countf"] == "yes"); bool sage = (Request["email"] == "sage"); OPData op_data = new OPData() { Comment = Request["comment"], Email = sage ? "" : Request["email"], Name = Request["name"], Subject = Request["subject"], Password = Request["password"], IP = Request.UserHostAddress, UserAgent = Request.UserAgent, Time = DateTime.UtcNow }; int reply_id = -1; try { reply_id = BoardCommon.ReplyTo(op_data, thread_id, proper_files.ToArray(), file_in_each_post, count_files, con); if (reply_id > 0) { //Update thread body if (ApplicationSettings.CacheIndexView) { IndexView.UpdateThreadIndex(thread_id, con); } if (ApplicationSettings.CacheThreadView) { ThreadView.UpdateThreadBody(thread_id, con); } if (!sage) { BoardCommon.BumpThread(thread_id, con); } Response.Redirect(Paths.WebRoot + string.Format("default.aspx?id={0}#p{1}", thread_id, reply_id)); } } catch (Exception ex) { Response.Write(ex.Message); } } break; default: Response.Write(string.Format("Invalid posting mode '{0}'", Request["mode"])); break; } //mode switch block } // if all ok block } // database connection using block } //page load void
protected void Page_Load(object sender, EventArgs e) { bool do_action = (!string.IsNullOrEmpty(Request["id"]) & Request["mode"] == "deletefile"); if (do_action) { int id = -1; Int32.TryParse(Request["id"], out id); if (id <= 0) { Response.Write("Invalid post id."); Response.End(); } using (DbConnection dc = Database.DatabaseEngine.GetDBConnection()) { dc.Open(); WPost post = Board.BoardCommon.GetPostData(id, dc); if (post == null) { Response.Write("Post does not exist"); Response.End(); } else { //first check captcha, then check password, and finally delete files if (CaptchaProvider.Verifiy(this.Context)) { if (Request["pwd"] == post.Password) //pwd is the user input password { //We should gather a list of files hashes, and delete them List <string> file_hashes = new List <string>(); foreach (string qs in this.Request.Form) { if (qs.StartsWith("file")) { file_hashes.Add(qs.Remove(0, 4)); } } if (file_hashes.Count > 0) { BoardCommon.DeleteFileFromDatabase(id, file_hashes.ToArray(), dc); if (Settings.ApplicationSettings.AutoDeleteFiles) { foreach (WPostFile file in post.Files) { if (file_hashes.Contains(file.Hash)) { //remove the files physically from the disk System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalFilesStorageFolder, file.ChanbName + "." + file.Extension)); //delete thumbs as well System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalThumbStorageFolder, file.ChanbName + ".jpg")); System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalThumbStorageFolder, file.ChanbName + ".png")); } } } //update thread page and index. IndexView.UpdateThreadIndex(id, dc); ThreadView.UpdateThreadBody(id, dc); Response.Write(file_hashes.Count + " files deleted successfully"); } else { //No file was selected. Redirect to the delete file page, with 'no file selected' notice. Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?ns=1&id=" + id.ToString(), true); //ns == no file seleted } } else { //Bad password. Redirect to the delete file page, with 'bad password' notice. Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?bp=1&id=" + id.ToString(), true); //bp == bad password } } else { //invalid captcha. Redirect to the delete file page, with 'bad captcha' notice Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?wc=1&id=" + id.ToString(), true); //wc == wrong captcha } } } } else { int id = -1; Int32.TryParse(Request["id"], out id); if (id <= 0) { Response.Write("Invalid post id."); Response.End(); } using (DbConnection dc = Database.DatabaseEngine.GetDBConnection()) { dc.Open(); WPost post = Board.BoardCommon.GetPostData(id, dc); if (post == null) { Response.Write("Post does not exist"); Response.End(); } else { if (post.FileCount == 0) { Response.Write("Post has no files"); Response.End(); } else if (post.FileCount == 1) { if (string.IsNullOrEmpty(post.Comment) & post.Type == Enums.PostType.Reply) { Response.Write("Cannot delete this post because it has no comment and only a single file. \n Delete the post instead."); Response.End(); } else { //show delete file page Response.Write(generate_page(post)); } } else { Response.Write(generate_page(post)); } } } } }