Exemplo n.º 1
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!ApplicationSettings.PostingEnabled)
            {
                Response.StatusCode = 403;
                this.Response.Write(Language.Lang.postingisdisabled);
                this.Response.End();
            }

            if (string.IsNullOrEmpty(Request["mode"]))
            {
                Response.StatusCode = 403;
                Response.Write("403");
                Response.End();
            }

            using (DbConnection con = DatabaseEngine.GetDBConnection())
            {
                con.Open();

                //check bans
                if (Board.BanHandler.IsIPBanned(Request.UserHostAddress, con))
                {
                    Response.Redirect(Paths.WebRoot + "banned.aspx", true);
                }

                //bool is_admin = false;
                //bool is_mod = false;

                bool all_ok = true;

                //check flood

                //check captcha
                if (!CaptchaProvider.Verifiy(this.Context))
                {
                    this.Response.Write(Language.Lang.wrongcaptcha);
                    this.Response.End();
                }

                //check file sizes
                for (int i = 0; i < Request.Files.Count; i++)
                {
                    HttpPostedFile file = Request.Files[i];
                    if (file.ContentLength > ApplicationSettings.MaximumFileSize)
                    {
                        Response.Write(string.Format("The file '{0}' is larger than the allowed limit {1}.", file.FileName, ApplicationSettings.MaximumFileSize));
                        all_ok = false;
                        break;
                    }
                }

                if (all_ok)
                {
                    switch (Request["mode"])
                    {
                    case "thread":
                        if (Request.Files.Count == 0 | Request.Files["ufile"].ContentLength == 0)
                        {
                            Response.Write("You need a file to start a thread");
                        }
                        else
                        {
                            OPData op_data = new DataTypes.OPData()
                            {
                                Comment   = Request["comment"],
                                Email     = Request["email"],
                                Name      = Request["name"],
                                Subject   = Request["subject"],
                                Password  = Request["password"],
                                HasFile   = true,
                                IP        = Request.UserHostAddress,
                                UserAgent = Request.UserAgent,
                                Time      = DateTime.UtcNow
                            };

                            int thread_id = -1;

                            try
                            {
                                thread_id = Board.BoardCommon.MakeThread(op_data, Request.Files["ufile"], con);
                                Response.Redirect(Paths.WebRoot + "default.aspx?id=" + thread_id.ToString(), true);
                            }
                            catch (Exception ex)
                            {
                                Response.Write(ex.Message);
                            }
                        }
                        break;

                    case "reply":

                        if (string.IsNullOrEmpty(Request["threadid"]))
                        {
                            Response.Write("Thread id is not specified");
                        }
                        else
                        {
                            int thread_id = -1;

                            try
                            {
                                thread_id = Convert.ToInt32(Request["threadid"]);

                                if (thread_id <= 0)
                                {
                                    Response.Write("Invalid thread id");
                                    Response.End();
                                }
                            }
                            catch (Exception)
                            {
                                Response.Write("Invalid thread id");
                                Response.End();
                            }

                            ThreadInfo t_info = BoardCommon.GetThreadInfo(thread_id, con);

                            if (t_info.isGone)
                            {
                                Response.Write("Thread does not exist.");
                                Response.End();
                            }

                            if (t_info.isLocked)
                            {
                                Response.Write("Thread is locked.");
                                Response.End();
                            }

                            if (t_info.isArchived)
                            {
                                Response.Write("Thread is archived.");
                                Response.End();
                            }

                            if (ApplicationSettings.EnableImpresonationProtection)
                            {
                                //do stuffs
                            }

                            List <HttpPostedFile> proper_files = new List <HttpPostedFile>();

                            //Discard any empty file field
                            for (int i = 0; i < Request.Files.Count; i++)
                            {
                                HttpPostedFile file = Request.Files[i];
                                if (file.ContentLength > 0)
                                {
                                    proper_files.Add(file);
                                }
                            }

                            bool file_in_each_post = (Request["finp"] == "yes");
                            bool count_files       = (Request["countf"] == "yes");

                            bool sage = (Request["email"] == "sage");

                            OPData op_data = new OPData()
                            {
                                Comment   = Request["comment"],
                                Email     = sage ? "" : Request["email"],
                                Name      = Request["name"],
                                Subject   = Request["subject"],
                                Password  = Request["password"],
                                IP        = Request.UserHostAddress,
                                UserAgent = Request.UserAgent,
                                Time      = DateTime.UtcNow
                            };

                            int reply_id = -1;

                            try
                            {
                                reply_id = BoardCommon.ReplyTo(op_data, thread_id, proper_files.ToArray(), file_in_each_post, count_files, con);
                                if (reply_id > 0)
                                {
                                    //Update thread body
                                    if (ApplicationSettings.CacheIndexView)
                                    {
                                        IndexView.UpdateThreadIndex(thread_id, con);
                                    }
                                    if (ApplicationSettings.CacheThreadView)
                                    {
                                        ThreadView.UpdateThreadBody(thread_id, con);
                                    }
                                    if (!sage)
                                    {
                                        BoardCommon.BumpThread(thread_id, con);
                                    }
                                    Response.Redirect(Paths.WebRoot + string.Format("default.aspx?id={0}#p{1}", thread_id, reply_id));
                                }
                            }
                            catch (Exception ex)
                            {
                                Response.Write(ex.Message);
                            }
                        }


                        break;

                    default:
                        Response.Write(string.Format("Invalid posting mode '{0}'", Request["mode"]));
                        break;
                    } //mode switch block
                }     // if all ok block
            }         // database connection using block
        }             //page load void
Exemplo n.º 2
0
        protected void Page_Load(object sender, EventArgs e)
        {
            bool do_action = (!string.IsNullOrEmpty(Request["id"]) & Request["mode"] == "deletefile");

            if (do_action)
            {
                int id = -1;
                Int32.TryParse(Request["id"], out id);

                if (id <= 0)
                {
                    Response.Write("Invalid post id.");
                    Response.End();
                }

                using (DbConnection dc = Database.DatabaseEngine.GetDBConnection())
                {
                    dc.Open();

                    WPost post = Board.BoardCommon.GetPostData(id, dc);

                    if (post == null)
                    {
                        Response.Write("Post does not exist");
                        Response.End();
                    }
                    else
                    {
                        //first check captcha, then check password, and finally delete files

                        if (CaptchaProvider.Verifiy(this.Context))
                        {
                            if (Request["pwd"] == post.Password) //pwd is the user input password
                            {
                                //We should gather a list of files hashes, and delete them
                                List <string> file_hashes = new List <string>();

                                foreach (string qs in this.Request.Form)
                                {
                                    if (qs.StartsWith("file"))
                                    {
                                        file_hashes.Add(qs.Remove(0, 4));
                                    }
                                }

                                if (file_hashes.Count > 0)
                                {
                                    BoardCommon.DeleteFileFromDatabase(id, file_hashes.ToArray(), dc);


                                    if (Settings.ApplicationSettings.AutoDeleteFiles)
                                    {
                                        foreach (WPostFile file in post.Files)
                                        {
                                            if (file_hashes.Contains(file.Hash))
                                            {
                                                //remove the files physically from the disk
                                                System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalFilesStorageFolder, file.ChanbName + "." + file.Extension));

                                                //delete thumbs as well
                                                System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalThumbStorageFolder, file.ChanbName + ".jpg"));
                                                System.IO.File.Delete(System.IO.Path.Combine(Settings.Paths.PhysicalThumbStorageFolder, file.ChanbName + ".png"));
                                            }
                                        }
                                    }


                                    //update thread page and index.
                                    IndexView.UpdateThreadIndex(id, dc);
                                    ThreadView.UpdateThreadBody(id, dc);
                                    Response.Write(file_hashes.Count + " files deleted successfully");
                                }
                                else
                                {
                                    //No file was selected.  Redirect to the delete file page, with 'no file selected' notice.
                                    Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?ns=1&id=" + id.ToString(), true); //ns == no file seleted
                                }
                            }
                            else
                            {
                                //Bad password. Redirect to the delete file page, with 'bad password' notice.
                                Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?bp=1&id=" + id.ToString(), true); //bp == bad password
                            }
                        }
                        else
                        {
                            //invalid captcha. Redirect to the delete file page, with 'bad captcha' notice
                            Response.Redirect(Settings.Paths.WebRoot + "deletefile.aspx?wc=1&id=" + id.ToString(), true); //wc == wrong captcha
                        }
                    }
                }
            }
            else
            {
                int id = -1;
                Int32.TryParse(Request["id"], out id);

                if (id <= 0)
                {
                    Response.Write("Invalid post id.");
                    Response.End();
                }

                using (DbConnection dc = Database.DatabaseEngine.GetDBConnection())
                {
                    dc.Open();

                    WPost post = Board.BoardCommon.GetPostData(id, dc);

                    if (post == null)
                    {
                        Response.Write("Post does not exist");
                        Response.End();
                    }
                    else
                    {
                        if (post.FileCount == 0)
                        {
                            Response.Write("Post has no files");
                            Response.End();
                        }
                        else if (post.FileCount == 1)
                        {
                            if (string.IsNullOrEmpty(post.Comment) & post.Type == Enums.PostType.Reply)
                            {
                                Response.Write("Cannot delete this post because it has no comment and only a single file. \n Delete the post instead.");
                                Response.End();
                            }
                            else
                            {
                                //show delete file page
                                Response.Write(generate_page(post));
                            }
                        }
                        else
                        {
                            Response.Write(generate_page(post));
                        }
                    }
                }
            }
        }