diff --git a/common.php b/common.php index bec03aa..e70d513 100644 --- a/common.php +++ b/common.php @@ -17,7 +17,7 @@ date_default_timezone_set('UTC'); ini_set('zlib.output_compression', 1); -if (OPEN_BASEDIR > '') { +if (OPEN_BASEDIR != '') { ini_set('open_basedir', OPEN_BASEDIR); } diff --git a/data-post.php b/data-post.php index 4d69e35..54051e2 100644 --- a/data-post.php +++ b/data-post.php @@ -37,7 +37,8 @@ $post_title_cache = []; function load_postfile($filepath) { - $text = @file_get_contents($filepath); + $text = file_get_contents($filepath); + $split = preg_split('/^-$/m', $text, 2); $text = null; @@ -97,17 +98,18 @@ function get_post_metadata($file, $deleted = false) { $is_guest = $userid === ''; $thread_title = ''; - if ($thread_id > '') { + if ($thread_id != '') { $thread_title = load_post_title_by_id($thread_id); - if (!$thread_title > '') { - $thread_title = '無題#' . mb_substr($thread_id, 0, 7); - } + } + + if ($thread_id != '' && $thread_title != '') { + $thread_title = '無題#' . mb_substr($thread_id, 0, 7); } $detail_url = sitebase('post/?id=' . $id); $delete_url = sitebase('post-delete/?id=' . $id); $user_url = $is_guest ? '' : sitebase('user/?id=' . $userid); - $thread_url = $thread_id > '' ? sitebase('post/?id=' . $thread_id) : ''; + $thread_url = $thread_id != '' ? sitebase('post/?id=' . $thread_id) : ''; $is_mine = !$is_guest && $userid === ($_SESSION['user']['id'] ?? ''); // too long, sorry. @@ -129,18 +131,17 @@ function load_post($filepath) { $userid = $metadata['userid']; $users = load_users(); + $username = GUESTNAME; + if ($deleted) { $username = DELETEDNAME; } - elseif ($userid > '') { + elseif ($userid != '') { $username = $users[$userid]['username'] ?? 'UNKNOWN'; } - else { - $username = GUESTNAME; - } $attachments = []; - if ($attachment_id > '') { + if ($attachment_id != '') { $attachments[] = [ 'url' => sitebase('attachment/?id=' . $attachment_id), 'name' => '添付画像(Image)', @@ -154,6 +155,10 @@ function load_post($filepath) { } function load_post_by_id($id) { + if (!file_exists(POST_DIR)) { + die(POST_DIR.': ディレクトリは存在しません。'); + } + $files = glob(POST_DIR . '2*Z*.id' . $id . '.*.txt'); if (sizeof($files) !== 1) { $files = null; @@ -165,6 +170,10 @@ function load_post_by_id($id) { } function search_post($options = []) { + if (!file_exists(POST_DIR)) { + die(POST_DIR.': ディレクトリは存在しません。'); + } + $pagesize = $options['pagesize'] ?? 0; $has_paging = $pagesize > 0; $thread = false; @@ -176,7 +185,7 @@ function search_post($options = []) { $options = null; $pattern = '2*Z*.txt'; - if ($key === 'userid' && $value > '') { + if ($key === 'userid' && $value != '') { $pattern = "2*Z*.us{$value}.*.txt"; } elseif ($key == 'thread' && $value >= 0) { @@ -188,7 +197,6 @@ function search_post($options = []) { $key = null; $value = null; - $now = date('Y-m-d\\TH:i:s\\Z'); $files = glob(POST_DIR . $pattern); $files = array_filter( @@ -261,36 +269,35 @@ function add_post($userid, $title, $body, $attachment_id, $file_hash, &$post_id_ $id = md5(bin2hex(random_bytes(256)) . $userid . $title . $body); - if ($spooftime) { - $dto = new DateTime('+' . (mt_rand(60 * 60 * 3, 60 * 60 * 27 - 1)) . 'seconds'); - } else { - $dto = new DateTime(); - } + $dto = new DateTime($spooftime ? '+' . (mt_rand(60 * 60 * 3, 60 * 60 * 27 - 1)) . 'seconds' : ''); $datetime = $dto->format('Y-m-d\\TH:i:s\\Z'); $timestamp = $dto->getTimestamp(); - $dto = null; + unset($dto); $file = "{$datetime}.id{$id}.us{$userid}.to-.th{$thread_id}.txt"; if ($body !== '.' || $file_hash === '') { $error = check_repeating_info($body, $datetime); if ($error) { return ['すでに同様の書き込み有り(削除済みを含む)。連投防止。']; } } - if ($file_hash > '') { + if ($file_hash != '') { $error = check_repeating_info($body, $datetime, $file_hash); if ($error) { return ['すでに同じ画像有り(削除済みを含む)。連投防止。']; } } - mkdir_p(POST_DIR); + if (!mkdir_p(POST_DIR)) { + die("mkdir_pを実行に失敗しました。"); + } + $result = file_put_contents(POST_DIR . $file, $text, LOCK_EX); if ($result === false) { return ['書き込みの保存に失敗。']; } - @chmod(POST_DIR . $file, 0600); - @touch(POST_DIR . $file, $timestamp, $timestamp); + touch(POST_DIR . $file, $timestamp, $timestamp); + chmod(POST_DIR . $file, 0644); if ($body !== '.' || $file_hash === '') { add_repeating_info(make_repeating_info($body, $datetime)); } - if ($file_hash > '') { + if ($file_hash != '') { add_repeating_info(make_repeating_info($body, $datetime, $file_hash)); } @@ -301,7 +308,7 @@ function add_post($userid, $title, $body, $attachment_id, $file_hash, &$post_id_ function check_uploaded_image($key) { $size = $_FILES[$key]['size'] ?? 0; if ($size <= 0) { return ['画像ファイルが不正。']; } - if ($size > 1024 * 500) { ['画像ファイルは 500 kb 以内。']; } + else if ($size > 1024 * 500) { ['画像ファイルは 500 kb 以内。']; } $buffer = file_get_contents($_FILES[$key]['tmp_name']); $type = get_image_type($buffer); @@ -316,16 +323,17 @@ function save_uploaded_image($key, $attachment_id) { $type = get_image_type($buffer); if (!isset($type)) { on_error(400, ['画像ファイルが不正。']); } - $result = mkdir_p(ATTACHMENT_DIR, 0700); - if (!$result) { return ['フォルダの作成に失敗。']; } + if (!$result = mkdir_p(ATTACHMENT_DIR, 0700)) { + return ['フォルダの作成に失敗。']; + } $target = ATTACHMENT_DIR . $attachment_id . '.gz'; if (!$gz = gzopen($target, 'w1')) { return ['画像の書き込みに失敗。']; } $result = gzwrite($gz, $buffer); if ($result === false) { return ['画像の書き込みに失敗。']; } - @gzclose($gz); - @chmod($target, 0777); + gzclose($gz); + chmod($target, 0777); return []; } @@ -352,8 +360,6 @@ function delete_post($id) { $result = file_put_contents($filepath, '', LOCK_EX); if ($result === false) { return ['書き込みの削除に失敗。']; } - @chmod($filepath, 0600); - return []; } @@ -380,7 +386,7 @@ function load_threads() { if ($parent['deleted']) { continue; } $thread = ['count' => 2]; - if (($parent['title'] ?? '') > '') { + if (($parent['title'] ?? '') != '') { $thread['title'] = $parent['title']; } else { @@ -405,21 +411,20 @@ function load_threads() { } function make_repeating_info($body, $datetime, $file_hash = '') { - if ($file_hash > '') { - $hash = $file_hash; - $size = 10; + if ($file_hash != '') { + return ['hash' => $file_fash, 'limit' => mb_substr($datetime, 0, 10)]; } - else { - $letter_only = preg_replace('/[^\p{Ll}\p{Lt}\p{Lo}\p{Lu}\p{N}]/u', '', $body); - if (mb_strlen($letter_only) > 0) { $body = $letter_only; } - $hash = md5($body); - $len = mb_strlen($body); - if ($len <= 2) { $size = 16; } - elseif ($len <= 30) { $size = 13; } - elseif ($len <= 40) { $size = 10; } - else { $size = 7; } - } + $letter_only = preg_replace('/[^\p{Ll}\p{Lt}\p{Lo}\p{Lu}\p{N}]/u', '', $body); + if (mb_strlen($letter_only) > 0) { $body = $letter_only; } + + $hash = md5($body); + $len = mb_strlen($body); + if ($len <= 2) { $size = 16; } + elseif ($len <= 30) { $size = 13; } + elseif ($len <= 40) { $size = 10; } + else { $size = 7; } + return [ 'hash' => $hash, 'limit' => mb_substr($datetime, 0, $size), @@ -432,12 +437,15 @@ function add_repeating_info($repeating_info) { $limit = $repeating_info['limit'] ?? ''; $text = "$hash\t$limit" . PHP_EOL; $result = file_put_contents(LIMIT_TSV, $text, FILE_APPEND | LOCK_EX); - if ($result !== false) { @chmod(LIMIT_TSV . $file, 0600); } } function check_repeating_info($body, $datetime, $file_hash = '') { + if (!file_exists(LIMIT_TSV)) { + die(LIMIT_TSV.": ファイルを見つけられません。"); + } + $hash = make_repeating_info($body, $datetime, $file_hash)['hash']; - $text = @file_get_contents(LIMIT_TSV) ?? ''; + $text = file_get_contents(LIMIT_TSV) ?? ''; $lines = explode(PHP_EOL, $text); $text = null; @@ -454,13 +462,13 @@ function check_repeating_info($body, $datetime, $file_hash = '') { $count += 1; } } - $array = null; - } - $lines = null; - $line = null; + unset($array); + unset($line); + } + + unset($lines); $result = file_put_contents(LIMIT_TSV, $out, LOCK_EX); - if ($result !== false) { @chmod(LIMIT_TSV . $file, 0600); } return $count >= 1; } @@ -468,6 +476,10 @@ function check_repeating_info($body, $datetime, $file_hash = '') { // Util function count_post() { + if (!file_exists(POST_DIR)) { + die(POST_DIR.': ディレクトリは存在しません。'); + } + $pattern = '2*Z*.txt'; $files = glob(POST_DIR . '2*Z*.txt'); $size = sizeof($files); @@ -477,6 +489,10 @@ function count_post() { } function count_post_today() { + if (!file_exists(POST_DIR)) { + die(POST_DIR.': ディレクトリは存在しません。'); + } + $date = date('Y-m-d'); $pattern = "{$date}T*Z.*.txt"; $files = glob(POST_DIR . $pattern); @@ -487,6 +503,10 @@ function count_post_today() { } function load_post_title_by_id($id) { + if (!file_exists(POST_DIR)) { + die(POST_DIR.': ディレクトリは存在しません。'); + } + global $post_title_cache; if (isset($post_title_cache[$id])) { return $post_title_cache[$id]; } diff --git a/data.php b/data.php index d84f0f4..f73ecb6 100644 --- a/data.php +++ b/data.php @@ -19,20 +19,19 @@ function load_users() { if (isset($users_cache)) { return $users_cache; } $users_cache = []; - $prev = @file_get_contents(USERS_TSV) ?? ''; + $prev = file_get_contents(USERS_TSV) ?? ''; $rows = explode(PHP_EOL, $prev); - $prev = null; + unset($prev); foreach ($rows as $row) { $user = parse_user_row($row); - if ($user['id'] <= '') { continue; } + if ($user['id'] == '') { continue; } $user['hash_password'] = ''; // HIDE $users_cache[$user['id']] = $user; - $user = null; + unset($user); } - $rows = null; - $row = null; + unset($rows); return $users_cache; } @@ -40,12 +39,14 @@ function load_users() { function update_user($user) { // 注意:ここを変更したら、必ず、ユーザーが消えない事をテストすること。 + if (!$user) { return ['ユーザーが不正。']; } + if (!isset($user['id'])) { return ['ユーザーIDが不正。']; } $id = $user['id']; $username = $user['username']; $password = $user['password']; $trip = $user['trip'] ?? ''; - $fp = @fopen(USERS_TSV, 'r+'); + $fp = fopen(USERS_TSV, 'r+'); if ($fp === false || !flock($fp, LOCK_EX)) { return ['ファイルの取得に失敗。']; } $prev = fread($fp, filesize(USERS_TSV)); @@ -65,25 +66,22 @@ function update_user($user) { continue; } - if ($password > '') { + if ($password != '') { $hash_password = hash_password($password); } else { $array = explode("\t", $row); $hash_password = $array[2]; - $array = null; + unset($array); } $output .= "{$id}\t{$username}\t{$hash_password}\t{$trip}" . PHP_EOL; - $id = null; - $username = null; - $hash_password = null; - $trip = null; + unset($id); + unset($username); + unset($hash_password); + unset($trip); $changed = true; } - $rows = null; - $row = null; - - if (!$changed) { return ['ユーザーIDが不正。']; } + unset($rows); if ( !ftruncate($fp, 0) @@ -92,27 +90,34 @@ function update_user($user) { || !fflush($fp) ) { return ['ファイルの書き込みに失敗。']; } - @flock($fp, LOCK_UN); - @fclose($fp); - @chmod(USERS_TSV, 600); + flock($fp, LOCK_UN); + fclose($fp); return []; } function add_user($user) { + if (!file_exists(USERS_TSV)) { + die(USERS_TSV.': ファイルを見つけられません。'); + } + $id = $user['id']; $username = $user['username']; $password = $user['password']; $match = find_user_row($id); if (isset($match)) { return ['ID が既存ユーザーと重複。']; } - $match = null; + unset($match); $hash_password = hash_password($password); - $record = "{$id}\t{$username}\t{$hash_password}\t" . PHP_EOL; - $result = file_put_contents(USERS_TSV, $record, FILE_APPEND | LOCK_EX); + $record = "{$id}\t{$username}\t{$hash_password}\t" . PHP_EOL; + $result = false; + + if (is_writable(USERS_TSV)) { + $result = file_put_contents(USERS_TSV, $record, FILE_APPEND | LOCK_EX); + } if ($result === false) { return ['ファイルの書き込みに失敗。']; } - @chmod(USERS_TSV, 600); + chmod(USERS_TSV, 644); return []; } @@ -124,8 +129,18 @@ function add_user($user) { // 将来的に「-」より前の行にユーザーごとの設定値などを記録する予定。 function load_profile($id) { - $profile = @file_get_contents(PROFILE_DIR . $id . '.txt') ?? ''; - if ($profile <= '') { return null; } + if (!file_exists(PROFILE_DIR)) { + if (!mkdir_p(PROFILE_DIR, 755)) die(PROFILE_DIR.'を作成に失敗。'); + } + if (!file_exists(PROFILE_DIR.$id.'.txt')) { + touch(PROFILE_DIR.$id.'.txt', time()); + } + + $profile = ''; + if (is_writable(PROFILE_DIR.$id.'.txt')) { + $profile = file_get_contents(PROFILE_DIR . $id . '.txt') ?? ''; + } + if ($profile == '') { return null; } $split = preg_split('/^-$/m', $profile, 2); $bio = mbtrim($split[1] ?? ''); @@ -139,7 +154,6 @@ function save_profile($id, $profile) { if (!mkdir_p(PROFILE_DIR)) { return ['フォルダーの作成に失敗。']; } $result = file_put_contents(PROFILE_DIR . $id . '.txt', '-' . PHP_EOL . $bio . PHP_EOL); if ($result === false) { return ['ファイルの書き込みに失敗。']; } - @chmod(PROFILE_DIR . $id . '.txt', 600); return []; } @@ -161,15 +175,15 @@ function auth_user($id, $password) { // Util function find_user_row($id) { - $users = @file_get_contents(USERS_TSV) ?? ''; + $users = file_get_contents(USERS_TSV) ?? ''; $rows = explode(PHP_EOL, $users); - $search_id = $id . "\t"; - foreach ($rows as $row) { - if (stripos($row, $search_id) === 0) { - return $row; - } - } + $search_id = $id . "\t"; + foreach ($rows as $row) { + if (stripos($row, $search_id) === 0) { + return $row; + } + } return null; } diff --git a/public/attachment/index.php b/public/attachment/index.php index b6851a2..e432ded 100644 --- a/public/attachment/index.php +++ b/public/attachment/index.php @@ -5,7 +5,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!ENABLE_ATTACHMENT) { return on_error(404, ['Not Found.']); } $id = $_GET['id'] ?? ''; - if ($id <= '' || !preg_match('/^[a-z0-9]{32}$/', $id)) { return on_error(400, ['URLが不正。']); } + if ($id == '' || !preg_match('/^[a-z0-9]{32}$/', $id)) { return on_error(400, ['URLが不正。']); } $filepath = ATTACHMENT_DIR . $id . '.gz'; if (!file_exists($filepath)) { return on_error(404, ['Not Found.']); } diff --git a/public/post/index.php b/public/post/index.php index 9822de6..8617cb9 100644 --- a/public/post/index.php +++ b/public/post/index.php @@ -21,7 +21,7 @@ function do_get() { $view['post'] = $post; $thread_id = $post['thread_id']; - $is_reply = $thread_id > ''; + $is_reply = $thread_id != ''; if ($is_reply) { $result = search_post(['key' => 'thread', 'value' => $thread_id]); $total = $result['total']; diff --git a/public/setting/index.php b/public/setting/index.php index 7e45a29..230976b 100644 --- a/public/setting/index.php +++ b/public/setting/index.php @@ -34,7 +34,7 @@ function do_post() { } $error_bio = []; - if ($bio > '') { + if ($bio != '') { $error_bio = validate_bio($bio); if (!$error_bio) { $bio = sanitize_bio($bio); @@ -43,7 +43,7 @@ function do_post() { } $error_password = []; - if ($password > '') { + if ($password != '') { $error_password = validate_register_password($password, $password2); } @@ -54,8 +54,8 @@ function do_post() { if (!$notrip) { $trip = $_SESSION['user']['trip']; } - if ($tripkey > '') { - // $notrip == 1 かつ $tripkey > '' ならトリップを變更できる + if ($tripkey != '') { + // $notrip == 1 かつ $tripkey != '' ならトリップを變更できる $trip = twochan_trip($tripkey); } diff --git a/validate.php b/validate.php index c84d6f1..671d4b0 100644 --- a/validate.php +++ b/validate.php @@ -5,7 +5,7 @@ function validate_register_id($s) { $s = mbtrim($s); $len = mb_strlen(mbtrim($s)); if ($len < 3) { return ['ID は必須、3文字以上。']; } - if ($len > 12) { return ['ID は 12文字以内。']; } + else if ($len > 12) { return ['ID は 12文字以内。']; } if (!preg_match('/^[a-zA-Z0-9]+$/', $s)) { return ['ID は半角英數のみ。']; } return []; } @@ -13,7 +13,7 @@ function validate_register_id($s) { function validate_register_username($s) { $len = mb_strlen(mbtrim($s)); if ($len < 1) { return ['名前は必須。']; } - if ($len > 50) { return ['名前は 50文字以内。']; } + else if ($len > 50) { return ['名前は 50文字以内。']; } return []; } diff --git a/view/post-common.php b/view/post-common.php index d73cf37..012c138 100644 --- a/view/post-common.php +++ b/view/post-common.php @@ -33,7 +33,7 @@ function view_post($post, $options = []) { $post_time_class = 'post-time'; if ($post['is_future']) { $post_time_class .= ' is-future'; } - if ($is_single || $detail_url <= '') { + if ($is_single || $detail_url == '') { $html_time = '' . $time . ''; } else { @@ -55,15 +55,15 @@ function view_post($post, $options = []) { $html_attachment_items = join(PHP_EOL, $attachment_items); ?> 0 ? ' id="N' . $res_num . '"' : '') ?>> - ''): ?> +
件名:
0 ? "{$res_num} " : '' ?>
- ''): ?> +
RE:
- ''): ?> +
diff --git a/view/post-form.php b/view/post-form.php index 83375a6..704cd36 100644 --- a/view/post-form.php +++ b/view/post-form.php @@ -2,7 +2,7 @@ // Post form ?> - ''): ?> +

返信・Reply

@@ -30,7 +30,7 @@ $view['form'] = $view['form'] ?? [];