xeoncross/f.php

## readme.md

      
    Raw
  

              readme.md
            
          
    I wanted to see if I could improve the famous 1kB Forum. The most important thing seemed to be some kind of crowd control - so I added DNSBL checking, IP logging, fixed some E_NOTICE errors in the script. The size is now 1013 characters.
If you want to know what IP's have been posting the most threads (or causing the most trouble), you can run the following query:
SELECT COUNT(a), INET_NTOA(a) AS IP FROM `t` GROUP BY IP;

If you just want to see the IP's of each topic's poster you can run this:
SELECT *, INET_NTOA(a) AS IP FROM `t`;

Limitations

IP's are only logged for threads - not comments, this is to insure backwards-compatibility with any current installs as it uses the un-used "a" column of the thread table. So you can replace your script with this one without any problems!
I had to remove the wrapping <html><body> tags to make room. However, the script doesn't really need them, and now it can be included into a full layout better anyway. See the index.php example below.
Changes


mysql_connect(0,'root',''); instead of mysql_connect('localhost','username','********');
$v=(int)@$v; instead of $v=intval($v);
removed unneeded action="f.php" since browser default is "same-page".

Thoughts

I looked into using a "proper" test instead of the "A" name record check.
if($r=gethostbyname("$ip.opm.tornevall.org"))if(substr($r,-2)>63)die();

I thought about using PDO so we could get prepared-statements so that when PHP strip_slashes is off everything will still work fine.
$d=new\PDO('mysql:dbname=d','root');
$q=function($q,$p=NULL)use($d){$s=$d->prepare($q);$s->execute($p);return$s;};


## f.php
<?checkdnsrr(join('.',array_reverse(explode('.',$p=getenv('REMOTE_ADDR')))).".opm.tornevall.org","A")&&die('Bad Bot');mysql_connect(0,'root','');mysql_select_db('d');extract($_REQUEST);$v=(int)@$v;$i=0;$q='mysql_query';$f='mysql_fetch_row';$n='mysql_num_rows';$x='<input type="';$s="SELECT*FROM";$t='CREATE TABLE IF NOT EXISTS t(i INT AUTO_INCREMENT,a INT,b TEXT,KEY(i))';$h='htmlspecialchars';$q($t);$q(strtr($t,'t','p'));$l=' ORDER BY';$o='';$u='INSERT INTO';$c="b)VALUES(";if(@$b){if(!$v)$q("$u t(a,$c INET_ATON('$p'),'$e')");$v=max($v,mysql_insert_id());$q("$u p(a,$c'$v','$b')");}if($v){$t=$q("$s p WHERE a=$v$l i");echo'<a href="f.php">Back</a>';for(;$i<$n($t);++$i){$r=$f($t);echo'<hr/>'.nl2br($h($r[2]));}}else{$t=$q("$s t$l-i");for(;$i<$n($t);++$i){$r=$f($t);echo'<a href="f.php?v='.$r[0].'">'.$h($r[2]).'</a><br/>';}$o='Title:'.$x.'text"name="e"/><br/>';}echo'<hr/>Post:<form method="post">'.$x.'hidden"name="v"value="'."$v\"/>$o<textarea name=\"b\"></textarea>$x";?>submit"name="w"value="Post"/></form>

## f.src.php
<?
checkdnsrr(join('.',array_reverse(explode('.',$p=getenv('REMOTE_ADDR')))).".opm.tornevall.org","A")&&die('Bad Bot');
mysql_connect(0,'root','');
mysql_select_db('d');
extract($_REQUEST);
$v=(int)@$v;
$i=0;
$q='mysql_query';
$f='mysql_fetch_row';
$n='mysql_num_rows';
$x='<input type="';
$s="SELECT*FROM";
$t='CREATE TABLE IF NOT EXISTS t(i INT AUTO_INCREMENT,a INT,b TEXT,KEY(i))';
$h='htmlspecialchars';
$q($t);
$q(strtr($t,'t','p'));
$l=' ORDER BY';
$o='';
$u='INSERT INTO';
$c="b)VALUES(";

if(@$b)
{
	if(!$v)$q("$u t(a,$c INET_ATON('$p'),'$e')");
	$v=max($v,mysql_insert_id());
	$q("$u p(a,$c'$v','$b')");
}
if($v)
{
	$t=$q("$s p WHERE a=$v$l i");
	echo'<a href="f.php">Back</a>';
	for(;$i<$n($t);++$i)
	{
		$r=$f($t);
		echo'<hr/>'.nl2br($h($r[2]));
	}
}
else
{
	$t=$q("$s t$l-i");
	for(;$i<$n($t);++$i)
	{
		$r=$f($t);
		echo'<a href="f.php?v='.$r[0].'">'.$h($r[2]).'</a><br/>';
	}
	$o='Title:'.$x.'text"name="e"/><br/>';
}

echo'<hr/>Post:<form method="post">'.$x.'hidden"name="v"value="'."$v\"/>$o<textarea name=\"b\"></textarea>$x";
?>submit"name="w"value="Post"/></form>

## index.php
<!doctype html>
<html>
<head>
	<meta charset="utf-8"/>
	<title>1kB Forum</title>
	<!--[if lt IE 9]>
		<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->
	<link rel="stylesheet" media="all" href=""/>
	<meta name="viewport" content="width=device-width, initial-scale=1"/>
</head>
<body lang="en">
	<?require('f.php');?>
</body>
</html>
	<?
	checkdnsrr(join('.',array_reverse(explode('.',$p=getenv('REMOTE_ADDR')))).".opm.tornevall.org","A")&&die('Bad Bot');
	mysql_connect(0,'root','');
	mysql_select_db('d');
	extract($_REQUEST);
	$v=(int)@$v;
	$i=0;
	$q='mysql_query';
	$f='mysql_fetch_row';
	$n='mysql_num_rows';
	$x='<input type="';
	$s="SELECT*FROM";
	$t='CREATE TABLE IF NOT EXISTS t(i INT AUTO_INCREMENT,a INT,b TEXT,KEY(i))';
	$h='htmlspecialchars';
	$q($t);
	$q(strtr($t,'t','p'));
	$l=' ORDER BY';
	$o='';
	$u='INSERT INTO';
	$c="b)VALUES(";

	if(@$b)
	{
	if(!$v)$q("$u t(a,$c INET_ATON('$p'),'$e')");
	$v=max($v,mysql_insert_id());
	$q("$u p(a,$c'$v','$b')");
	}
	if($v)
	{
	$t=$q("$s p WHERE a=$v$l i");
	echo'<a href="f.php">Back</a>';
	for(;$i<$n($t);++$i)
	{
	$r=$f($t);
	echo'<hr/>'.nl2br($h($r[2]));
	}
	}
	else
	{
	$t=$q("$s t$l-i");
	for(;$i<$n($t);++$i)
	{
	$r=$f($t);
	echo'<a href="f.php?v='.$r[0].'">'.$h($r[2]).'</a><br/>';
	}
	$o='Title:'.$x.'text"name="e"/><br/>';
	}

	echo'<hr/>Post:<form method="post">'.$x.'hidden"name="v"value="'."$v\"/>$o<textarea name=\"b\"></textarea>$x";
	?>submit"name="w"value="Post"/></form>
	<!doctype html>
	<html>
	<head>
	<meta charset="utf-8"/>
	<title>1kB Forum</title>
	<!--[if lt IE 9]>
	<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->
	<link rel="stylesheet" media="all" href=""/>
	<meta name="viewport" content="width=device-width, initial-scale=1"/>
	</head>
	<body lang="en">
	<?require('f.php');?>
	</body>
	</html>