Merge branch 'main' into release

PrefKarafuto · May 3, 2024 · 158e13a · 158e13a
2 parents e6f9a87 + 796a4d2
commit 158e13a
Show file tree

Hide file tree

Showing 18 changed files with 661 additions and 710 deletions.
diff --git a/test/admin.cgi b/test/admin.cgi
@@ -13,7 +13,8 @@ use open IO => ':encoding(cp932)';
 use warnings;
 no warnings 'once';
 use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
-
+use JSON;
+use LWP::UserAgent;
 
 # CGIの実行結果を終了コードとする
 exit(AdminCGI());
@@ -29,6 +30,11 @@ exit(AdminCGI());
 sub AdminCGI
 {
 	require './module/constant.pl';
+
+	# IP
+	$ENV{'REMOTE_ADDR'} = $ENV{'HTTP_CF_CONNECTING_IP'} if $ENV{'HTTP_CF_CONNECTING_IP'};
+	require './module/data_utils.pl';
+	$ENV{'REMOTE_HOST'}  = DATA_UTILS::reverse_lookup($ENV{'REMOTE_ADDR'});
 
 	# システム初期設定
 	my $CGI = {};
@@ -58,9 +64,15 @@ sub AdminCGI
 	my $sid = $Form->Get('SessionID', '');
 	$Form->Set('PassWord', '');
 	#$Form->Set('SessionID', '');
+	my $capt = Certification_Captcha($Sys,$Form) if ($pass && $Sys->Get('ADMINCAP'));
 	my ($userID, $SID) = $CGI->{'SECINFO'}->IsLogin($name, $pass, $sid);
-	$CGI->{'USER'} = $userID;
-	$Form->Set('SessionID', $SID);
+	unless($capt){
+		$CGI->{'USER'} = $userID;
+		$Form->Set('SessionID', $SID);
+		if ($CGI->{'SECINFO'}->IsAuthority($userID,$ZP::AUTH_SYSADMIN,'*')){
+			$Sys->Set('LASTMOD',time);
+		}
+	}
 
 	# バージョンチェック
 	my $upcheck = $Sys->Get('UPCHECK', 1) - 0;
@@ -95,6 +107,58 @@ sub AdminCGI
 	return 0;
 }
 
+#------------------------------------------------------------------------------------------------------------
+#
+#	Captcha検証
+#	-------------------------------------------------------------------------------------
+#
+#------------------------------------------------------------------------------------------------------------
+sub Certification_Captcha {
+    my ($Sys,$Form) = @_;
+	my ($captcha_response,$url);
+
+	my $captcha_kind = $Sys->Get('CAPTCHA');
+    my $secretkey = $Sys->Get('CAPTCHA_SECRETKEY');
+	if($captcha_kind eq 'h-captcha'){
+		$captcha_response = $Form->Get('h-captcha-response');
+    	$url = 'https://api.hcaptcha.com/siteverify';
+	}elsif($captcha_kind eq 'g-recaptcha'){
+		$captcha_response = $Form->Get('g-recaptcha-response');
+    	$url = 'https://www.google.com/recaptcha/api/siteverify';
+	}elsif($captcha_kind eq 'cf-turnstile'){
+		$captcha_response = $Form->Get('cf-turnstile-response');
+    	$url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
+	}else{
+		return 0;
+	}
+
+	my $ua = LWP::UserAgent->new();
+	my $response = $ua->post($url,{
+		secret => $secretkey,
+		response => $captcha_response,
+		remoteip => $ENV{'REMOTE_ADDR'},
+    });
+
+	if ($response->is_success()) {
+		my $json_text = $response->decoded_content();
+		my $out = decode_json($json_text);
+
+		if ($out->{success} eq 'true') {
+			return 0;
+		}elsif ($out->{error_codes} =~ /(missing-input-secret|invalid-input-secret|sitekey-secret-mismatch)/){
+			# 管理者側の設定ミス
+			return 0;
+		}else{
+			return 1;
+		}
+	} else {
+		# Captchaを素通りする場合、HTTPS関連のエラーの疑いあり
+		# LWP::Protocol::httpsおよびNet::SSLeayが入っているか確認
+		# このエラーの場合、スルーしてログインする
+		return 0;
+	}
+}
+
 #------------------------------------------------------------------------------------------------------------
 #
 #	管理システム設定

diff --git a/test/admin/admin_cgi_base.pl b/test/admin/admin_cgi_base.pl
@@ -177,6 +177,12 @@ sub PrintCSS
 	my ($data);
 
 	$data = $Sys->Get('DATA');
+
+	if($Sys->Get('ADMINCAP')){
+		$Page->Print('<script src="https://js.hcaptcha.com/1/api.js" async defer></script>') if ($Sys->Get('CAPTCHA') eq 'h-captcha');
+		$Page->Print('<script src="https://www.google.com/recaptcha/api.js" async defer></script>') if ($Sys->Get('CAPTCHA') eq 'g-recaptcha');
+		$Page->Print('<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>') if ($Sys->Get('CAPTCHA') eq 'cf-turnstile');
+	}
 
 $Page->Print(<<HTML);
  <meta http-equiv=Content-Type content="text/html;charset=Shift_JIS">

diff --git a/test/admin/bbs.setting.pl b/test/admin/bbs.setting.pl
@@ -333,7 +333,7 @@ sub PrintBaseSetting
 	$Page->Print("<tr><td colspan=2><hr></td></tr>");
 	$Page->Print("<tr><td class=\"DetailTitle\">DAT落ちスレッド保存先</td><td>");
 	$Page->Print("<select name=BBS_KAKO required>");
-	$Page->Print("<option value=\"\">プール(外部からのアクセス不可)");
+	$Page->Print("<option value=\"\">プール(外部からのアクセス不可)</option>");
 	foreach my $listid (@bbsSet) {
 		next if ($BBS->Get('DIR', $listid) eq $Sys->Get('BBS'));
 		$category	= $Category->Get('NAME', $BBS->Get('CATEGORY', $listid));
@@ -618,9 +618,9 @@ sub PrintLimitSetting
 	$Page->Print("<input type=text size=10 name=BBS_RES_MAX value=\"$setResMax\"></td></tr>");
 
 	$Page->Print("<tr><td class=\"DetailTitle\">掲示板書き込み制限</td><td><select name=BBS_READONLY>");
-	$Page->Print("<option value=on $selROon>読取専用");
-	$Page->Print("<option value=caps $selROcaps>キャップのみ可能");
-	$Page->Print("<option value=none $selROnone>書き込み可能");
+	$Page->Print("<option value=on $selROon>読取専用</option>");
+	$Page->Print("<option value=caps $selROcaps>キャップのみ可能</option>");
+	$Page->Print("<option value=none $selROnone>書き込み可能</option>");
 	$Page->Print("</select></td>");
 	$Page->Print("<td class=\"DetailTitle\">DNSBLチェック</td><td>");
 	$Page->Print("<input type=checkbox name=BBS_DNSBL_CHECK $setDNSBL value=on $isDNSBL>$setInfo</td></tr>");
@@ -635,11 +635,11 @@ sub PrintLimitSetting
 	$Page->Print("<tr><td class=\"DetailTitle\">同一スレッド名を禁止</td><td>");
 	$Page->Print("<input type=checkbox name=BBS_SAMETHREAD value=on $setSameTitle>有効</td>");
 	$Page->Print("<td class=\"DetailTitle\">逆引き不可のIPからの投稿を制限</td><td>");
-	$Page->Print("<input type=checkbox name=BBS_REVERSE_CHECK value=on $setReverse></td></tr>");
+	$Page->Print("<input type=checkbox name=BBS_REVERSE_CHECK value=on $setReverse>有効</td></tr>");
 	$Page->Print("<tr><td class=\"DetailTitle\">プロキシ規制</td><td>");
 	$Page->Print("<input type=checkbox name=BBS_PROXY_CHECK value=on $setProxy>$setInfo2</td>");
 	$Page->Print("<td class=\"DetailTitle\">???</td><td>");
-	$Page->Print("<input type=checkbox name= value=on disabled></td></tr>");
+	$Page->Print("<input type=checkbox name= value=on disabled>有効</td></tr>");
 	$Page->Print("</tr>");
 
 	$Page->Print("<tr><td colspan=4><hr></td></tr>");
@@ -768,7 +768,7 @@ sub PrintCommandSetting
 	$Page->Print("<td class=\"DetailTitle\">不落（!nopool）</td><td>");
 	$Page->Print("<input type=checkbox name=NOPOOL value=262144 $setnopool>有効</td></tr>");
 	$Page->Print("<tr>");
-	$Page->Print("<td class=\"DetailTitle\">忍法帖レベル制限 ※要忍法帖（!ninLv:[レベル]）</td><td>");
+	$Page->Print("<td class=\"DetailTitle\">忍法帖レベル制限 ※要忍法帖（!ninlv:[レベル]）</td><td>");
 	$Page->Print("<input type=checkbox name=NINLV value=8192 $setninLv>有効</td></tr>");
 
 	$Page->Print("<tr><td colspan=4><hr></td></tr>");
@@ -919,7 +919,6 @@ sub PrintOtherSetting
 	my $setConfirm		= $Setting->Get('BBS_NEWSUBJECT');
 	my $setWeek			= $Setting->Get('BBS_YMD_WEEKS');
 	my $setTripColumn	= $Setting->Get('BBS_TRIPCOLUMN');
-	my $setImgur    	= $Setting->Get('BBS_IMGUR');
 	my $setTwitter    	= $Setting->Get('BBS_TWITTER');
 	my $setMovie    	= $Setting->Get('BBS_MOVIE');
 	my $setURLtoTitle   = $Setting->Get('BBS_URL_TITLE');
@@ -986,14 +985,11 @@ sub PrintOtherSetting
 	$Page->Print("<td class=\"DetailTitle\">スレッド作成確認画面</td><td>");
 	$Page->Print("<input type=checkbox name=BBS_NEWSUBJECT $setConfirm value=on>確認あり</td></tr>");
 
-    $Page->Print("<tr><td rowspan=6 class=\"DetailTitle\"></td><td rowspan=6>");
+    $Page->Print("<tr><td rowspan=5 class=\"DetailTitle\"></td><td rowspan=5>");
 	$Page->Print("</td>");
 	$Page->Print("<td class=\"DetailTitle\">一般画像埋め込み表示</td><td>");
 	$Page->Print("<input type=checkbox name=IMGTAG value=on disabled $setImage>システム設定に依存</tr>");
 	$Page->Print("<tr>");
-	$Page->Print("<td class=\"DetailTitle\">Imgur 埋め込み表示</td><td>");
-	$Page->Print("<input type=checkbox name=BBS_IMGUR value=on $setImgur>有効</td></tr>");
-	$Page->Print("<tr>");
 	$Page->Print("<td class=\"DetailTitle\">X(旧Twitter) 埋め込み表示</td><td>");
 	$Page->Print("<input type=checkbox name=BBS_TWITTER value=on $setTwitter>有効</td></tr>");
 	$Page->Print("<tr>");
@@ -1426,7 +1422,6 @@ sub FunctionOtherSetting
 	$Setting->Set('BBS_SLIP', $Form->Get('BBS_SLIP'));
 	$Setting->Set('BBS_NINJA', ($Form->Equal('BBS_NINJA', 'on') ? 'checked' : ''));
 	$Setting->Set('BBS_HIDENUSI', ($Form->Equal('BBS_HIDENUSI', 'on') ? 'checked' : ''));
-    $Setting->Set('BBS_IMGUR', ($Form->Equal('BBS_IMGUR', 'on') ? 'checked' : ''));
     $Setting->Set('BBS_MOVIE', ($Form->Equal('BBS_MOVIE', 'on') ? 'checked' : ''));
     $Setting->Set('BBS_TWITTER', ($Form->Equal('BBS_TWITTER', 'on') ? 'checked' : ''));
     $Setting->Set('BBS_URL_TITLE', ($Form->Equal('BBS_URL_TITLE', 'on') ? 'checked' : ''));

diff --git a/test/admin/bbs.thread.pl b/test/admin/bbs.thread.pl
@@ -368,13 +368,13 @@ sub PrintThreadList
 
 	if ($isStop) {
 		$Page->Print("属性: <select name=ATTR>");
-		$Page->Print("<option value=float>浮上");
-		$Page->Print("<option value=nopool>不落");
-		$Page->Print("<option value=sagemode>sage進行");
-		$Page->Print("<option value=noid>ID無し");
-		$Page->Print("<option value=changeid>ID変更");
-		$Page->Print("<option value=force774>名無し強制");
-		$Page->Print("<option value=live>実況モード");
+		$Page->Print("<option value=float>浮上</option>");
+		$Page->Print("<option value=nopool>不落</option>");
+		$Page->Print("<option value=sagemode>sage進行</option>");
+		$Page->Print("<option value=noid>ID無し</option>");
+		$Page->Print("<option value=changeid>ID変更</option>");
+		$Page->Print("<option value=force774>名無し強制</option>");
+		$Page->Print("<option value=live>実況モード</option>");
 		$Page->Print("</select> ");
 		$Page->Print("<input type=button value=\"付加\" $common,'ATTR')\"> ");
 		$Page->Print("<input type=button value=\"解除\" $common,'DEATTR')\"> ");
@@ -463,24 +463,25 @@ sub PrintThreadCopy
 
 	$Page->Print("$text\先: <select name=TOBBS required $status>");
 	if(@bbsSet <= 1){
-		$Page->Print("<option value=\"\" disabled>選択可能な掲示板がありません");
+		$Page->Print("<option value=\"\" selected disabled>選択可能な掲示板がありません</option>");
+		$Page->Print("</select> ");
 	}else{
-		$Page->Print("<option value=\"\" disabled>選択してください");
+		$Page->Print("<option value=\"\" disabled>選択してください</option>");
 		foreach my $listid (@bbsSet) {
 			next if ($BBS->Get('DIR', $listid) eq $SYS->Get('BBS'));
 			$category	= $Category->Get('NAME', $BBS->Get('CATEGORY', $listid));
 			$Page->Print("<optgroup label=\"$category\">");
 			foreach $belongID (@belongBBS) {
 				if ($listid eq $belongID) {
 					$name		= $BBS->Get('NAME', $listid);
-					$Page->Print("<option value=$listid>$name");
+					$Page->Print("<option value=$listid>$name</option>");
 				}
 			}
 		}
+		$Page->Print("</select> ");
+		$Page->Print("<input type=checkbox value=on name=RENAME $status>同名のファイルがあればリネーム");
+		$Page->Print('<input type=button value="　' . $text . "　\" onclick=\"$common;\" $status> ");
 	}
-	$Page->Print("</select> ");
-	$Page->Print("<input type=checkbox value=on name=RENAME $status>同名のファイルがあればリネーム");
-	$Page->Print('<input type=button value="　' . $text . "　\" onclick=\"$common;\" $status> ");
 	$Page->Print("</td></tr>\n");
 	$Page->Print("</table><br>");
 }
@@ -864,9 +865,6 @@ sub FunctionThreadCopy
 
 	$Threads->Load($Sys);
 	$Info->Load($Sys);
-
-	@threadList = $Form->GetAtArray('THREADS');
-	return 1 if (!@threadList);
 
 	$tobbs 		= $Form->Get('TOBBS');
 	$rename		= $Form->Get('RENAME');
@@ -875,6 +873,9 @@ sub FunctionThreadCopy
 	$path		= $Sys->Get('BBSPATH') . "/$bbs";
 	$topath		= $Sys->Get('BBSPATH') . "/".$Info->Get('DIR',$tobbs);
 
+	@threadList = $Form->GetAtArray('THREADS');
+	return 1 if (!@threadList || !$tobbs);
+
 	my $text = $mode ? 'コピー':'移動';
 
 	foreach $id (@threadList) {

diff --git a/test/admin/login.pl b/test/admin/login.pl
@@ -55,7 +55,7 @@ sub DoPrint
 
 	$Page = $BASE->Create($Sys, $Form);
 
-	PrintLogin($Page, $Form);
+	PrintLogin($Sys, $Page, $Form);
 
 	$BASE->PrintNoList('LOGIN', 0);
 }
@@ -75,10 +75,6 @@ sub DoFunction
 	my $this = shift;
 	my ($Sys, $Form, $pSys) = @_;
 	my ($host, $Security, $Mod);
-	$ENV{'REMOTE_ADDR'} = $ENV{'HTTP_CF_CONNECTING_IP'} if $ENV{'HTTP_CF_CONNECTING_IP'};
-
-	require './module/data_utils.pl';
-	$host = DATA_UTILS::reverse_lookup($ENV{'REMOTE_ADDR'});
 
 	# ログイン情報を確認
 	if ($pSys->{'USER'}) {
@@ -107,15 +103,20 @@ sub DoFunction
 #------------------------------------------------------------------------------------------------------------
 sub PrintLogin
 {
-	my ($Page, $Form) = @_;
+	my ($Sys, $Page, $Form) = @_;
+
+	my $sitekey = $Sys->Get('CAPTCHA_SITEKEY');
+	my $classname = $Sys->Get('CAPTCHA');
+	my $Captcha = $Sys->Get('ADMINCAP') ? "<div class=\"$classname\" data-sitekey=\"$sitekey\"></div><br>" : '';
+	my $text = $sitekey && $classname && $Captcha ? 'Captcha認証に失敗したか、' : "" ;
 
 $Page->Print(<<HTML);
   <center>
    <div align="center" class="LoginForm">
 HTML
 
 	if ($Form->Get('FALSE') == 1) {
-		$Page->Print("    <div class=\"xExcuted\">ユーザ名もしくはパスワードが間違っています。</div>\n");
+		$Page->Print("    <div class=\"xExcuted\">${text}ユーザ名もしくはパスワードが間違っています。</div>\n");
 	}
 
 $Page->Print(<<HTML);
@@ -129,6 +130,7 @@ sub PrintLogin
      <tr>
       <td colspan="2" align="center">
       <hr>
+	  $Captcha
       <input type="submit" value="　ログイン　">
       </td>
      </tr>