I have edited my connection strings. In the inc/secrets.php file, But I keep getting a 500 error.

http://grandjest.com/mod.php

It's so frustrating. I have gotten many versions of vichan working.

I don't have the DirectIO module. But I do have read write premissions. I'm on a godaddy server.

Any pointers? I have been on this two days now. I can't figure this out.

Is it possibile to rebuild the static pages through the mod panel?
im not using infinity as i dont want to waste my time installing it to find out it wont work.

Im not using an VPS so i cant use sudo commands

uhhh help
already set site to utf8

whats the best way to upgrade the older fork Vichan to OpenIB in a secure way?
thanks

So, like, I heard about "memory safety" and stuff, and thought, "who wouldn't want that"?
so rewrite everything in rust, now. chop chop
I would gladly help in this endeavour!

To copy issue, just make a post and copy/paste that post.

This:
"Test text
Please copy paste me!"
Should become
"Test text

Please copy paste me!"

Cosmetic most of the time but still annoying

Lots of cancer in functions.php. Needs some heavy duty chemo therapy.

I use cpanel and did the instructions. Whatever I click inside index shows me a white blank page. What should I do?

Hello.
I'm developing a modern GUI for imageboards and I've integrated 8ch.net support in it.
https://catamphetamine.github.io/captchan/?chan=8ch

While adding support for 8chan I found a small bug: the images property of catalog.json is incorrect (is usually 0, but I might have seen it 1 or something like that, though it's not certain).

For example, see the "Moderation" thread on 8ch.net:
https://8ch.net/leftypol/index.html

Screenshot:

The API for catalog.json returns images: 0.

Screenshot:

According to the docs: https://github.com/vichan-devel/vichan-API

Clearly 0 is not # images total in this case because omitted_images is about 100 still images is 0.

The workaround I'm using is displaying omitted_images instead of images and it seems to be ok.

The same bug is present on kohlchan.net.
kohlchan.net is running on vichan, so I reported this issue in vichan repo too.

There is a problem with the transifex project: some features are missing (every translated board misses the "click to expand" function to see a whole thread in the index page) and the lines in javascript.po and tinyboard.po are out dated - most of the newest lines are missing and there are lots unused now.

I will accept pull requests for transifex related issues, but I wont be maintaining them myself. Anybody want to volunteer to maintain transifex issues?

I think all IPs are in hash, i can't ban or view log, is that fork right or is something wrong?

It have more features, so that might be a plus.

When installing by the instruction, trying to open mod.php, I get "The database is returned an error while processing your request. Please try again later. ". There is nothing in the /mysql/error.log file.

Hello, I have not try OpenIB yet, sorry, I just discovered this board, from the vichan. My main question here is about spam checks. vichan has no option (or extremely unclear and still not fully working) to disable any spam checks, on my current boards from vichan all the time users having problem with Spam checks with message: "you post look automated and declared", I really want to migrate from there to OpenIB but I have to make sure there are many options to remove any spam check or leave them only for humans, with some basic clicks.

Thank you.

/pol/catalog.json

{
	"no": 13414211,
	"com": "<p class=\"body-line ltr \">I can't stand the amount of fucking Russian cunts on /pol/.  They're utterly the JIDF and Obama shills on steroids using methamphetamines.  The Ruskies have all these fucked up traits.  </p><p class=\"body-line empty \"></p><p class=\"body-line ltr \">-Get Americans to rebel against America, effectively destroying ourselves from the inside out</p><p class=\"body-line ltr \">-Balkanize the world</p><p class=\"body-line ltr \">-Larp as Aryans despite being Slav-shits who historically got their asses kicked or invaded by Aryans</p><p class=\"body-line ltr \">-Pretending to be a Christian nation while supporting atheism and LARPaganism</p><p class=\"body-line ltr \">-Label every Conspiracy against America while keeping their blatant evils swept under a rug by playing victim</p><p class=\"body-line ltr \">-Accuse all opponents of being NSA, FBI, JIDF, non white, etc</p><p class=\"body-line empty \"></p><p class=\"body-line ltr \">Then there's the fact that Russia has been the biggest Kabbalist puppet in world history yet will promptly label anyone against their bullshit as a \"Jew shill\".  </p><p class=\"body-line empty \"></p><p class=\"body-line ltr \">Is there anyone else who can't stand these fucks?  Also anti-Russian thread general.</p>",
	"name": "Anonymous",
	"time": 1561011764,
	"omitted_posts": 312,
	"omitted_images": 109,
	"replies": 317,
	"images": 8,
	"sticky": 0,
	"locked": 0,
	"cyclical": "0",
	"bumplocked": "1",
	"last_modified": 1561083098,
	"id": "4b7570",
	"tn_h": 170,
	"tn_w": 255,
	"h": 771,
	"w": 1156,
	"fsize": 1696585,
	"filename": "red dawn",
	"ext": ".png",
	"tim": "fad4125911f16a6340219f00ab5b546a90e568523ec3a7d686fb9e20cb90b980",
	"fpath": 1,
	"spoiler": 0,
	"md5": "ms5k6G1Wjgt+EV5VxBsp7Q==",
	"extra_files": [
		[]
	],
	"resto": 0
}

SQL queries should not be inlined. It is best if they are put into a centralized SQL file that can be easily managed and maintained.

Need to rewrite bans.php to work for hashed IP.

Will need to add a new column in the posts table for storing hashed /16 of each IP address. Bans.php will check the user's hashed IP and hashed /16 against bans stored on the DB. Since the majority of work is being done by the hashing algorithm we should be able to slim down a lot of the functions in bans.php. Might even improve ban speed overall.

Range bans will be limited to /16 for now and it is up for debate whether to include more types of range bans in the future.

As of now, if I'm not wrong, flags aren't displayed in the API, even though I found something in the code that mentions flags: https://github.com/OpenIB/OpenIB/blob/master/inc/api.php#116

My php isn't that good, and I don't really have the time to backtrace where the function is getting it's variables from, but I wanted to ask if it would be possible to include non-country flags within the API (or at least on 8ch.net)?

Thumbnails occasionally have differing file extensions than the originating file. While it appears 8ch currently uses thumbnails with the same extension and type as the originating file (and .jpg when webm/mp4/etc), it appears config was changed in the distant past, and there are posts on many slower boards where the thumbnail extension is forced to JPG.

Therefore, it'd be nice if thumb_ext for each file was exposed. Right now, my bot is making up to two HTTP requests trying to bruteforce the file extension when the usual rules fail, and this is an undesirable, hacky solution.

Remove everything deprecated, unused, or frail.

Moved to #242

Haven't tested if these functions worked out of not wanting to accidentally damage a board, but when creating a Reporter account, the mod.php pages for it shows these options.

Even if it doesn't do anything, it shouldn't show these options to them.

Need to change this so it doesnt use shell.

PHP Fatal error: Uncaught exception 'Twig_Error_Loader' with message 'The "" directory does not exist.' in /var/www/OpenIB/inc/lib/Twig/Loader/Filesystem.php:93\nStack trace:\n#0 /var/www/OpenIB/inc/lib/Twig/Loader/Filesystem.php(75): Twig_Loader_Filesystem->addPath(NULL, '__main__')\n#1 /var/www/OpenIB/inc/template.php(23): Twig_Loader_Filesystem->setPaths(NULL)\n#2 /var/www/OpenIB/inc/template.php(42): load_twig()\n#3 /var/www/OpenIB/inc/display.php(115): Element('error.html', Array)\n#4 /var/www/OpenIB/inc/functions.php(351): error('Caught fatal er...', 3)\n#5 [internal function]: fatal_error_handler()\n#6 {main}\n thrown in /var/www/OpenIB/inc/lib/Twig/Loader/Filesystem.php on line 93

how can i solve this?

So what exactly is a "focus on user security" that open ib is supposed to have? Is that to imply that Vichan is not secure and leaks ip or database info? Can you clarify on this in the description? Because yeah, it's the starting point.

It seems that features that are added to 8chan which are not reflected in this repo. Is this intended? If so, updating README.md is probably appropriate to reflect this.

Currently RSS feeds display the sticky posts at the top of the feed (tested at 8chan). This breaks many rss feed notification systems, I guess they think there's no new posts since the top post didn't change.

Hashing of all IP across the DB is important for the security of our users. We will be implementing an IP hashing patch with a salt that refreshes every X days. This will effectively reset all bans every X days, but we will get a stronger assurance that an entire history of IP cannot be released by any possible hacker or DB leak.

Rebuild using the defaults

Board Array doesn't exist

since this board is focused on security- how well does it work on an onion server? is it useable without javascript?

As 8ch has been rebranded as 8kun, I was migrating my app from the old 8ch.net API urls to the new 8kun.top ones.
But I encountered an issue: the JSON API is now inaccessible.
Instead, it returns the "Vanwa Tech" HTML page.
Does it provide some kind of an HTTP (non-HTML) API to pass the anti-DDoS check?
Otherwise none of the mobile apps would work with the new 8ch.

Looking at the HTML page returned, seems like it generates three (or two) random HEX numbers when serving the page, and the visitor is supposed to intentionally slowly "decrypt" those values and send them as a cookie when retrying the request.
Will such protection even work? Solve the puzzle once and then DDoS the sh*t out of 8kun.top from the same bot machine, having thousands of them in a botnet. Seems like no big deal for a DDoS attacker that doesn't send each new HTTP request from a different machine.

If the DDoS protection still works, perhaps the app is supposed to just execute the code provided in the <script/> tag and set the cookie manually for all subsequent HTTP requests?
If yes, then what about the two <iframe/>s then? Why are they there? Could they be simply ignored? Or are they required to be loaded too to set up some magic? That would be a messy way for iOS/Android apps that operate as HTTP clients, not HTTP browsers.
A clear step-by-step documentation would ease the process.

Screenshot:

Request:

GET /https://8kun.top/boards-top20.json HTTP/1.1
Host: chan-chan.herokuapp.com
Connection: keep-alive
Accept: application/json
Origin: http://localhost:1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: ru,ru-RU;q=0.9,en-US;q=0.8,en;q=0.7

Response:

HTTP/1.1 200 OK
Connection: keep-alive
X-Request-Url: https://8kun.top/boards-top20.json
Server: nginx
Date: Mon, 16 Dec 2019 06:17:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
X-Final-Url: https://8kun.top/boards-top20.json
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: server,date,content-type,transfer-encoding,connection,vary,expires,cache-control,content-encoding,x-final-url,access-control-allow-origin
Via: 1.1 vegur

Response HTML:

<iframe width="0" height="0" frameborder="0" src="https://media.8kun.top/vanwanet-verify"></iframe>
<iframe width="0" height="0" frameborder="0" src="https://sys.8kun.top/vanwanet-verify"></iframe>
<body>
	Verifying your browser, please wait one moment... DDoS Mitigation by VanwaTech
	<script type="text/javascript" src="https://vanwatech.com/aes.js" ></script>
	<script>
  function toNumbers(d) {
    var e = [];
    d.replace(/(..)/g, function(d) {
      e.push(parseInt(d, 16))
    });
    return e
  }

  function toHex() {
    for (var d = [], d = 1 == arguments.length && arguments[0].constructor == Array ? arguments[0] : arguments, e = "", f = 0; f < d.length; f++) e += (16 > d[f] ? "0" : "") + d[f].toString(16);
    return e.toLowerCase()
  }
  var a = toNumbers("ddddbeefeadbeefffadebfeaaaadbeef"),
    b = toNumbers("ddddbeefeadbeefffadebfeaaaadbeef"),
    c = toNumbers("3f8404051c0555959aecb4b59d4c1e53");
  document.cookie = "VanwaNetDDoSMitigation=" + toHex(slowAES.decrypt(c, 2, a, b)) + "; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";
  location.href = "https://8kun.top/boards-top20.json?VanwaNet-DDoS-Verification-Attempt=1";
</script>
</body>

Some random related article: https://steemit.com/cloudflare/@kopipe/8chan-is-still-using-cloudflare

might need to have openIB logo too

i send jpg error message:
The server took too long to submit your post. Your post was probably still submitted. If it wasn't, 8chan might be experiencing issues right now -- please try your post again later. Error information:
{"readyState":4,"responseText":"","status":500,"statusText":"Internal Server Error"}

mp4 and webm error: There was a problem processing your webm.

Just debugged an install. Installee forgot to import the 8chan captcha db schema. No errors were thrown.

Please throw an error if no captcha table.

The only thing it seems to do is say: this post looks automated when trying to post for anons.
if you set it to true.
or is this code written so that it always needs to stay false?

Now I'm getting this error. I search the issues, there was another person who had this but no fix yet. I have read-write permissions on the folder. I had vichan working here before. I looked to turn on debugging but it's been removed from this version.

Most of the links at the top of my page are directing to 8ch.net not to my website. How do I edit the header bar to remove the 8ch.net links and direct them to my page instead.

/leftypol/ board has "political" "flags" for its posters ("Communist", "Christian Commie", etc).
Example: https://8ch.net/leftypol/res/2850073.html
These are usually output as country and country_name in various chan APIs.
8ch.net API though doesn't output such political flags in its API response.
( no country or country_name in https://8ch.net/leftypol/res/2850073.json )