∞chan is saving all poster IPs indefinitely.
This is the code that matters:
[code]
event_handler('post-after', function($post) {
global $board;
$post['ip'] = $_SERVER['REMOTE_ADDR'];
$data = json_encode(array('ip' => $post['ip'], 'body' => $post['body_nomarkup']));
for ($i = 0; $i <= 10; $i++) { $data .= chr(mt_rand(0,255)); }
$key = @file_get_contents('/srv/sunshine.pem');
if (!$key) return;
openssl_public_encrypt($data, $crypted, $key);
if (!$crypted) return;
$query = prepare('INSERT INTO ``sunshine`` VALUES (:board, :id, :data)');
$query->bindValue(':board', $board['uri']);
$query->bindValue(':id', $post['id']);
$query->bindValue(':data', $crypted);
$query->execute()or error(db_error($query)); // Failure is never an option, except when it is.
});
Upon review of the vichan source code, I found that the "event_handler" function adds a callback function which is run when the corresponding "event" function is called. For example, event_handler('post-after') runs when event('post-after') is called, which it is called at the end of post.php.
Line by line, this function makes JSON of our IPs and our post text. It then puts 10 random bytes at the end of the JSON. It then uses a file called "/srv/sunshine.pem" as a public key to encrypt the JSON with the PHP function "openssl_public_encrypt".
It then inserts the JSON, along with the board being posted on and the ID of the post, into a table called "sunshine". The board and ID of post are in the clear, only the post content and IP are crypted in that JSON array.
This gives McRonald and Jim the ability to look up the IP of any post they want even if the post is no longer live on the public site.