@ -55,6 +55,7 @@
* post_time TIMESTAMPTZ NOT NULL DEFAULT NOW(),
* user_id VARCHAR(40),
* name VARCHAR(256),
* email VARCHAR(256),
* comment VARCHAR(2048),
* img VARCHAR(256)
* );
@ -64,7 +65,7 @@
//// Functions: ////
// Adds a post to the database
function post($name, $comment, $img, $save_cookie) {
function post($name, $email, $ comment, $img, $save_cookie) {
$extensions = [
'image/bmp' => '.bmp',
'image/gif' => '.gif',
@ -109,6 +110,17 @@
if(empty($comment) & & empty($target))
return 'You must include an image and/or a comment';
// Check email
if(!empty($email)) {
if(!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\._\-& !?=#+]*@/', $email)) {
return 'Invalid email address';
} else {
$domain = preg_replace('/^[a-zA-Z0-9][a-zA-Z0-9\._\-& !?=#+]*@/', '', $email);
if(!checkdnsrr($domain))
return 'Invalid email address';
}
}
if($save_cookie) {
$uid = $_COOKIE['uid'];
@ -120,14 +132,15 @@
}
// Add post to database
$query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$query = "INSERT INTO posts (user_id, name, email, comment, img) VALUES ($1, $2, $3, $4, $5 )";
$params = [
empty($uid) ? NULL : $uid,
empty($name) ? 'Anonymous' : htmlspecialchars($name),
empty($email) ? NULL : $email,
empty($comment) ? NULL : htmlspecialchars($comment),
empty($target) ? NULL : basename($target)
];
webhook($params[1], $params[2 ], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . $target); // Send to discord for moderation
webhook($params[1], $params[3 ], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . $target); // Send to discord for moderation
pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
return ""; // Success, no error
@ -147,7 +160,7 @@
// Prints the post list
function show_posts() {
$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts ORDER BY posts.post_time';
$query = 'SELECT post_id, user_id, name, email, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts ORDER BY posts.post_time';
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
// Clean up old posts
@ -170,7 +183,10 @@
echo '< input type = "checkbox" name = "delete[]" value = "' . $row['post_id'] . '" / > ';
$show_delete = TRUE;
}
echo "< strong > {$row['name']}< / strong > {$row['post_time']} ";
if(!empty($row['email']))
echo "< strong > < a href = \"mailto:{$row['email']}\" > {$row['name']}< / a > < / strong > {$row['post_time']} ";
else
echo "< strong > {$row['name']}< / strong > {$row['post_time']} ";
echo "< a href = \"#p{$row['post_id']}\" > #{$row['post_id']}< / a > ";
// Find references
$post_id = pg_escape_string($row['post_id']);
@ -274,11 +290,12 @@
if($_POST['submit'] == 'Post') {
// Grab the data from the POST
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$comment = trim($_POST['comment']);
$img = $_FILES['img'];
$save_cookie = isset($_POST['save_cookie']);
$err = post($name, $comment, $img, $save_cookie);
$err = post($name, $email, $ comment, $img, $save_cookie);
} else if($_POST['submit'] == 'Delete' & & !empty($_COOKIE['uid'])) {
foreach($_POST['delete'] as $id) {
cleanup($id);
@ -298,11 +315,15 @@
< table >
< tr >
< td > < label for = "name" > Name:< / label > < / td >
< td >< input type = "text" id = "name" name = "name" value = " <?php if ( ! empty ( $err )) echo $name ; ?> " /></ td >
< td >< input id = "name" name = "name" value = " <?php if ( ! empty ( $err )) echo htmlspecialchars ( $name ); ?> " /> (Optional)</ td >
< / tr >
< tr >
< td > < label for = "email" > Email:< / label > < / td >
< td >< input id = "email" name = "email" value = " <?php if ( ! empty ( $err )) echo htmlspecialchars ( $email ); ?> " /> (Optional)</ td >
< / tr >
< tr >
< td > < label for = "comment" > Comment:< / label > < / td >
< td >< textarea id = "comment" name = "comment" rows = "10" cols = "40" > <?php if ( ! empty ( $err )) echo $comment ; ?> </ textarea ></ td >
< td >< textarea id = "comment" name = "comment" rows = "10" cols = "40" > <?php if ( ! empty ( $err )) echo htmlspecialchars ( $comment ) ; ?> </ textarea ></ td >
< / tr >
< tr >
< td > < label for = "img" > Image:< / label > < / td >
Pk11
3 years ago
committed by
GitHub