From 55e275f02b1d1b1aec14e2eae4d39ddfca3f52f2 Mon Sep 17 00:00:00 2001 From: Pk11 Date: Thu, 31 Mar 2022 07:10:07 -0500 Subject: [PATCH] --- bbs.php | 326 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 164 insertions(+), 162 deletions(-) diff --git a/bbs.php b/bbs.php index 3becf2a..81a0399 100644 --- a/bbs.php +++ b/bbs.php @@ -54,191 +54,193 @@ * ); */ require_once('vars.php'); -?> - - - - - - - BBS | ピケ.コム - - -

- [bottom] -

- '.bmp', - 'image/gif' => '.gif', - 'image/jpeg' => '.jpg', - 'image/pjpeg' => '.jpg', - 'image/png' => '.png' - ]; - - // Validate and move the uploaded image file, if necessary - if(!empty($img['tmp_name'])) { - if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') - || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) - && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { - if($img['error'] == 0) { - // Move the file to the target upload folder - $target = UPLOAD_PATH . time() . $extensions[$img['type']]; - if(!move_uploaded_file($img['tmp_name'], $target)) { - // The new image file move failed, so delete the temporary file and return an error - @unlink($img['tmp_name']); - return 'Unable to upload image, please contact the webmaster.'; - } + //// Functions: //// + + // Adds a post to the database + function post($name, $comment, $img, $save_cookie) { + $extensions = [ + 'image/bmp' => '.bmp', + 'image/gif' => '.gif', + 'image/jpeg' => '.jpg', + 'image/pjpeg' => '.jpg', + 'image/png' => '.png' + ]; + + // Validate and move the uploaded image file, if necessary + if(!empty($img['tmp_name'])) { + if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') + || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) + && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { + if($img['error'] == 0) { + // Move the file to the target upload folder + $target = UPLOAD_PATH . time() . $extensions[$img['type']]; + if(!move_uploaded_file($img['tmp_name'], $target)) { + // The new image file move failed, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return 'Unable to upload image, please contact the webmaster.'; } - } else { - // The image is not valid, so delete the temporary file and return an error - @unlink($img['tmp_name']); - return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.'; } + } else { + // The image is not valid, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.'; } + } - if(empty($comment) && empty($target)) - return 'You must include an image and/or a comment'; + if(empty($comment) && empty($target)) + return 'You must include an image and/or a comment'; - if($save_cookie) { - $uid = $_COOKIE['uid']; - if(empty($uid)) { - $uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT); - setcookie("uid", $uid, 0x7FFFFFFF); - } + if($save_cookie) { + $uid = $_COOKIE['uid']; + if(empty($uid)) { + $uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT); + setcookie("uid", $uid, 0x7FFFFFFF); } - - // Add post to database - $query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)"; - $params = [ - empty($uid) ? NULL : $uid, - empty($name) ? 'Anonymous' : htmlspecialchars($name), - empty($comment) ? NULL : htmlspecialchars($comment), - empty($target) ? NULL : basename($target) - ]; - webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation - pg_query_params($query, $params) or die('Query failed: ' . pg_last_error()); - - return ""; // Success, no error - } - - // Regex callback, makes >>quotes into links - function quote_link($match) { - $query = "SELECT post_id FROM posts WHERE post_id=$1"; - $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); - $row_count = pg_num_rows($result); - pg_free_result($result); - if($row_count > 0) - return "{$match[0]}"; - else - return "{$match[0]}"; } - // Prints the post list - function show_posts() { - $query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; - $result = pg_query($query) or die('Query failed: ' . pg_last_error()); - - // Clean up old posts - $row_count = pg_num_rows($result); - if($row_count > MAX_POSTS) { - for($i = 0; $i < $row_count - MAX_POSTS; $i++) { - $row = pg_fetch_array($result); - cleanup($row['post_id']); - } - } + // Add post to database + $query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)"; + $params = [ + empty($uid) ? NULL : $uid, + empty($name) ? 'Anonymous' : htmlspecialchars($name), + empty($comment) ? NULL : htmlspecialchars($comment), + empty($target) ? NULL : basename($target) + ]; + webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation + pg_query_params($query, $params) or die('Query failed: ' . pg_last_error()); + + return ""; // Success, no error + } - // Print posts - $show_delete = FALSE; - echo '
'; - while ($row = pg_fetch_array($result)) { - echo "
"; + // Regex callback, makes >>quotes into links + function quote_link($match) { + $query = "SELECT post_id FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); + $row_count = pg_num_rows($result); + pg_free_result($result); + if($row_count > 0) + return "{$match[0]}"; + else + return "{$match[0]}"; + } - echo ''; - if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) { - echo ' '; - $show_delete = TRUE; - } - echo "{$row['name']} {$row['post_time']} "; - echo "#{$row['post_id']}"; - echo ''; - - if(!empty($row['img'])){ - echo ''; - echo '' . $row['img'] . ''; - echo ''; - } + // Prints the post list + function show_posts() { + $query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; + $result = pg_query($query) or die('Query failed: ' . pg_last_error()); + + // Clean up old posts + $row_count = pg_num_rows($result); + if($row_count > MAX_POSTS) { + for($i = 0; $i < $row_count - MAX_POSTS; $i++) { + $row = pg_fetch_array($result); + cleanup($row['post_id']); + } + } - // Process quotes, links, and newlines - if(!empty($row['comment'])) { - $comment = $row['comment']; - $comment = preg_replace('/^>[^>].*/m', '$0', $comment); - $comment = preg_replace('/https?:\/\/[^\s]+/m', '$0', $comment); - $comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment); - $comment = str_replace("\n", "
", $comment); - echo "

$comment

"; - } + // Print posts + $show_delete = FALSE; + echo ''; + while ($row = pg_fetch_array($result)) { + echo "
"; - echo '
'; + echo ''; + if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) { + echo ' '; + $show_delete = TRUE; + } + echo "{$row['name']} {$row['post_time']} "; + echo "#{$row['post_id']}"; + echo ''; + + if(!empty($row['img'])){ + echo ''; + echo '' . $row['img'] . ''; + echo ''; } - pg_free_result($result); + // Process quotes, links, and newlines + if(!empty($row['comment'])) { + $comment = $row['comment']; + $comment = preg_replace('/^>[^>].*/m', '$0', $comment); + $comment = preg_replace('/https?:\/\/[^\s]+/m', '$0', $comment); + $comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment); + $comment = str_replace("\n", "
", $comment); + echo "

$comment

"; + } - if($show_delete) - echo '

'; - echo ''; + echo '
'; } - // Removes a post from the database and its image - function cleanup($id, $force = FALSE) { - $query = "SELECT user_id, img FROM posts WHERE post_id=$1"; - $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); - $row = pg_fetch_array($result); - pg_free_result($result); - if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) { - unlink(UPLOAD_PATH . $row['img']); - $query = "DELETE FROM posts WHERE post_id=$1"; - pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); - } + pg_free_result($result); + + if($show_delete) + echo '

'; + echo ''; + } + + // Removes a post from the database and its image + function cleanup($id, $force = FALSE) { + $query = "SELECT user_id, img FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + $row = pg_fetch_array($result); + pg_free_result($result); + if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) { + unlink(UPLOAD_PATH . $row['img']); + $query = "DELETE FROM posts WHERE post_id=$1"; + pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); } + } - // Sends a webhook to Discord - function webhook($name, $message, $img) { - if(empty(DISCORD_WEBHOOK)) - return; - - $data = [ - 'username' => $name, - 'embeds' => [ - [ - 'title' => "New Post", - 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', - 'description' => $message, - 'image' => [ - 'url' => $img - ] + // Sends a webhook to Discord + function webhook($name, $message, $img) { + if(empty(DISCORD_WEBHOOK)) + return; + + $data = [ + 'username' => $name, + 'embeds' => [ + [ + 'title' => "New Post", + 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', + 'description' => $message, + 'image' => [ + 'url' => $img ] ] - ]; - - $curl = curl_init(DISCORD_WEBHOOK); - curl_setopt($curl, CURLOPT_HEADER, false); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); - curl_exec($curl); - $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); - curl_close($curl); - if($status != 204) - die("Error: Sending webhook failed with status $status."); - } + ] + ]; + + $curl = curl_init(DISCORD_WEBHOOK); + curl_setopt($curl, CURLOPT_HEADER, false); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); + curl_setopt($curl, CURLOPT_POST, true); + curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); + curl_exec($curl); + $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); + curl_close($curl); + if($status != 204) + die("Error: Sending webhook failed with status $status."); + } +?> + + + + + + BBS | ピケ.コム + + +

+ [bottom] +

+ +