pk11
/
bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Browse Source
main
Pk11 3 years ago committed by GitHub
parent d99e1aa2be
commit 55e275f02b
1 changed files with 164 additions and 162 deletions
Show Stats Download Patch File Download Diff File

326
bbs.php
Unescape View File

@ -54,191 +54,193 @@
* ); * );
*/ */
require_once('vars.php'); require_once('vars.php');
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>BBS | ピケ.コム</title>
</head>
<body>
<p>
[<a href="#bottom">bottom</a>]
</p>
<?php //// Functions: ////
// Adds a post to the database
function post($name, $comment, $img, $save_cookie) { // Adds a post to the database
$extensions = [ function post($name, $comment, $img, $save_cookie) {
'image/bmp' => '.bmp', $extensions = [
'image/gif' => '.gif', 'image/bmp' => '.bmp',
'image/jpeg' => '.jpg', 'image/gif' => '.gif',
'image/pjpeg' => '.jpg', 'image/jpeg' => '.jpg',
'image/png' => '.png' 'image/pjpeg' => '.jpg',
]; 'image/png' => '.png'
];
// Validate and move the uploaded image file, if necessary
if(!empty($img['tmp_name'])) { // Validate and move the uploaded image file, if necessary
if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') if(!empty($img['tmp_name'])) {
|| ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg')
&& ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp'))
if($img['error'] == 0) { && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) {
// Move the file to the target upload folder if($img['error'] == 0) {
$target = UPLOAD_PATH . time() . $extensions[$img['type']]; // Move the file to the target upload folder
if(!move_uploaded_file($img['tmp_name'], $target)) { $target = UPLOAD_PATH . time() . $extensions[$img['type']];
// The new image file move failed, so delete the temporary file and return an error if(!move_uploaded_file($img['tmp_name'], $target)) {
@unlink($img['tmp_name']); // The new image file move failed, so delete the temporary file and return an error
return 'Unable to upload image, please contact the webmaster.'; @unlink($img['tmp_name']);
} return 'Unable to upload image, please contact the webmaster.';
} }
} else {
// The image is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.';
} }
} else {
// The image is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.';
} }
}
if(empty($comment) && empty($target)) if(empty($comment) && empty($target))
return 'You must include an image and/or a comment'; return 'You must include an image and/or a comment';
if($save_cookie) { if($save_cookie) {
$uid = $_COOKIE['uid']; $uid = $_COOKIE['uid'];
if(empty($uid)) { if(empty($uid)) {
$uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT); $uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT);
setcookie("uid", $uid, 0x7FFFFFFF); setcookie("uid", $uid, 0x7FFFFFFF);
}
} }
// Add post to database
$query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$params = [
empty($uid) ? NULL : $uid,
empty($name) ? 'Anonymous' : htmlspecialchars($name),
empty($comment) ? NULL : htmlspecialchars($comment),
empty($target) ? NULL : basename($target)
];
webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
return ""; // Success, no error
}
// Regex callback, makes >>quotes into links
function quote_link($match) {
$query = "SELECT post_id FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
$row_count = pg_num_rows($result);
pg_free_result($result);
if($row_count > 0)
return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
else
return "<del>{$match[0]}</del>";
} }
// Prints the post list // Add post to database
function show_posts() { $query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; $params = [
$result = pg_query($query) or die('Query failed: ' . pg_last_error()); empty($uid) ? NULL : $uid,
empty($name) ? 'Anonymous' : htmlspecialchars($name),
// Clean up old posts empty($comment) ? NULL : htmlspecialchars($comment),
$row_count = pg_num_rows($result); empty($target) ? NULL : basename($target)
if($row_count > MAX_POSTS) { ];
for($i = 0; $i < $row_count - MAX_POSTS; $i++) { webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
$row = pg_fetch_array($result); pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
cleanup($row['post_id']);
} return ""; // Success, no error
} }
// Print posts // Regex callback, makes >>quotes into links
$show_delete = FALSE; function quote_link($match) {
echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">'; $query = "SELECT post_id FROM posts WHERE post_id=$1";
while ($row = pg_fetch_array($result)) { $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
echo "<fieldset id=\"p{$row['post_id']}\">"; $row_count = pg_num_rows($result);
pg_free_result($result);
if($row_count > 0)
return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
else
return "<del>{$match[0]}</del>";
}
echo '<legend>'; // Prints the post list
if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) { function show_posts() {
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> '; $query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
$show_delete = TRUE; $result = pg_query($query) or die('Query failed: ' . pg_last_error());
}
echo "<strong>{$row['name']}</strong> {$row['post_time']} "; // Clean up old posts
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>"; $row_count = pg_num_rows($result);
echo '</legend>'; if($row_count > MAX_POSTS) {
for($i = 0; $i < $row_count - MAX_POSTS; $i++) {
if(!empty($row['img'])){ $row = pg_fetch_array($result);
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">'; cleanup($row['post_id']);
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />'; }
echo '</a>'; }
}
// Process quotes, links, and newlines // Print posts
if(!empty($row['comment'])) { $show_delete = FALSE;
$comment = $row['comment']; echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">';
$comment = preg_replace('/^>[^>].*/m', '<strong>$0</strong>', $comment); while ($row = pg_fetch_array($result)) {
$comment = preg_replace('/https?:\/\/[^\s]+/m', '<a href="$0">$0</a>', $comment); echo "<fieldset id=\"p{$row['post_id']}\">";
$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
$comment = str_replace("\n", "<br />", $comment);
echo "<p>$comment</p>";
}
echo '</fieldset>'; echo '<legend>';
if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
$show_delete = TRUE;
}
echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
echo '</legend>';
if(!empty($row['img'])){
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />';
echo '</a>';
} }
pg_free_result($result); // Process quotes, links, and newlines
if(!empty($row['comment'])) {
$comment = $row['comment'];
$comment = preg_replace('/^>[^>].*/m', '<strong>$0</strong>', $comment);
$comment = preg_replace('/https?:\/\/[^\s]+/m', '<a href="$0">$0</a>', $comment);
$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
$comment = str_replace("\n", "<br />", $comment);
echo "<p>$comment</p>";
}
if($show_delete) echo '</fieldset>';
echo '<p><input type="submit" name="submit" value="Delete" /></p>';
echo '</form>';
} }
// Removes a post from the database and its image pg_free_result($result);
function cleanup($id, $force = FALSE) {
$query = "SELECT user_id, img FROM posts WHERE post_id=$1"; if($show_delete)
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); echo '<p><input type="submit" name="submit" value="Delete" /></p>';
$row = pg_fetch_array($result); echo '</form>';
pg_free_result($result); }
if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
unlink(UPLOAD_PATH . $row['img']); // Removes a post from the database and its image
$query = "DELETE FROM posts WHERE post_id=$1"; function cleanup($id, $force = FALSE) {
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); $query = "SELECT user_id, img FROM posts WHERE post_id=$1";
} $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
$row = pg_fetch_array($result);
pg_free_result($result);
if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
unlink(UPLOAD_PATH . $row['img']);
$query = "DELETE FROM posts WHERE post_id=$1";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
} }
}
// Sends a webhook to Discord // Sends a webhook to Discord
function webhook($name, $message, $img) { function webhook($name, $message, $img) {
if(empty(DISCORD_WEBHOOK)) if(empty(DISCORD_WEBHOOK))
return; return;
$data = [ $data = [
'username' => $name, 'username' => $name,
'embeds' => [ 'embeds' => [
[ [
'title' => "New Post", 'title' => "New Post",
'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom',
'description' => $message, 'description' => $message,
'image' => [ 'image' => [
'url' => $img 'url' => $img
]
] ]
] ]
]; ]
];
$curl = curl_init(DISCORD_WEBHOOK);
curl_setopt($curl, CURLOPT_HEADER, false); $curl = curl_init(DISCORD_WEBHOOK);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($curl, CURLOPT_POST, true);
curl_exec($curl); curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_exec($curl);
curl_close($curl); $status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($status != 204) curl_close($curl);
die("Error: Sending webhook failed with status $status."); if($status != 204)
} die("Error: Sending webhook failed with status $status.");
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>BBS | ピケ.コム</title>
</head>
<body>
<p>
[<a href="#bottom">bottom</a>]
</p>
<?php
// Connect to the database // Connect to the database
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD") $dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
or die('Could not connect: ' . pg_last_error()); or die('Could not connect: ' . pg_last_error());

Write Preview
Loading…
Cancel
Save