From 74cc72678e440454c78d8d50e6fd556b44b91127 Mon Sep 17 00:00:00 2001 From: Pk11 Date: Thu, 31 Mar 2022 02:12:10 -0500 Subject: [PATCH] --- bbs.php | 398 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 204 insertions(+), 194 deletions(-) diff --git a/bbs.php b/bbs.php index c5372e5..9f403db 100644 --- a/bbs.php +++ b/bbs.php @@ -1,5 +1,5 @@ - - + + - - + + BBS | ピケ.コム - - -
+

[bottom] - '.bmp', - 'image/gif' => '.gif', - 'image/jpeg' => '.jpg', - 'image/pjpeg' => '.jpg', - 'image/png' => '.png' - ]; - - // Validate and move the uploaded image file, if necessary - if(!empty($img['tmp_name'])) { - if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') - || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) - && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { - if($img['error'] == 0) { - // Move the file to the target upload folder - $target = UPLOAD_PATH . time() . $extensions[$img['type']]; - if(!move_uploaded_file($img['tmp_name'], $target)) { - // The new image file move failed, so delete the temporary file and return an error - @unlink($img['tmp_name']); - return 'Sorry, there was a problem uploading your image.'; - } +

+ '.bmp', + 'image/gif' => '.gif', + 'image/jpeg' => '.jpg', + 'image/pjpeg' => '.jpg', + 'image/png' => '.png' + ]; + + // Validate and move the uploaded image file, if necessary + if(!empty($img['tmp_name'])) { + if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') + || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) + && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { + if($img['error'] == 0) { + // Move the file to the target upload folder + $target = UPLOAD_PATH . time() . $extensions[$img['type']]; + if(!move_uploaded_file($img['tmp_name'], $target)) { + // The new image file move failed, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return 'Sorry, there was a problem uploading your image.'; } - } else { - // The new picture file is not valid, so delete the temporary file and return an error - @unlink($img['tmp_name']); - return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB."; } + } else { + // The new picture file is not valid, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB."; } + } - if(empty($comment) && empty($target)) - return 'You must include an image and/or a comment'; + if(empty($comment) && empty($target)) + return 'You must include an image and/or a comment'; - if($save_cookie) { - $pid = $_COOKIE['pid']; - if(empty($pid)) { - $pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT); - setcookie("pid", $pid, 0x7FFFFFFF); - } + if($save_cookie) { + $pid = $_COOKIE['pid']; + if(empty($pid)) { + $pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT); + setcookie("pid", $pid, 0x7FFFFFFF); } - - // Add post to database - $query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)"; - $params = [ - empty($pid) ? NULL : $pid, - empty($name) ? 'Anonymous' : $name, - empty($comment) ? NULL : $comment, - empty($target) ? NULL : basename($target) - ]; - webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation - pg_query_params($query, $params) or die('Query failed: ' . pg_last_error()); - - return ""; // Success, no error } - function quote_link($match) { - $query = "SELECT post_id FROM posts WHERE post_id=$1"; - $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); - $row_count = pg_num_rows($result); - pg_free_result($result); - if($row_count > 0) - return "{$match[0]}"; - else - return "{$match[0]}"; - } - - function show_posts() { - $query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; - $result = pg_query($query) or die('Query failed: ' . pg_last_error()); - - // Clean up old posts - $row_count = pg_num_rows($result); - if($row_count > MAX_POSTS) { - for($i = 0; $i < $row_count - MAX_POSTS; $i++) { - $row = pg_fetch_array($result); - cleanup($row['post_id']); - } - } + // Add post to database + $query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)"; + $params = [ + empty($pid) ? NULL : $pid, + empty($name) ? 'Anonymous' : htmlspecialchars($name), + empty($comment) ? NULL : htmlspecialchars($comment), + empty($target) ? NULL : basename($target) + ]; + webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation + pg_query_params($query, $params) or die('Query failed: ' . pg_last_error()); + + return ""; // Success, no error + } - echo '
'; - while ($row = pg_fetch_array($result)) { - echo "
"; - - echo ''; - if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) - echo ' '; - echo "{$row['name']} {$row['post_time']} "; - echo "#{$row['post_id']}"; - echo ''; - - if($row['img']){ - echo ''; - echo '' . $row['img'] . ''; - echo ''; - } + function quote_link($match) { + $query = "SELECT post_id FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); + $row_count = pg_num_rows($result); + pg_free_result($result); + if($row_count > 0) + return "{$match[0]}"; + else + return "{$match[0]}"; + } - $comment = $row['comment']; - $comment = str_replace("\n", "
", $comment); - $comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment); - echo "

$comment

"; + function show_posts() { + $query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; + $result = pg_query($query) or die('Query failed: ' . pg_last_error()); - echo '
'; + // Clean up old posts + $row_count = pg_num_rows($result); + if($row_count > MAX_POSTS) { + for($i = 0; $i < $row_count - MAX_POSTS; $i++) { + $row = pg_fetch_array($result); + cleanup($row['post_id']); } - echo ''; - echo '
'; } - function cleanup($id, $force = FALSE) { - $query = "SELECT poster_id, img FROM posts WHERE post_id=$1"; - $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); - $row = pg_fetch_array($result); - pg_free_result($result); - if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) { - unlink(UPLOAD_PATH . $row['img']); - $query = "DELETE FROM posts WHERE post_id=$1"; - pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + echo '
'; + while ($row = pg_fetch_array($result)) { + echo "
"; + + echo ''; + if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) + echo ' '; + echo "{$row['name']} {$row['post_time']} "; + echo "#{$row['post_id']}"; + echo ''; + + if($row['img']){ + echo ''; + echo '' . $row['img'] . ''; + echo ''; } - } - function webhook($name, $message, $img) { - $data = [ - 'username' => $name, - 'embeds' => [ - [ - 'title' => "New Post", - 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', - 'description' => $message, - 'image' => [ - 'url' => $img - ] - ] - ] - ]; - - $curl = curl_init(DISCORD_WEBHOOK); - curl_setopt($curl, CURLOPT_HEADER, false); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); - curl_exec($curl); - $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); - curl_close($curl); - if($status != 204) - die("Error: Sending webhook failed with status $status."); - } + $comment = $row['comment']; + $comment = preg_replace('/^>[^>].*/m', "$0", $comment); + $comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment); + $comment = str_replace("\n", "
", $comment); + echo "

$comment

"; - require_once('appvars.php'); - require_once('connectvars.php'); - - $err = ""; - - // Connect to the database - $dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD") - or die('Could not connect: ' . pg_last_error()); - - if($_POST['submit'] == 'Post') { - // Grab the data from the POST - $name = trim($_POST['name']); - $comment = trim($_POST['comment']); - $img = $_FILES['img']; - $save_cookie = isset($_POST['save_cookie']); - - $err = post($name, $comment, $img, $save_cookie); - } else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) { - foreach($_POST['delete'] as $id) { - cleanup($id); - } + echo '
'; } + echo ''; + echo '
'; + } - show_posts(); - + function cleanup($id, $force = FALSE) { + $query = "SELECT poster_id, img FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + $row = pg_fetch_array($result); pg_free_result($result); + if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) { + unlink(UPLOAD_PATH . $row['img']); + $query = "DELETE FROM posts WHERE post_id=$1"; + pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + } + } - pg_close($dbc); - ?> - -
- -
- New Post - - -
- - -
+ function webhook($name, $message, $img) { + $data = [ + 'username' => $name, + 'embeds' => [ + [ + 'title' => "New Post", + 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', + 'description' => $message, + 'image' => [ + 'url' => $img + ] + ] + ] + ]; + + $curl = curl_init(DISCORD_WEBHOOK); + curl_setopt($curl, CURLOPT_HEADER, false); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); + curl_setopt($curl, CURLOPT_POST, true); + curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); + curl_exec($curl); + $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); + curl_close($curl); + if($status != 204) + die("Error: Sending webhook failed with status $status."); + } - -
+ require_once('appvars.php'); + require_once('connectvars.php'); - - > - (Allows deleting your own posts) -
+ $err = ""; - + // Connect to the database + $dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD") + or die('Could not connect: ' . pg_last_error()); -

$err

"; ?>
-
-
+ if($_POST['submit'] == 'Post') { + // Grab the data from the POST + $name = trim($_POST['name']); + $comment = trim($_POST['comment']); + $img = $_FILES['img']; + $save_cookie = isset($_POST['save_cookie']); -

- Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted. -

+ $err = post($name, $comment, $img, $save_cookie); + } else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) { + foreach($_POST['delete'] as $id) { + cleanup($id); + } + } + show_posts(); + + pg_free_result($result); + + pg_close($dbc); + ?> + +
+ +
+ New Post + + + + + + + + + + + + + + + + + + + + + + +
/> (Allows deleting your own posts)
+ + $err"; ?> +
+
+ +

+ Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted. +

+ +

[top] [reload] -

+

- +

+ + Valid XHTML 1.0 Transitional + +