bbs.php

@@ -1,5 +1,5 @@
 <?php /*
-	Copyright © 2021-2022 Pk11
+	Copyright © 2022 Pk11
 
 	Permission is hereby granted, free of charge, to any person obtaining a
 	copy of this software and associated documentation files (the “Software”),
@@ -20,23 +20,20 @@
 	DEALINGS IN THE SOFTWARE.
 */ ?>
 
-<!DOCTYPE html>
+<!DOCTYPE html
-<html lang="en">
+	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
-	<meta charset="utf-8">
+	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
-	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<meta name="viewport" content="width=device-width, initial-scale=1" />
 
 	<title>BBS | ピケ.コム</title>
-
-	<style>
-		.error {
-			color: red;
-		}
-	</style>
 </head>
 <body>
-	<main>
+	<p>
 		[<a href="#bottom">bottom</a>]
+	</p>
 	<?php
 		function post($name, $comment, $img, $save_cookie) {
 			$extensions = [
@@ -83,8 +80,8 @@
 			$query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)";
 			$params = [
 				empty($pid) ? NULL : $pid,
-					empty($name) ? 'Anonymous' : $name,
+				empty($name) ? 'Anonymous' : htmlspecialchars($name),
-					empty($comment) ? NULL : $comment,
+				empty($comment) ? NULL : htmlspecialchars($comment),
 				empty($target) ? NULL : basename($target)
 			];
 			webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
@@ -101,7 +98,7 @@
 			if($row_count > 0)
 				return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
 			else
-					return "<s>{$match[0]}</s>";
+				return "<del>{$match[0]}</del>";
 		}
 
 		function show_posts() {
@@ -123,25 +120,26 @@
 
 				echo '<legend>';
 				if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID)
-						echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '"> ';
+					echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
-					echo "<b>{$row['name']}</b> <datetime>{$row['post_time']}</datetime> ";
+				echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
 				echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
 				echo '</legend>';
 
 				if($row['img']){
 					echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
-						echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '">';
+					echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />';
 					echo '</a>';
 				}
 
 				$comment = $row['comment'];
-					$comment = str_replace("\n", "<br>", $comment);
+				$comment = preg_replace('/^>[^>].*/m', "<strong>$0</strong>", $comment);
 				$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
+				$comment = str_replace("\n", "<br />", $comment);
 				echo "<p>$comment</p>";
 
 				echo '</fieldset>';
 			}
-				echo '<input type="submit" name="submit" value="Delete">';
+			echo '<input type="submit" name="submit" value="Delete" />';
 			echo '</form>';
 		}
 
@@ -216,27 +214,34 @@
 	?>
 
 	<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#bottom">
-			<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>">
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
 		<fieldset id="bottom">
 			<legend>New Post</legend>
 			
-				<label for="name">Name:</label>
+			<table>
-				<input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" placeholder="Anonymous"><br>
+				<tr>
-
+					<td><label for="name">Name:</label></td>
-				<label for="comment">Comment:</label>
+					<td><input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" /></td>
-				<textarea id="comment" name="comment"><?php if(!empty($err)) echo $comment; ?></textarea><br>
+				</tr>
-
+				<tr>
-				<label for="img">Image:</label>
+					<td><label for="comment">Comment:</label></td>
-				<input type="file" id="img" name="img"><br>
+					<td><textarea id="comment" name="comment" rows="10" cols="40"><?php if(!empty($err)) echo $comment; ?></textarea></td>
-
+				</tr>
-				<label for="save-cookie">Save cookie:</label>
+				<tr>
-				<input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?>>
+					<td><label for="img">Image:</label></td>
-				(Allows deleting your own posts)
+					<td><input type="file" id="img" name="img" /></td>
-				<br>
+				</tr>
-
+				<tr>
-				<input type="submit" value="Post" name="submit">
+					<td><label for="save-cookie">Save cookie:</label></td>
-
+					<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
-				<div class="error"><?php if(!empty($err)) echo "<br><p>$err</p>"; ?></div>
+				</tr>
+				<tr>
+					<td></td>
+					<td><input type="submit" value="Post" name="submit" /></td>
+				</tr>
+			</table>
+
+			<?php if(!empty($err)) echo "<br /><strong>$err</strong>"; ?>
 		</fieldset>
 	</form>
 
@@ -244,9 +249,14 @@
 		Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted.
 	</p>
 
+	<p>
 		[<a href="#top">top</a>] [<a href="javascript:window.location.reload();">reload</a>]
-	</main>
+	</p>
 
-	<?php require_once('footer.php'); ?>
+	<p>
+		<a href="http://validator.w3.org/check?uri=<?php echo urlencode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); ?>" target="_blank">
+			<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" />
+	</a>
+	</p>
 </body>
 </html>