pk11
/
bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Browse Source
main
Pk11 3 years ago committed by GitHub
parent 0dda31894b
commit 74cc72678e
1 changed files with 204 additions and 194 deletions
Show Stats Download Patch File Download Diff File

398
bbs.php
Unescape View File

@ -1,5 +1,5 @@
<?php /* <?php /*
Copyright © 2021-2022 Pk11 Copyright © 2022 Pk11
Permission is hereby granted, free of charge, to any person obtaining a Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the “Software”), copy of this software and associated documentation files (the “Software”),
@ -20,233 +20,243 @@
DEALINGS IN THE SOFTWARE. DEALINGS IN THE SOFTWARE.
*/ ?> */ ?>
<!DOCTYPE html> <!DOCTYPE html
<html lang="en"> PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<meta charset="utf-8"> <meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>BBS | ピケ.コム</title> <title>BBS | ピケ.コム</title>
<style>
.error {
color: red;
}
</style>
</head> </head>
<body> <body>
<main> <p>
[<a href="#bottom">bottom</a>] [<a href="#bottom">bottom</a>]
<?php </p>
function post($name, $comment, $img, $save_cookie) { <?php
$extensions = [ function post($name, $comment, $img, $save_cookie) {
'image/bmp' => '.bmp', $extensions = [
'image/gif' => '.gif', 'image/bmp' => '.bmp',
'image/jpeg' => '.jpg', 'image/gif' => '.gif',
'image/pjpeg' => '.jpg', 'image/jpeg' => '.jpg',
'image/png' => '.png' 'image/pjpeg' => '.jpg',
]; 'image/png' => '.png'
];
// Validate and move the uploaded image file, if necessary
if(!empty($img['tmp_name'])) { // Validate and move the uploaded image file, if necessary
if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') if(!empty($img['tmp_name'])) {
|| ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg')
&& ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp'))
if($img['error'] == 0) { && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) {
// Move the file to the target upload folder if($img['error'] == 0) {
$target = UPLOAD_PATH . time() . $extensions[$img['type']]; // Move the file to the target upload folder
if(!move_uploaded_file($img['tmp_name'], $target)) { $target = UPLOAD_PATH . time() . $extensions[$img['type']];
// The new image file move failed, so delete the temporary file and return an error if(!move_uploaded_file($img['tmp_name'], $target)) {
@unlink($img['tmp_name']); // The new image file move failed, so delete the temporary file and return an error
return 'Sorry, there was a problem uploading your image.'; @unlink($img['tmp_name']);
} return 'Sorry, there was a problem uploading your image.';
} }
} else {
// The new picture file is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB.";
} }
} else {
// The new picture file is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB.";
} }
}
if(empty($comment) && empty($target)) if(empty($comment) && empty($target))
return 'You must include an image and/or a comment'; return 'You must include an image and/or a comment';
if($save_cookie) { if($save_cookie) {
$pid = $_COOKIE['pid']; $pid = $_COOKIE['pid'];
if(empty($pid)) { if(empty($pid)) {
$pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT); $pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT);
setcookie("pid", $pid, 0x7FFFFFFF); setcookie("pid", $pid, 0x7FFFFFFF);
}
} }
// Add post to database
$query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$params = [
empty($pid) ? NULL : $pid,
empty($name) ? 'Anonymous' : $name,
empty($comment) ? NULL : $comment,
empty($target) ? NULL : basename($target)
];
webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
return ""; // Success, no error
} }
function quote_link($match) { // Add post to database
$query = "SELECT post_id FROM posts WHERE post_id=$1"; $query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); $params = [
$row_count = pg_num_rows($result); empty($pid) ? NULL : $pid,
pg_free_result($result); empty($name) ? 'Anonymous' : htmlspecialchars($name),
if($row_count > 0) empty($comment) ? NULL : htmlspecialchars($comment),
return "<a href=\"#p{$match[1]}\">{$match[0]}</a>"; empty($target) ? NULL : basename($target)
else ];
return "<s>{$match[0]}</s>"; webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
} pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
function show_posts() { return ""; // Success, no error
$query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; }
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
// Clean up old posts
$row_count = pg_num_rows($result);
if($row_count > MAX_POSTS) {
for($i = 0; $i < $row_count - MAX_POSTS; $i++) {
$row = pg_fetch_array($result);
cleanup($row['post_id']);
}
}
echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">'; function quote_link($match) {
while ($row = pg_fetch_array($result)) { $query = "SELECT post_id FROM posts WHERE post_id=$1";
echo "<fieldset id=\"p{$row['post_id']}\">"; $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
$row_count = pg_num_rows($result);
echo '<legend>'; pg_free_result($result);
if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) if($row_count > 0)
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '"> '; return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
echo "<b>{$row['name']}</b> <datetime>{$row['post_time']}</datetime> "; else
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>"; return "<del>{$match[0]}</del>";
echo '</legend>'; }
if($row['img']){
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '">';
echo '</a>';
}
$comment = $row['comment']; function show_posts() {
$comment = str_replace("\n", "<br>", $comment); $query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment); $result = pg_query($query) or die('Query failed: ' . pg_last_error());
echo "<p>$comment</p>";
echo '</fieldset>'; // Clean up old posts
$row_count = pg_num_rows($result);
if($row_count > MAX_POSTS) {
for($i = 0; $i < $row_count - MAX_POSTS; $i++) {
$row = pg_fetch_array($result);
cleanup($row['post_id']);
} }
echo '<input type="submit" name="submit" value="Delete">';
echo '</form>';
} }
function cleanup($id, $force = FALSE) { echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">';
$query = "SELECT poster_id, img FROM posts WHERE post_id=$1"; while ($row = pg_fetch_array($result)) {
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); echo "<fieldset id=\"p{$row['post_id']}\">";
$row = pg_fetch_array($result);
pg_free_result($result); echo '<legend>';
if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) { if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID)
unlink(UPLOAD_PATH . $row['img']); echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
$query = "DELETE FROM posts WHERE post_id=$1"; echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
echo '</legend>';
if($row['img']){
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />';
echo '</a>';
} }
}
function webhook($name, $message, $img) { $comment = $row['comment'];
$data = [ $comment = preg_replace('/^>[^>].*/m', "<strong>$0</strong>", $comment);
'username' => $name, $comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
'embeds' => [ $comment = str_replace("\n", "<br />", $comment);
[ echo "<p>$comment</p>";
'title' => "New Post",
'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom',
'description' => $message,
'image' => [
'url' => $img
]
]
]
];
$curl = curl_init(DISCORD_WEBHOOK);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if($status != 204)
die("Error: Sending webhook failed with status $status.");
}
require_once('appvars.php'); echo '</fieldset>';
require_once('connectvars.php');
$err = "";
// Connect to the database
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
or die('Could not connect: ' . pg_last_error());
if($_POST['submit'] == 'Post') {
// Grab the data from the POST
$name = trim($_POST['name']);
$comment = trim($_POST['comment']);
$img = $_FILES['img'];
$save_cookie = isset($_POST['save_cookie']);
$err = post($name, $comment, $img, $save_cookie);
} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) {
foreach($_POST['delete'] as $id) {
cleanup($id);
}
} }
echo '<input type="submit" name="submit" value="Delete" />';
echo '</form>';
}
show_posts(); function cleanup($id, $force = FALSE) {
$query = "SELECT poster_id, img FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
$row = pg_fetch_array($result);
pg_free_result($result); pg_free_result($result);
if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) {
unlink(UPLOAD_PATH . $row['img']);
$query = "DELETE FROM posts WHERE post_id=$1";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
}
}
pg_close($dbc); function webhook($name, $message, $img) {
?> $data = [
'username' => $name,
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#bottom"> 'embeds' => [
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>"> [
<fieldset id="bottom"> 'title' => "New Post",
<legend>New Post</legend> 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom',
'description' => $message,
<label for="name">Name:</label> 'image' => [
<input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" placeholder="Anonymous"><br> 'url' => $img
]
<label for="comment">Comment:</label> ]
<textarea id="comment" name="comment"><?php if(!empty($err)) echo $comment; ?></textarea><br> ]
];
$curl = curl_init(DISCORD_WEBHOOK);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if($status != 204)
die("Error: Sending webhook failed with status $status.");
}
<label for="img">Image:</label> require_once('appvars.php');
<input type="file" id="img" name="img"><br> require_once('connectvars.php');
<label for="save-cookie">Save cookie:</label> $err = "";
<input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?>>
(Allows deleting your own posts)
<br>
<input type="submit" value="Post" name="submit"> // Connect to the database
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
or die('Could not connect: ' . pg_last_error());
<div class="error"><?php if(!empty($err)) echo "<br><p>$err</p>"; ?></div> if($_POST['submit'] == 'Post') {
</fieldset> // Grab the data from the POST
</form> $name = trim($_POST['name']);
$comment = trim($_POST['comment']);
$img = $_FILES['img'];
$save_cookie = isset($_POST['save_cookie']);
<p> $err = post($name, $comment, $img, $save_cookie);
Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted. } else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) {
</p> foreach($_POST['delete'] as $id) {
cleanup($id);
}
}
show_posts();
pg_free_result($result);
pg_close($dbc);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#bottom">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<fieldset id="bottom">
<legend>New Post</legend>
<table>
<tr>
<td><label for="name">Name:</label></td>
<td><input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" /></td>
</tr>
<tr>
<td><label for="comment">Comment:</label></td>
<td><textarea id="comment" name="comment" rows="10" cols="40"><?php if(!empty($err)) echo $comment; ?></textarea></td>
</tr>
<tr>
<td><label for="img">Image:</label></td>
<td><input type="file" id="img" name="img" /></td>
</tr>
<tr>
<td><label for="save-cookie">Save cookie:</label></td>
<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Post" name="submit" /></td>
</tr>
</table>
<?php if(!empty($err)) echo "<br /><strong>$err</strong>"; ?>
</fieldset>
</form>
<p>
Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted.
</p>
<p>
[<a href="#top">top</a>] [<a href="javascript:window.location.reload();">reload</a>] [<a href="#top">top</a>] [<a href="javascript:window.location.reload();">reload</a>]
</main> </p>
<?php require_once('footer.php'); ?> <p>
<a href="http://validator.w3.org/check?uri=<?php echo urlencode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); ?>" target="_blank">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" />
</a>
</p>
</body> </body>
</html> </html>

Write Preview
Loading…
Cancel
Save