From 83b80e5dbef08e6235113f3d364575e23afcf53f Mon Sep 17 00:00:00 2001 From: Pk11 Date: Thu, 31 Mar 2022 00:41:24 -0500 Subject: [PATCH] --- bbs.php | 252 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 252 insertions(+) create mode 100644 bbs.php diff --git a/bbs.php b/bbs.php new file mode 100644 index 0000000..fc3c8d4 --- /dev/null +++ b/bbs.php @@ -0,0 +1,252 @@ + + + + + + + + + BBS | ピケ.コム + + + + +
+ [bottom] + '.bmp', + 'image/gif' => '.gif', + 'image/jpeg' => '.jpg', + 'image/pjpeg' => '.jpg', + 'image/png' => '.png' + ]; + + // Validate and move the uploaded image file, if necessary + if(!empty($img['tmp_name'])) { + if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg') + || ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp')) + && ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) { + if($img['error'] == 0) { + // Move the file to the target upload folder + $target = UPLOAD_PATH . time() . $extensions[$img['type']]; + if(!move_uploaded_file($img['tmp_name'], $target)) { + // The new image file move failed, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return 'Sorry, there was a problem uploading your image.'; + } + } + } else { + // The new picture file is not valid, so delete the temporary file and return an error + @unlink($img['tmp_name']); + return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB."; + } + } + + if(empty($comment) && empty($target)) + return 'You must include an image and/or a comment'; + + if($save_cookie) { + $pid = $_COOKIE['pid']; + if(empty($pid)) { + $pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT); + setcookie("pid", $pid, 0x7FFFFFFF); + } + } + + // Add post to database + $query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)"; + $params = [ + empty($pid) ? NULL : $pid, + empty($name) ? 'Anonymous' : $name, + empty($comment) ? NULL : $comment, + empty($target) ? NULL : basename($target) + ]; + webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation + pg_query_params($query, $params) or die('Query failed: ' . pg_last_error()); + + return ""; // Success, no error + } + + function quote_link($match) { + $query = "SELECT post_id FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error()); + $row_count = pg_num_rows($result); + pg_free_result($result); + if($row_count > 0) + return "{$match[0]}"; + else + return "{$match[0]}"; + } + + function show_posts() { + $query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; + $result = pg_query($query) or die('Query failed: ' . pg_last_error()); + + // Clean up old posts + $row_count = pg_num_rows($result); + if($row_count > MAX_POSTS) { + for($i = 0; $i < $row_count - MAX_POSTS; $i++) { + $row = pg_fetch_array($result); + cleanup($row['post_id']); + } + } + + echo '
'; + while ($row = pg_fetch_array($result)) { + echo "
"; + + echo ''; + if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) + echo ' '; + echo "{$row['name']} {$row['post_time']} "; + echo "#{$row['post_id']}"; + echo ''; + + if($row['img']){ + echo ''; + echo '' . $row['img'] . ''; + echo ''; + } + + $comment = $row['comment']; + $comment = str_replace("\n", "
", $comment); + $comment = preg_replace_callback('/(?:^|
)>>\s*(\d+)/', quote_link, $comment); + echo "

$comment

"; + + echo '
'; + } + echo ''; + echo '
'; + } + + function cleanup($id, $force = FALSE) { + $query = "SELECT poster_id, img FROM posts WHERE post_id=$1"; + $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + $row = pg_fetch_array($result); + pg_free_result($result); + if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) { + unlink(UPLOAD_PATH . $row['img']); + $query = "DELETE FROM posts WHERE post_id=$1"; + pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); + } + } + + function webhook($name, $message, $img) { + $data = [ + 'username' => $name, + 'embeds' => [ + [ + 'title' => "New Post", + 'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom', + 'description' => $message, + 'image' => [ + 'url' => $img + ] + ] + ] + ]; + + $curl = curl_init(DISCORD_WEBHOOK); + curl_setopt($curl, CURLOPT_HEADER, false); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); + curl_setopt($curl, CURLOPT_POST, true); + curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data)); + curl_exec($curl); + $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); + curl_close($curl); + if($status != 204) + die("Error: Sending webhook failed with status $status."); + } + + require_once('appvars.php'); + require_once('connectvars.php'); + + $err = ""; + + // Connect to the database + $dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD") + or die('Could not connect: ' . pg_last_error()); + + if($_POST['submit'] == 'Post') { + // Grab the data from the POST + $name = trim($_POST['name']); + $comment = trim($_POST['comment']); + $img = $_FILES['img']; + $save_cookie = isset($_POST['save_cookie']); + + $err = post($name, $comment, $img, $save_cookie); + } else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) { + foreach($_POST['delete'] as $id) { + cleanup($id); + } + } + + show_posts(); + + pg_free_result($result); + + pg_close($dbc); + ?> + +
+ +
+ New Post + + +
+ + +
+ + +
+ + + > + (Allows deleting your own posts) +
+ + + +

$err

"; ?>
+
+
+ +

+ Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted. +

+ + [top] [reload] +
+ + + +