pk11
/
bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Browse Source
main
Pk11 3 years ago committed by GitHub
parent 74cc72678e
commit aba35f0fb8
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File

37
bbs.php
Unescape View File

@ -1,5 +1,5 @@
<?php /* <?php /*
Copyright © 2022 Pk11 Copyright © 2021-2022 Pk11
Permission is hereby granted, free of charge, to any person obtaining a Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the “Software”), copy of this software and associated documentation files (the “Software”),
@ -34,6 +34,7 @@
<p> <p>
[<a href="#bottom">bottom</a>] [<a href="#bottom">bottom</a>]
</p> </p>
<?php <?php
function post($name, $comment, $img, $save_cookie) { function post($name, $comment, $img, $save_cookie) {
$extensions = [ $extensions = [
@ -69,17 +70,17 @@
return 'You must include an image and/or a comment'; return 'You must include an image and/or a comment';
if($save_cookie) { if($save_cookie) {
$pid = $_COOKIE['pid']; $uid = $_COOKIE['uid'];
if(empty($pid)) { if(empty($uid)) {
$pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT); $uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT);
setcookie("pid", $pid, 0x7FFFFFFF); setcookie("uid", $uid, 0x7FFFFFFF);
} }
} }
// Add post to database // Add post to database
$query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)"; $query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$params = [ $params = [
empty($pid) ? NULL : $pid, empty($uid) ? NULL : $uid,
empty($name) ? 'Anonymous' : htmlspecialchars($name), empty($name) ? 'Anonymous' : htmlspecialchars($name),
empty($comment) ? NULL : htmlspecialchars($comment), empty($comment) ? NULL : htmlspecialchars($comment),
empty($target) ? NULL : basename($target) empty($target) ? NULL : basename($target)
@ -102,7 +103,9 @@
} }
function show_posts() { function show_posts() {
$query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts'; $show_delete = FALSE;
$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
$result = pg_query($query) or die('Query failed: ' . pg_last_error()); $result = pg_query($query) or die('Query failed: ' . pg_last_error());
// Clean up old posts // Clean up old posts
@ -119,8 +122,10 @@
echo "<fieldset id=\"p{$row['post_id']}\">"; echo "<fieldset id=\"p{$row['post_id']}\">";
echo '<legend>'; echo '<legend>';
if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || $_COOKIE['uid'] == ADMIN_ID) {
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> '; echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
$show_delete = TRUE;
}
echo "<strong>{$row['name']}</strong> {$row['post_time']} "; echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>"; echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
echo '</legend>'; echo '</legend>';
@ -139,16 +144,18 @@
echo '</fieldset>'; echo '</fieldset>';
} }
echo '<input type="submit" name="submit" value="Delete" />';
if($show_delete)
echo '<p><input type="submit" name="submit" value="Delete" /></p>';
echo '</form>'; echo '</form>';
} }
function cleanup($id, $force = FALSE) { function cleanup($id, $force = FALSE) {
$query = "SELECT poster_id, img FROM posts WHERE post_id=$1"; $query = "SELECT user_id, img FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); $result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
pg_free_result($result); pg_free_result($result);
if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) { if($force || $row['user_id'] == $_COOKIE['uid'] || $_COOKIE['uid'] == ADMIN_ID) {
unlink(UPLOAD_PATH . $row['img']); unlink(UPLOAD_PATH . $row['img']);
$query = "DELETE FROM posts WHERE post_id=$1"; $query = "DELETE FROM posts WHERE post_id=$1";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error()); pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
@ -200,7 +207,7 @@
$save_cookie = isset($_POST['save_cookie']); $save_cookie = isset($_POST['save_cookie']);
$err = post($name, $comment, $img, $save_cookie); $err = post($name, $comment, $img, $save_cookie);
} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) { } else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['uid'])) {
foreach($_POST['delete'] as $id) { foreach($_POST['delete'] as $id) {
cleanup($id); cleanup($id);
} }
@ -233,7 +240,7 @@
</tr> </tr>
<tr> <tr>
<td><label for="save-cookie">Save cookie:</label></td> <td><label for="save-cookie">Save cookie:</label></td>
<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td> <td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['uid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
</tr> </tr>
<tr> <tr>
<td></td> <td></td>
@ -256,7 +263,7 @@
<p> <p>
<a href="http://validator.w3.org/check?uri=<?php echo urlencode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); ?>" target="_blank"> <a href="http://validator.w3.org/check?uri=<?php echo urlencode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); ?>" target="_blank">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /> <img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" />
</a> </a>
</p> </p>
</body> </body>
</html> </html>

Write Preview
Loading…
Cancel
Save