bbs.php

@@ -1,5 +1,5 @@
 <?php /*
-	Copyright © 2022 Pk11
+	Copyright © 2021-2022 Pk11
 
 	Permission is hereby granted, free of charge, to any person obtaining a
 	copy of this software and associated documentation files (the “Software”),
@@ -34,6 +34,7 @@
 	<p>
 		[<a href="#bottom">bottom</a>]
 	</p>
+
 	<?php
 		function post($name, $comment, $img, $save_cookie) {
 			$extensions = [
@@ -69,17 +70,17 @@
 				return 'You must include an image and/or a comment';
 
 			if($save_cookie) {
-				$pid = $_COOKIE['pid'];
-				if(empty($pid)) {
-					$pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT);
-					setcookie("pid", $pid, 0x7FFFFFFF);
+				$uid = $_COOKIE['uid'];
+				if(empty($uid)) {
+					$uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT);
+					setcookie("uid", $uid, 0x7FFFFFFF);
 				}
 			}
 
 			// Add post to database
-			$query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)";
+			$query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
 			$params = [
-				empty($pid) ? NULL : $pid,
+				empty($uid) ? NULL : $uid,
 				empty($name) ? 'Anonymous' : htmlspecialchars($name),
 				empty($comment) ? NULL : htmlspecialchars($comment),
 				empty($target) ? NULL : basename($target)
@@ -102,7 +103,9 @@
 		}
 
 		function show_posts() {
-			$query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
+			$show_delete = FALSE;
+
+			$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
 			$result = pg_query($query) or die('Query failed: ' . pg_last_error());
 
 			// Clean up old posts
@@ -119,8 +122,10 @@
 				echo "<fieldset id=\"p{$row['post_id']}\">";
 
 				echo '<legend>';
-				if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID)
+				if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || $_COOKIE['uid'] == ADMIN_ID) {
 					echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
+					$show_delete = TRUE;
+				}
 				echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
 				echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
 				echo '</legend>';
@@ -139,16 +144,18 @@
 
 				echo '</fieldset>';
 			}
-			echo '<input type="submit" name="submit" value="Delete" />';
+
+			if($show_delete)
+				echo '<p><input type="submit" name="submit" value="Delete" /></p>';
 			echo '</form>';
 		}
 
 		function cleanup($id, $force = FALSE) {
-			$query = "SELECT poster_id, img FROM posts WHERE post_id=$1";
+			$query = "SELECT user_id, img FROM posts WHERE post_id=$1";
 			$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
 			$row = pg_fetch_array($result);
 			pg_free_result($result);
-			if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) {
+			if($force || $row['user_id'] == $_COOKIE['uid'] || $_COOKIE['uid'] == ADMIN_ID) {
 				unlink(UPLOAD_PATH . $row['img']);
 				$query = "DELETE FROM posts WHERE post_id=$1";
 				pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
@@ -200,7 +207,7 @@
 			$save_cookie = isset($_POST['save_cookie']);
 
 			$err = post($name, $comment, $img, $save_cookie);
-		} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) {
+		} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['uid'])) {
 			foreach($_POST['delete'] as $id) {
 				cleanup($id);
 			}
@@ -233,7 +240,7 @@
 				</tr>
 				<tr>
 					<td><label for="save-cookie">Save cookie:</label></td>
-					<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
+					<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['uid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
 				</tr>
 				<tr>
 					<td></td>