pk11
/
bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Browse Source
main
Pk11 3 years ago committed by GitHub
parent 189f55eae9
commit d99e1aa2be
1 changed files with 89 additions and 46 deletions
Show Stats Download Patch File Download Diff File

135
bbs.php
Unescape View File

@ -1,25 +1,60 @@
<?php /*
Copyright © 2022 Pk11
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the “Software”),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
*/ ?>
<?php
/* Copyright © 2022 Pk11
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the “Software”),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
// Return source code
if(isset($_GET['source'])) {
header("Content-Type: text/plain");
die(file_get_contents(basename($_SERVER['PHP_SELF'])));
}
/* vars.php should contain the following, but with your variables as needed:
*
* // Application constants
* define('UPLOAD_PATH', 'image/'); // Folder to save images to
* define('MAX_FILE_SIZE', 8 << 20); // Maximum image size, 8 MiB
* define('ADMIN_ID', '<SHA1 uid from your cookies>'); // uid that is able to delete anything
* define('UID_SALT', '<some string to salt uids with>');
* define('MAX_POSTS', 50); // Max posts after which old posts will be auto deleted. Only existing posts count, not manually deleted ones.
* define('DISCORD_WEBHOOK', 'https://discord.com/api/webhooks/<webhook id>/<webhook token>'); // A message will be sent to this webhook on post, for easier moderation
*
* // Database constants for PostgreSQL database
* $DB_HOST = 'localhost';
* $DB_NAME = '<db name>';
* $DB_USER = '<db role name>';
* $DB_PASSWORD = '<db role password>';
*
* You also need to make the following table:
*
* CEATE TABLE posts (
* post_id INT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
* post_time TIMESTAMPTZ NOT NULL DEFAULT NOW(),
* user_id VARCHAR(40),
* name VARCHAR(256),
* comment VARCHAR(2048),
* img VARCHAR(256)
* );
*/
require_once('vars.php');
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@ -36,6 +71,7 @@
</p>
<?php
// Adds a post to the database
function post($name, $comment, $img, $save_cookie) {
$extensions = [
'image/bmp' => '.bmp',
@ -56,13 +92,13 @@
if(!move_uploaded_file($img['tmp_name'], $target)) {
// The new image file move failed, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return 'Sorry, there was a problem uploading your image.';
return 'Unable to upload image, please contact the webmaster.';
}
}
} else {
// The new picture file is not valid, so delete the temporary file and return an error
// The image is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB.";
return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.';
}
}
@ -91,6 +127,7 @@
return ""; // Success, no error
}
// Regex callback, makes >>quotes into links
function quote_link($match) {
$query = "SELECT post_id FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
@ -102,9 +139,8 @@
return "<del>{$match[0]}</del>";
}
// Prints the post list
function show_posts() {
$show_delete = FALSE;
$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
@ -117,12 +153,14 @@
}
}
// Print posts
$show_delete = FALSE;
echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">';
while ($row = pg_fetch_array($result)) {
echo "<fieldset id=\"p{$row['post_id']}\">";
echo '<legend>';
if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || $_COOKIE['uid'] == ADMIN_ID) {
if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
$show_delete = TRUE;
}
@ -130,40 +168,50 @@
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
echo '</legend>';
if($row['img']){
if(!empty($row['img'])){
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />';
echo '</a>';
}
$comment = $row['comment'];
$comment = preg_replace('/^>[^>].*/m', '<strong>$0</strong>', $comment);
$comment = preg_replace('/https?:\/\/[^\s]+/m', '<a href="$0">$0</a>', $comment);
$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
$comment = str_replace("\n", "<br />", $comment);
echo "<p>$comment</p>";
// Process quotes, links, and newlines
if(!empty($row['comment'])) {
$comment = $row['comment'];
$comment = preg_replace('/^>[^>].*/m', '<strong>$0</strong>', $comment);
$comment = preg_replace('/https?:\/\/[^\s]+/m', '<a href="$0">$0</a>', $comment);
$comment = preg_replace_callback('/>>\s*(\d+)/', quote_link, $comment);
$comment = str_replace("\n", "<br />", $comment);
echo "<p>$comment</p>";
}
echo '</fieldset>';
}
pg_free_result($result);
if($show_delete)
echo '<p><input type="submit" name="submit" value="Delete" /></p>';
echo '</form>';
}
// Removes a post from the database and its image
function cleanup($id, $force = FALSE) {
$query = "SELECT user_id, img FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
$row = pg_fetch_array($result);
pg_free_result($result);
if($force || $row['user_id'] == $_COOKIE['uid'] || $_COOKIE['uid'] == ADMIN_ID) {
if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
unlink(UPLOAD_PATH . $row['img']);
$query = "DELETE FROM posts WHERE post_id=$1";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
}
}
// Sends a webhook to Discord
function webhook($name, $message, $img) {
if(empty(DISCORD_WEBHOOK))
return;
$data = [
'username' => $name,
'embeds' => [
@ -191,11 +239,6 @@
die("Error: Sending webhook failed with status $status.");
}
require_once('appvars.php');
require_once('connectvars.php');
$err = "";
// Connect to the database
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
or die('Could not connect: ' . pg_last_error());
@ -216,8 +259,6 @@
show_posts();
pg_free_result($result);
pg_close($dbc);
?>
@ -237,7 +278,7 @@
</tr>
<tr>
<td><label for="img">Image:</label></td>
<td><input type="file" id="img" name="img" /></td>
<td><input type="file" id="img" name="img" /> (Limit: <?php echo MAX_FILE_SIZE >> 10; ?> KiB)</td>
</tr>
<tr>
<td><label for="save-cookie">Save cookie:</label></td>
@ -254,11 +295,13 @@
</form>
<p>
Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted.
Old posts are automatically deleted once there are more than <?php echo MAX_POSTS; ?>, anything inappropriate will be deleted.
</p>
<p>
[<a href="#top">top</a>] [<a href="javascript:window.location.reload();">reload</a>]
[<a href="#top">top</a>]
[<a href="javascript:window.location.reload();">reload</a>]
[<a href="?source">source</a>]
</p>
<p>

Write Preview
Loading…
Cancel
Save