You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
253 lines
8.7 KiB
253 lines
8.7 KiB
<?php /*
|
|
Copyright © 2021-2022 Pk11
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a
|
|
copy of this software and associated documentation files (the “Software”),
|
|
to deal in the Software without restriction, including without limitation
|
|
the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
and/or sell copies of the Software, and to permit persons to whom the
|
|
Software is furnished to do so, subject to the following conditions:
|
|
|
|
The above copyright notice and this permission notice shall be included in
|
|
all copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
DEALINGS IN THE SOFTWARE.
|
|
*/ ?>
|
|
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
|
|
<title>BBS | ピケ.コム</title>
|
|
|
|
<style>
|
|
.error {
|
|
color: red;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<main>
|
|
[<a href="#bottom">bottom</a>]
|
|
<?php
|
|
function post($name, $comment, $img, $save_cookie) {
|
|
$extensions = [
|
|
'image/bmp' => '.bmp',
|
|
'image/gif' => '.gif',
|
|
'image/jpeg' => '.jpg',
|
|
'image/pjpeg' => '.jpg',
|
|
'image/png' => '.png'
|
|
];
|
|
|
|
// Validate and move the uploaded image file, if necessary
|
|
if(!empty($img['tmp_name'])) {
|
|
if ((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg')
|
|
|| ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp'))
|
|
&& ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) {
|
|
if($img['error'] == 0) {
|
|
// Move the file to the target upload folder
|
|
$target = UPLOAD_PATH . time() . $extensions[$img['type']];
|
|
if(!move_uploaded_file($img['tmp_name'], $target)) {
|
|
// The new image file move failed, so delete the temporary file and return an error
|
|
@unlink($img['tmp_name']);
|
|
return 'Sorry, there was a problem uploading your image.';
|
|
}
|
|
}
|
|
} else {
|
|
// The new picture file is not valid, so delete the temporary file and return an error
|
|
@unlink($img['tmp_name']);
|
|
return "Your picture must be a PNG, GIF, JPEG, or BMP image file no greater than {MM_MAXFILESIZE >> 10} KiB.";
|
|
}
|
|
}
|
|
|
|
if(empty($comment) && empty($target))
|
|
return 'You must include an image and/or a comment';
|
|
|
|
if($save_cookie) {
|
|
$pid = $_COOKIE['pid'];
|
|
if(empty($pid)) {
|
|
$pid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . PID_SALT);
|
|
setcookie("pid", $pid, 0x7FFFFFFF);
|
|
}
|
|
}
|
|
|
|
// Add post to database
|
|
$query = "INSERT INTO posts (poster_id, name, comment, img) VALUES ($1, $2, $3, $4)";
|
|
$params = [
|
|
empty($pid) ? NULL : $pid,
|
|
empty($name) ? 'Anonymous' : $name,
|
|
empty($comment) ? NULL : $comment,
|
|
empty($target) ? NULL : basename($target)
|
|
];
|
|
webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/' . $target); // Send to discord for moderation
|
|
pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
|
|
|
|
return ""; // Success, no error
|
|
}
|
|
|
|
function quote_link($match) {
|
|
$query = "SELECT post_id FROM posts WHERE post_id=$1";
|
|
$result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
|
|
$row_count = pg_num_rows($result);
|
|
pg_free_result($result);
|
|
if($row_count > 0)
|
|
return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
|
|
else
|
|
return "<s>{$match[0]}</s>";
|
|
}
|
|
|
|
function show_posts() {
|
|
$query = 'SELECT post_id, poster_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts';
|
|
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
|
|
|
|
// Clean up old posts
|
|
$row_count = pg_num_rows($result);
|
|
if($row_count > MAX_POSTS) {
|
|
for($i = 0; $i < $row_count - MAX_POSTS; $i++) {
|
|
$row = pg_fetch_array($result);
|
|
cleanup($row['post_id']);
|
|
}
|
|
}
|
|
|
|
echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">';
|
|
while ($row = pg_fetch_array($result)) {
|
|
echo "<fieldset id=\"p{$row['post_id']}\">";
|
|
|
|
echo '<legend>';
|
|
if($row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID)
|
|
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '"> ';
|
|
echo "<b>{$row['name']}</b> <datetime>{$row['post_time']}</datetime> ";
|
|
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a>";
|
|
echo '</legend>';
|
|
|
|
if($row['img']){
|
|
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
|
|
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '">';
|
|
echo '</a>';
|
|
}
|
|
|
|
$comment = $row['comment'];
|
|
$comment = str_replace("\n", "<br>", $comment);
|
|
$comment = preg_replace_callback('/(?:^|<br>)>>\s*(\d+)/', quote_link, $comment);
|
|
echo "<p>$comment</p>";
|
|
|
|
echo '</fieldset>';
|
|
}
|
|
echo '<input type="submit" name="submit" value="Delete">';
|
|
echo '</form>';
|
|
}
|
|
|
|
function cleanup($id, $force = FALSE) {
|
|
$query = "SELECT poster_id, img FROM posts WHERE post_id=$1";
|
|
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
|
|
$row = pg_fetch_array($result);
|
|
pg_free_result($result);
|
|
if($force || $row['poster_id'] == $_COOKIE['pid'] || $_COOKIE['pid'] == ADMIN_ID) {
|
|
unlink(UPLOAD_PATH . $row['img']);
|
|
$query = "DELETE FROM posts WHERE post_id=$1";
|
|
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
|
|
}
|
|
}
|
|
|
|
function webhook($name, $message, $img) {
|
|
$data = [
|
|
'username' => $name,
|
|
'embeds' => [
|
|
[
|
|
'title' => "New Post",
|
|
'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom',
|
|
'description' => $message,
|
|
'image' => [
|
|
'url' => $img
|
|
]
|
|
]
|
|
]
|
|
];
|
|
|
|
$curl = curl_init(DISCORD_WEBHOOK);
|
|
curl_setopt($curl, CURLOPT_HEADER, false);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
|
|
curl_setopt($curl, CURLOPT_POST, true);
|
|
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
|
|
curl_exec($curl);
|
|
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
|
curl_close($curl);
|
|
if($status != 204)
|
|
die("Error: Sending webhook failed with status $status.");
|
|
}
|
|
|
|
require_once('appvars.php');
|
|
require_once('connectvars.php');
|
|
|
|
$err = "";
|
|
|
|
// Connect to the database
|
|
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
|
|
or die('Could not connect: ' . pg_last_error());
|
|
|
|
if($_POST['submit'] == 'Post') {
|
|
// Grab the data from the POST
|
|
$name = trim($_POST['name']);
|
|
$comment = trim($_POST['comment']);
|
|
$img = $_FILES['img'];
|
|
$save_cookie = isset($_POST['save_cookie']);
|
|
|
|
$err = post($name, $comment, $img, $save_cookie);
|
|
} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['pid'])) {
|
|
foreach($_POST['delete'] as $id) {
|
|
cleanup($id);
|
|
}
|
|
}
|
|
|
|
show_posts();
|
|
|
|
pg_free_result($result);
|
|
|
|
pg_close($dbc);
|
|
?>
|
|
|
|
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#bottom">
|
|
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>">
|
|
<fieldset id="bottom">
|
|
<legend>New Post</legend>
|
|
|
|
<label for="name">Name:</label>
|
|
<input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" placeholder="Anonymous"><br>
|
|
|
|
<label for="comment">Comment:</label>
|
|
<textarea id="comment" name="comment"><?php if(!empty($err)) echo $comment; ?></textarea><br>
|
|
|
|
<label for="img">Image:</label>
|
|
<input type="file" id="img" name="img"><br>
|
|
|
|
<label for="save-cookie">Save cookie:</label>
|
|
<input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['pid']) echo 'checked'; ?>>
|
|
(Allows deleting your own posts)
|
|
<br>
|
|
|
|
<input type="submit" value="Post" name="submit">
|
|
|
|
<div class="error"><?php if(!empty($err)) echo "<br><p>$err</p>"; ?></div>
|
|
</fieldset>
|
|
</form>
|
|
|
|
<p>
|
|
Old posts are automatically deleted once there are more than 50, anything inappropriate will be deleted.
|
|
</p>
|
|
|
|
[<a href="#top">top</a>] [<a href="javascript:window.location.reload();">reload</a>]
|
|
</main>
|
|
|
|
<?php require_once('footer.php'); ?>
|
|
</body>
|
|
</html>
|