pk11
/
bbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ae6f001f9f'
${ noResults }
bbs/bbs.php

325 lines
12 KiB
Raw Blame History

<?php
/* Copyright © 2022 Pk11
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the “Software”),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
// Return source code
if(isset($_GET['source'])) {
header("Content-Type: text/plain");
die(file_get_contents(basename($_SERVER['PHP_SELF'])));
}
/* vars.php should contain the following, but with your variables as needed:
*
* // Application constants
* define('UPLOAD_PATH', 'image/'); // Folder to save images to
* define('MAX_FILE_SIZE', 8 << 20); // Maximum image size, 8 MiB
* define('ADMIN_ID', '<SHA1 uid from your cookies>'); // uid that is able to delete anything
* define('UID_SALT', '<some string to salt uids with>');
* define('MAX_POSTS', 50); // Max posts after which old posts will be auto deleted. Only existing posts count, not manually deleted ones.
* define('DISCORD_WEBHOOK', 'https://discord.com/api/webhooks/<webhook id>/<webhook token>'); // A message will be sent to this webhook on post, for easier moderation
*
* // Database constants for PostgreSQL database
* $DB_HOST = 'localhost';
* $DB_NAME = '<db name>';
* $DB_USER = '<db role name>';
* $DB_PASSWORD = '<db role password>';
*
* You also need to make the following table:
*
* CEATE TABLE posts (
* post_id INT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
* post_time TIMESTAMPTZ NOT NULL DEFAULT NOW(),
* user_id VARCHAR(40),
* name VARCHAR(256),
* comment VARCHAR(2048),
* img VARCHAR(256)
* );
*/
require_once('vars.php');
//// Functions: ////
// Adds a post to the database
function post($name, $comment, $img, $save_cookie) {
$extensions = [
'image/bmp' => '.bmp',
'image/gif' => '.gif',
'image/jpeg' => '.jpg',
'image/pjpeg' => '.jpg',
'image/png' => '.png'
];
// Validate and move the uploaded image file, if necessary
if(!empty($img['tmp_name'])) {
if((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg')
|| ($img['type'] == 'image/png') || ($img['type'] == 'image/bmp'))
&& ($img['size'] > 0) && ($img['size'] <= MAX_FILE_SIZE)) {
if($img['error'] == 0) {
// Move the file to the target upload folder
$target = UPLOAD_PATH . time() . $extensions[$img['type']];
if(!move_uploaded_file($img['tmp_name'], $target)) {
// The new image file move failed, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return 'Unable to upload image, please contact the webmaster.';
}
}
} else {
// The image is not valid, so delete the temporary file and return an error
@unlink($img['tmp_name']);
return 'Your image must be a PNG, GIF, JPEG, or BMP image file no greater than ' . (MAX_FILE_SIZE >> 10) . ' KiB.';
}
}
if(strlen($comment) > 2048)
return 'Comment must be 2048 or fewer characters';
if(empty($comment) && empty($target))
return 'You must include an image and/or a comment';
if($save_cookie) {
$uid = $_COOKIE['uid'];
if(empty($uid)) {
$uid = sha1(time() . $img['tmp_name'] . $_SERVER['REMOTE_ADDR'] . UID_SALT);
setcookie("uid", $uid, 0x7FFFFFFF);
$_COOKIE['uid'] = $uid; // so that the checkbox is checked
}
}
// Add post to database
$query = "INSERT INTO posts (user_id, name, comment, img) VALUES ($1, $2, $3, $4)";
$params = [
empty($uid) ? NULL : $uid,
empty($name) ? 'Anonymous' : htmlspecialchars($name),
empty($comment) ? NULL : htmlspecialchars($comment),
empty($target) ? NULL : basename($target)
];
webhook($params[1], $params[2], 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . $target); // Send to discord for moderation
pg_query_params($query, $params) or die('Query failed: ' . pg_last_error());
return ""; // Success, no error
}
// Regex callback, makes >>quotes into links
function quote_link($match) {
$query = "SELECT post_id FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$match[1]]) or die('Query failed: ' . pg_last_error());
$row_count = pg_num_rows($result);
pg_free_result($result);
if($row_count > 0)
return "<a href=\"#p{$match[1]}\">{$match[0]}</a>";
else
return "<del>{$match[0]}</del>";
}
// Prints the post list
function show_posts() {
$query = 'SELECT post_id, user_id, name, comment, img, TO_CHAR(post_time, \'YYYY-MM-DD HH24:MI (TZ)\') AS post_time FROM posts ORDER BY posts.post_time';
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
// Clean up old posts
$row_count = pg_num_rows($result);
if($row_count > MAX_POSTS) {
for($i = 0; $i < $row_count - MAX_POSTS; $i++) {
$row = pg_fetch_array($result);
cleanup($row['post_id']);
}
}
// Print posts
$show_delete = FALSE;
echo '<form action="' . $_SERVER['PHP_SELF'] .'#bottom" method="post">';
while($row = pg_fetch_array($result)) {
echo "<fieldset id=\"p{$row['post_id']}\">";
echo '<legend>';
if((!empty($row['user_id']) && ($row['user_id'] == $_COOKIE['uid'])) || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
echo '<input type="checkbox" name="delete[]" value="' . $row['post_id'] . '" /> ';
$show_delete = TRUE;
}
echo "<strong>{$row['name']}</strong> {$row['post_time']} ";
echo "<a href=\"#p{$row['post_id']}\">#{$row['post_id']}</a> ";
// Find references
$post_id = pg_escape_string($row['post_id']);
$ref_query = "SELECT post_id FROM posts WHERE comment LIKE '%&gt;&gt;$post_id%' ORDER BY post_time";
$ref_result = pg_query_params($ref_query, []) or die('Query failed: ' . pg_last_error());
while($ref = pg_fetch_array($ref_result))
echo "<a href=\"#p{$ref['post_id']}\">&gt;&gt;{$ref['post_id']}</a> ";
echo '</legend>';
if(!empty($row['img'])){
echo '<a href="' . UPLOAD_PATH . $row['img'] . '" target="_blank">';
echo '<img src="' . UPLOAD_PATH . $row['img'] . '" alt="' . $row['img'] . '" />';
echo '</a>';
}
// Process quotes, links, and newlines
if(!empty($row['comment'])) {
$comment = $row['comment'];
$comment = preg_replace('/^&gt;(?!&gt;\d).+/m', '<strong>$0</strong>', $comment);
$comment = preg_replace('/(?:https?|mailto|tel|ftp):[^\s]+/m', '<a href="$0">$0</a>', $comment);
$comment = preg_replace_callback('/&gt;&gt;\s*(\d+)/', quote_link, $comment);
$comment = str_replace("\n", "<br />", $comment);
echo "<p>$comment</p>";
}
echo '</fieldset>';
}
pg_free_result($result);
if($show_delete)
echo '<p><input type="submit" name="submit" value="Delete" /></p>';
echo '</form>';
}
// Removes a post from the database and its image
function cleanup($id, $force = FALSE) {
$query = "SELECT user_id, img FROM posts WHERE post_id=$1";
$result = pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
$row = pg_fetch_array($result);
pg_free_result($result);
if($force || $row['user_id'] == $_COOKIE['uid'] || (!empty(ADMIN_ID) && ($_COOKIE['uid'] == ADMIN_ID))) {
unlink(UPLOAD_PATH . $row['img']);
$query = "DELETE FROM posts WHERE post_id=$1";
pg_query_params($query, [$id]) or die('Query failed: ' . pg_last_error());
}
}
// Sends a webhook to Discord
function webhook($name, $message, $img) {
if(empty(DISCORD_WEBHOOK))
return;
$data = [
'username' => $name,
'embeds' => [
[
'title' => "New Post",
'url' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '#bottom',
'description' => $message,
'image' => [
'url' => $img
]
]
]
];
$curl = curl_init(DISCORD_WEBHOOK);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if($status != 204)
die("Error: Sending webhook failed with status $status.");
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>BBS | ピケ.コム</title>
</head>
<body>
<p>
[<a href="#bottom">bottom</a>]
</p>
<?php
// Connect to the database
$dbc = pg_connect("host=$DB_HOST dbname=$DB_NAME user=$DB_USER password=$DB_PASSWORD")
or die('Could not connect: ' . pg_last_error());
if($_POST['submit'] == 'Post') {
// Grab the data from the POST
$name = trim($_POST['name']);
$comment = trim($_POST['comment']);
$img = $_FILES['img'];
$save_cookie = isset($_POST['save_cookie']);
$err = post($name, $comment, $img, $save_cookie);
} else if($_POST['submit'] == 'Delete' && !empty($_COOKIE['uid'])) {
foreach($_POST['delete'] as $id) {
cleanup($id);
}
}
show_posts();
pg_close($dbc);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>#bottom">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<fieldset id="bottom">
<legend>New Post</legend>
<table>
<tr>
<td><label for="name">Name:</label></td>
<td><input type="text" id="name" name="name" value="<?php if(!empty($err)) echo $name; ?>" /></td>
</tr>
<tr>
<td><label for="comment">Comment:</label></td>
<td><textarea id="comment" name="comment" rows="10" cols="40"><?php if(!empty($err)) echo $comment; ?></textarea></td>
</tr>
<tr>
<td><label for="img">Image:</label></td>
<td><input type="file" id="img" name="img" /> (Limit: <?php echo MAX_FILE_SIZE >> 10; ?> KiB)</td>
</tr>
<tr>
<td><label for="save-cookie">Save cookie:</label></td>
<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['uid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Post" name="submit" /></td>
</tr>
</table>
<?php if(!empty($err)) echo "<br /><strong>$err</strong>"; ?>
</fieldset>
</form>
<p>
Old posts are automatically deleted once there are more than <?php echo MAX_POSTS; ?>, anything inappropriate will be deleted.
</p>
<p>
[<a href="#top">top</a>]
[<a href="javascript:window.location.reload();">reload</a>]
[<a href="?source">source</a>]
</p>
<p>
<a href="//validator.w3.org/check?uri=<?php echo urlencode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); ?>" target="_blank">
<img src="//www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" />
</a>
</p>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink