commit 0c9996065a79216c9650a963102d810b3edbc40a
Author: root <root@ctf-Q>
Date:   Sat Jan 10 00:36:22 2026 +0000

    [forum] source code

diff --git a/flag.php b/flag.php
new file mode 100644
index 0000000..4d41514
--- /dev/null
+++ b/flag.php
@@ -0,0 +1,14 @@
+<?php
+require 'includes/config.php';
+
+if (!isset($_SESSION['admin'])) {
+    http_response_code(403);
+    die("Accès interdit chenapan");
+}
+
+require 'includes/header.php';
+?>
+<h1>FLAG</h1>
+<p><?= FLAG ?></p>
+<?php
+require 'includes/footer.php';
diff --git a/includes/auth.php b/includes/auth.php
new file mode 100644
index 0000000..eddb5f9
--- /dev/null
+++ b/includes/auth.php
@@ -0,0 +1,7 @@
+<?php
+function require_admin() {
+    if (!isset($_SESSION['admin'])) {
+        http_response_code(403);
+        die("Accès interdit");
+    }
+}
diff --git a/includes/config.php b/includes/config.php
new file mode 100644
index 0000000..cdf044d
--- /dev/null
+++ b/includes/config.php
@@ -0,0 +1,16 @@
+<?php
+session_start();
+
+define('ADMIN_USER', 'fredemonetise');
+define('ADMIN_PASS', 'k2AhX[?5KX0z9J*BtP[!!2sa53Y');
+
+if (ADMIN_PASS === false || ADMIN_PASS === '') {
+  error_log('[DEVWEB] ADMIN_PASS manquant');
+  die('Configuration serveur invalide');
+}
+
+define('FLAG', '{CTFM1:0=126XBVQnuhi0O°o-x.bM][ZB1GP=&GRYc5Q}');
+
+$db = new PDO('sqlite:' . __DIR__ . '/../db/forum.sqlite');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
diff --git a/includes/footer.php b/includes/footer.php
new file mode 100644
index 0000000..308b1d0
--- /dev/null
+++ b/includes/footer.php
@@ -0,0 +1,2 @@
+</body>
+</html>
diff --git a/includes/header.php b/includes/header.php
new file mode 100644
index 0000000..61be0cb
--- /dev/null
+++ b/includes/header.php
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Mini Forum YEAH!</title>
+  <link rel="stylesheet" href="style.css">
+</head>
+<body>
+<nav>
+  <a href="index.php">Forum</a> |
+  <?php if (!isset($_SESSION['admin'])): ?>
+    <a href="login.php">Login</a> |
+  <?php else: ?>
+    <a href="flag.php">Flag</a> |
+    <a href="logout.php">Logout</a>
+  <?php endif; ?>
+</nav>
+<hr>
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..4292ab9
--- /dev/null
+++ b/index.php
@@ -0,0 +1,117 @@
+<?php
+require 'includes/config.php';
+require 'includes/header.php';
+
+$ip = $_SERVER['REMOTE_ADDR'];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+
+    $now = time();
+    $stmt = $db->prepare("SELECT last_post FROM rate_limit WHERE ip = ?");
+    $stmt->execute([$ip]);
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($row && ($now - $row['last_post']) < 60) {
+        die("Alerte au spam ! Un post par minute maximum");
+    }
+
+    if (empty($_POST['comment'])) {
+        die("On aime pas trop les muets sur ce forum deso pas deso");
+    }
+
+    $comment = trim($_POST['comment']);
+
+    $imageName = null;
+
+    if (!empty($_FILES['image']['name'])) {
+
+        if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
+            die("Ah-ah Image trop lourde (2 Mo maximum)");
+        }
+
+        $mime = mime_content_type($_FILES['image']['tmp_name']);
+        $allowedMime = ['image/png', 'image/jpeg'];
+
+        if (!in_array($mime, $allowedMime, true)) {
+            die("Format interdit (PNG / JPEG uniquement)");
+        }
+
+        $ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
+        if (!in_array($ext, ['png', 'jpeg', 'jpg'], true)) {
+            die("On accepte que les chèques ici, et les png...");
+        }
+
+        $imageName = uniqid('img_', true) . '.' . $ext;
+
+        if (!move_uploaded_file(
+            $_FILES['image']['tmp_name'],
+            __DIR__ . "/upload/images/$imageName"
+        )) {
+            die("Whoooops ! Échec de l'upload");
+        }
+    }
+
+    $stmt = $db->prepare(
+        "INSERT INTO posts (comment, image, ip) VALUES (?, ?, ?)"
+    );
+    $stmt->execute([
+        htmlspecialchars($comment, ENT_QUOTES, 'UTF-8'),
+        $imageName,
+        $ip
+    ]);
+
+    $db->prepare("REPLACE INTO rate_limit (ip, last_post) VALUES (?, ?)")
+       ->execute([$ip, $now]);
+
+    header("Location: index.php");
+    exit;
+}
+?>
+
+<h2>Nouveau post</h2>
+
+<form method="POST" enctype="multipart/form-data">
+    <textarea
+        name="comment"
+        placeholder="Balance ton comm'..."
+        required
+    ></textarea>
+
+    <input
+        type="file"
+        name="image"
+        accept=".png,.jpeg,.jpg"
+    >
+
+    <button type="submit">Poster</button>
+</form>
+
+<hr>
+
+<h2>Posts récents</h2>
+
+<?php
+$posts = $db->query("SELECT * FROM posts ORDER BY id DESC");
+foreach ($posts as $post):
+?>
+<div class="post">
+    <div class="meta">
+        IP: <?= htmlspecialchars($post['ip']) ?>
+        | <?= htmlspecialchars($post['created_at']) ?>
+    </div>
+
+    <div class="content">
+        <?= nl2br(htmlspecialchars($post['comment'])) ?>
+
+        <?php if (!empty($post['image'])): ?>
+            <img
+                src="upload/images/<?= htmlspecialchars($post['image']) ?>"
+                alt="image postée"
+            >
+        <?php endif; ?>
+    </div>
+</div>
+<?php endforeach; ?>
+
+<?php require 'includes/footer.php'; ?>
+
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..2460db2
--- /dev/null
+++ b/login.php
@@ -0,0 +1,20 @@
+<?php
+require 'includes/config.php';
+require 'includes/header.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+  if ($_POST['user'] === ADMIN_USER && $_POST['pass'] === ADMIN_PASS) {
+    $_SESSION['admin'] = true;
+    header("Location: flag.php");
+    exit;
+  }
+  echo "Hehehe bien tenté! ;) mais non";
+}
+?>
+<form method="POST">
+  <input name="user" placeholder="user">
+  <input name="pass" type="password" placeholder="password">
+  <button>Login</button>
+</form>
+
+<?php require 'includes/footer.php'; ?>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..fda681e
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,4 @@
+<?php
+session_start();
+session_destroy();
+header("Location: index.php");
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..71ec2d9
--- /dev/null
+++ b/style.css
@@ -0,0 +1,104 @@
+/* Global */
+body {
+    font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+    background: #f0f4f8;
+    color: #333;
+    margin: 0;
+    padding: 20px;
+}
+
+h1, h2 {
+    text-align: center;
+    color: #1a202c;
+}
+
+/* Navigation */
+nav {
+    text-align: center;
+    margin-bottom: 20px;
+}
+nav a {
+    text-decoration: none;
+    color: #2b6cb0;
+    font-weight: bold;
+    margin: 0 10px;
+}
+nav a:hover {
+    color: #2c5282;
+}
+
+/* Formulaire */
+form {
+    background: #fff;
+    padding: 20px;
+    max-width: 600px;
+    margin: 20px auto;
+    border-radius: 10px;
+    box-shadow: 0 5px 15px rgba(0,0,0,0.1);
+    border: 1px solid #e2e8f0;
+}
+
+textarea, input[type="file"], input[type="text"], input[type="password"] {
+    width: 100%;
+    padding: 10px;
+    margin-bottom: 15px;
+    border-radius: 6px;
+    border: 1px solid #cbd5e0;
+    font-size: 14px;
+}
+
+button {
+    background-color: #2b6cb0;
+    color: white;
+    border: none;
+    padding: 10px 15px;
+    border-radius: 6px;
+    cursor: pointer;
+    font-size: 14px;
+}
+button:hover {
+    background-color: #2c5282;
+}
+
+/* Posts */
+.post {
+    background: #fff;
+    margin: 15px auto;
+    padding: 15px;
+    border-radius: 10px;
+    max-width: 600px;
+    box-shadow: 0 3px 8px rgba(0,0,0,0.08);
+    border-left: 5px solid #2b6cb0;
+    position: relative;
+}
+
+.post.admin {
+    border-left-color: #d53f8c;
+    background: #fff0f6;
+}
+
+.post img {
+    max-width: 100%;
+    margin-top: 10px;
+    border-radius: 6px;
+}
+
+/* IP & Timestamp */
+.post .meta {
+    font-size: 12px;
+    color: #718096;
+    margin-bottom: 5px;
+}
+
+.post.admin .meta {
+    color: #97266d;
+    font-weight: bold;
+}
+
+/* Footer */
+footer {
+    text-align: center;
+    margin-top: 40px;
+    font-size: 12px;
+    color: #718096;
+}