forked from piqah/DevWeb
[forum] source code
This commit is contained in:
root
117
index.php
Normal file
117
index.php
Normal file
@@ -0,0 +1,117 @@
|
||||
<?php
|
||||
require 'includes/config.php';
|
||||
require 'includes/header.php';
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
$now = time();
|
||||
$stmt = $db->prepare("SELECT last_post FROM rate_limit WHERE ip = ?");
|
||||
$stmt->execute([$ip]);
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($row && ($now - $row['last_post']) < 60) {
|
||||
die("Alerte au spam ! Un post par minute maximum");
|
||||
}
|
||||
|
||||
if (empty($_POST['comment'])) {
|
||||
die("On aime pas trop les muets sur ce forum deso pas deso");
|
||||
}
|
||||
|
||||
$comment = trim($_POST['comment']);
|
||||
|
||||
$imageName = null;
|
||||
|
||||
if (!empty($_FILES['image']['name'])) {
|
||||
|
||||
if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
|
||||
die("Ah-ah Image trop lourde (2 Mo maximum)");
|
||||
}
|
||||
|
||||
$mime = mime_content_type($_FILES['image']['tmp_name']);
|
||||
$allowedMime = ['image/png', 'image/jpeg'];
|
||||
|
||||
if (!in_array($mime, $allowedMime, true)) {
|
||||
die("Format interdit (PNG / JPEG uniquement)");
|
||||
}
|
||||
|
||||
$ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
|
||||
if (!in_array($ext, ['png', 'jpeg', 'jpg'], true)) {
|
||||
die("On accepte que les chèques ici, et les png...");
|
||||
}
|
||||
|
||||
$imageName = uniqid('img_', true) . '.' . $ext;
|
||||
|
||||
if (!move_uploaded_file(
|
||||
$_FILES['image']['tmp_name'],
|
||||
__DIR__ . "/upload/images/$imageName"
|
||||
)) {
|
||||
die("Whoooops ! Échec de l'upload");
|
||||
}
|
||||
}
|
||||
|
||||
$stmt = $db->prepare(
|
||||
"INSERT INTO posts (comment, image, ip) VALUES (?, ?, ?)"
|
||||
);
|
||||
$stmt->execute([
|
||||
htmlspecialchars($comment, ENT_QUOTES, 'UTF-8'),
|
||||
$imageName,
|
||||
$ip
|
||||
]);
|
||||
|
||||
$db->prepare("REPLACE INTO rate_limit (ip, last_post) VALUES (?, ?)")
|
||||
->execute([$ip, $now]);
|
||||
|
||||
header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
||||
<h2>Nouveau post</h2>
|
||||
|
||||
<form method="POST" enctype="multipart/form-data">
|
||||
<textarea
|
||||
name="comment"
|
||||
placeholder="Balance ton comm'..."
|
||||
required
|
||||
></textarea>
|
||||
|
||||
<input
|
||||
type="file"
|
||||
name="image"
|
||||
accept=".png,.jpeg,.jpg"
|
||||
>
|
||||
|
||||
<button type="submit">Poster</button>
|
||||
</form>
|
||||
|
||||
<hr>
|
||||
|
||||
<h2>Posts récents</h2>
|
||||
|
||||
<?php
|
||||
$posts = $db->query("SELECT * FROM posts ORDER BY id DESC");
|
||||
foreach ($posts as $post):
|
||||
?>
|
||||
<div class="post">
|
||||
<div class="meta">
|
||||
IP: <?= htmlspecialchars($post['ip']) ?>
|
||||
| <?= htmlspecialchars($post['created_at']) ?>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<?= nl2br(htmlspecialchars($post['comment'])) ?>
|
||||
|
||||
<?php if (!empty($post['image'])): ?>
|
||||
<img
|
||||
src="upload/images/<?= htmlspecialchars($post['image']) ?>"
|
||||
alt="image postée"
|
||||
>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
|
||||
<?php require 'includes/footer.php'; ?>
|
||||
|
||||
Reference in New Issue
Block a user