prepare("SELECT last_post FROM rate_limit WHERE ip = ?");
$stmt->execute([$ip]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && ($now - $row['last_post']) < 60) {
die("Alerte au spam ! Un post par minute maximum");
}
if (empty($_POST['comment'])) {
die("On aime pas trop les muets sur ce forum deso pas deso");
}
$comment = trim($_POST['comment']);
$imageName = null;
if (!empty($_FILES['image']['name'])) {
if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
die("Ah-ah Image trop lourde (2 Mo maximum)");
}
$mime = mime_content_type($_FILES['image']['tmp_name']);
$allowedMime = ['image/png', 'image/jpeg'];
if (!in_array($mime, $allowedMime, true)) {
die("Format interdit (PNG / JPEG uniquement)");
}
$ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
if (!in_array($ext, ['png', 'jpeg', 'jpg'], true)) {
die("On accepte que les chèques ici, et les png...");
}
$imageName = uniqid('img_', true) . '.' . $ext;
if (!move_uploaded_file(
$_FILES['image']['tmp_name'],
__DIR__ . "/upload/images/$imageName"
)) {
die("Whoooops ! Échec de l'upload");
}
}
$stmt = $db->prepare(
"INSERT INTO posts (comment, image, ip) VALUES (?, ?, ?)"
);
$stmt->execute([
htmlspecialchars($comment, ENT_QUOTES, 'UTF-8'),
$imageName,
$ip
]);
$db->prepare("REPLACE INTO rate_limit (ip, last_post) VALUES (?, ?)")
->execute([$ip, $now]);
header("Location: index.php");
exit;
}
?>
Nouveau post
Posts récents
query("SELECT * FROM posts ORDER BY id DESC");
foreach ($posts as $post):
?>
 ?>)