forked from piqah/DevWeb
118 lines
2.8 KiB
PHP
118 lines
2.8 KiB
PHP
<?php
|
|
require 'includes/config.php';
|
|
require 'includes/header.php';
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
|
|
$now = time();
|
|
$stmt = $db->prepare("SELECT last_post FROM rate_limit WHERE ip = ?");
|
|
$stmt->execute([$ip]);
|
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($row && ($now - $row['last_post']) < 60) {
|
|
die("Alerte au spam ! Un post par minute maximum");
|
|
}
|
|
|
|
if (empty($_POST['comment'])) {
|
|
die("On aime pas trop les muets sur ce forum deso pas deso");
|
|
}
|
|
|
|
$comment = trim($_POST['comment']);
|
|
|
|
$imageName = null;
|
|
|
|
if (!empty($_FILES['image']['name'])) {
|
|
|
|
if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
|
|
die("Ah-ah Image trop lourde (2 Mo maximum)");
|
|
}
|
|
|
|
$mime = mime_content_type($_FILES['image']['tmp_name']);
|
|
$allowedMime = ['image/png', 'image/jpeg'];
|
|
|
|
if (!in_array($mime, $allowedMime, true)) {
|
|
die("Format interdit (PNG / JPEG uniquement)");
|
|
}
|
|
|
|
$ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
|
|
if (!in_array($ext, ['png', 'jpeg', 'jpg'], true)) {
|
|
die("On accepte que les chèques ici, et les png...");
|
|
}
|
|
|
|
$imageName = uniqid('img_', true) . '.' . $ext;
|
|
|
|
if (!move_uploaded_file(
|
|
$_FILES['image']['tmp_name'],
|
|
__DIR__ . "/upload/images/$imageName"
|
|
)) {
|
|
die("Whoooops ! Échec de l'upload");
|
|
}
|
|
}
|
|
|
|
$stmt = $db->prepare(
|
|
"INSERT INTO posts (comment, image, ip) VALUES (?, ?, ?)"
|
|
);
|
|
$stmt->execute([
|
|
htmlspecialchars($comment, ENT_QUOTES, 'UTF-8'),
|
|
$imageName,
|
|
$ip
|
|
]);
|
|
|
|
$db->prepare("REPLACE INTO rate_limit (ip, last_post) VALUES (?, ?)")
|
|
->execute([$ip, $now]);
|
|
|
|
header("Location: index.php");
|
|
exit;
|
|
}
|
|
?>
|
|
|
|
<h2>Nouveau post</h2>
|
|
|
|
<form method="POST" enctype="multipart/form-data">
|
|
<textarea
|
|
name="comment"
|
|
placeholder="Balance ton comm'..."
|
|
required
|
|
></textarea>
|
|
|
|
<input
|
|
type="file"
|
|
name="image"
|
|
accept=".png,.jpeg,.jpg"
|
|
>
|
|
|
|
<button type="submit">Poster</button>
|
|
</form>
|
|
|
|
<hr>
|
|
|
|
<h2>Posts récents</h2>
|
|
|
|
<?php
|
|
$posts = $db->query("SELECT * FROM posts ORDER BY id DESC");
|
|
foreach ($posts as $post):
|
|
?>
|
|
<div class="post">
|
|
<div class="meta">
|
|
IP: <?= htmlspecialchars($post['ip']) ?>
|
|
| <?= htmlspecialchars($post['created_at']) ?>
|
|
</div>
|
|
|
|
<div class="content">
|
|
<?= nl2br(htmlspecialchars($post['comment'])) ?>
|
|
|
|
<?php if (!empty($post['image'])): ?>
|
|
<img
|
|
src="upload/images/<?= htmlspecialchars($post['image']) ?>"
|
|
alt="image postée"
|
|
>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
<?php endforeach; ?>
|
|
|
|
<?php require 'includes/footer.php'; ?>
|
|
|