From 2a340a8c49891eb74a5b6144f26e8c03024b39e3 Mon Sep 17 00:00:00 2001 From: Lain Iwakura Date: Thu, 24 Jul 2025 07:13:03 +0300 Subject: [PATCH] Revert "add admin" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 944f240e89c162a4fe0f4db1bd846839394a00c3. изменено: config.php --- .htaccess | 6 - README | 9 +- admin.php | 420 --------------------------------------------- admin1337.php | 420 --------------------------------------------- board.php | 4 - config.php | 6 +- config.php.example | 6 +- csrf.php | 12 -- logger.php | 16 -- styles.css | 4 +- 10 files changed, 5 insertions(+), 898 deletions(-) delete mode 100644 .htaccess delete mode 100644 admin.php delete mode 100644 admin1337.php delete mode 100644 csrf.php delete mode 100644 logger.php diff --git a/.htaccess b/.htaccess deleted file mode 100644 index 8c346de..0000000 --- a/.htaccess +++ /dev/null @@ -1,6 +0,0 @@ -RewriteEngine On - - - Order Allow,Deny - Deny from all - \ No newline at end of file diff --git a/README b/README index 9ab4394..01e661a 100644 --- a/README +++ b/README @@ -47,17 +47,10 @@ Docker установка: - Стиль 4chan/2ch - Ключ доступа для входа - Автообновление постов -- Админка для управления тредами Безопасность: - Валидация файлов - Ограничение размера - Защита от XSS - Rate limiting -- Безопасная загрузка файлов - -Админка: -- Доступ по паролю из конфига -- Удаление тредов -- Просмотр статистики -- Путь: /admin1337.php \ No newline at end of file +- Безопасная загрузка файлов \ No newline at end of file diff --git a/admin.php b/admin.php deleted file mode 100644 index 9bc93eb..0000000 --- a/admin.php +++ /dev/null @@ -1,420 +0,0 @@ - - - - - - - mkach - Админка - - - -
-

mkach - Админка

-
-
- -
- -
- -
- -
- - - setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - $db->exec('SET NAMES utf8'); -} catch (PDOException $e) { - die('Connection failed'); -} - -require_once 'logger.php'; - -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) { - $threadId = $_POST['delete_thread']; - - try { - $db->beginTransaction(); - - $stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?'); - $stmt->execute([$threadId]); - - $stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?'); - $stmt->execute([$threadId]); - - $db->commit(); - logAdminAction('DELETE_THREAD', "Thread ID: $threadId"); - $success = 'Тред успешно удален'; - } catch (PDOException $e) { - $db->rollBack(); - $error = 'Ошибка при удалении треда'; - } -} - -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) { - $postId = $_POST['delete_post']; - - if (!preg_match('/^\d{6}$/', $postId)) { - $error = 'Неверный формат номера сообщения'; - } else { - try { - $stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?'); - $stmt->execute([$postId]); - $exists = $stmt->fetchColumn(); - - if ($exists) { - $stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?'); - $stmt->execute([$postId]); - logAdminAction('DELETE_POST', "Post ID: $postId"); - $success = 'Сообщение №' . $postId . ' успешно удалено'; - } else { - $error = 'Сообщение №' . $postId . ' не найдено'; - } - } catch (PDOException $e) { - $error = 'Ошибка при удалении сообщения'; - } - } -} - -try { - $stmt = $db->prepare(' - SELECT t.*, b.name as board_name, COUNT(p.id) as post_count - FROM threads t - JOIN boards b ON t.board_id = b.board_id - LEFT JOIN posts p ON t.thread_id = p.thread_id - GROUP BY t.id - ORDER BY t.created_at DESC - '); - $stmt->execute(); - $threads = $stmt->fetchAll(PDO::FETCH_ASSOC); - - $stmt = $db->prepare(' - SELECT p.*, t.title as thread_title, b.board_id - FROM posts p - JOIN threads t ON p.thread_id = t.thread_id - JOIN boards b ON t.board_id = b.board_id - ORDER BY p.created_at DESC - LIMIT 50 - '); - $stmt->execute(); - $recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC); -} catch (PDOException $e) { - die('Database error'); -} -?> - - - - - - mkach - Админка - - - -
-
-

mkach - Админка

- -
- - -
- - - -
- - -

Управление тредами

- - - - - - - - - - - - - - - - - - - - - - - -
IDДоскаНазваниеПостовСозданДействия
// -
- - -
-
- -

Удаление сообщений

-
-
-
- - - -
-
-
- -

Последние сообщения

- - - - - - - - - - - - - - - - - - - - - -
ТредДоскаСообщениеВремя
// - 50 ? substr($message, 0, 50) . '...' : $message; - ?> -
-
- - \ No newline at end of file diff --git a/admin1337.php b/admin1337.php deleted file mode 100644 index 9bc93eb..0000000 --- a/admin1337.php +++ /dev/null @@ -1,420 +0,0 @@ - - - - - - - mkach - Админка - - - -
-

mkach - Админка

-
-
- -
- -
- -
- -
- - - setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - $db->exec('SET NAMES utf8'); -} catch (PDOException $e) { - die('Connection failed'); -} - -require_once 'logger.php'; - -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) { - $threadId = $_POST['delete_thread']; - - try { - $db->beginTransaction(); - - $stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?'); - $stmt->execute([$threadId]); - - $stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?'); - $stmt->execute([$threadId]); - - $db->commit(); - logAdminAction('DELETE_THREAD', "Thread ID: $threadId"); - $success = 'Тред успешно удален'; - } catch (PDOException $e) { - $db->rollBack(); - $error = 'Ошибка при удалении треда'; - } -} - -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) { - $postId = $_POST['delete_post']; - - if (!preg_match('/^\d{6}$/', $postId)) { - $error = 'Неверный формат номера сообщения'; - } else { - try { - $stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?'); - $stmt->execute([$postId]); - $exists = $stmt->fetchColumn(); - - if ($exists) { - $stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?'); - $stmt->execute([$postId]); - logAdminAction('DELETE_POST', "Post ID: $postId"); - $success = 'Сообщение №' . $postId . ' успешно удалено'; - } else { - $error = 'Сообщение №' . $postId . ' не найдено'; - } - } catch (PDOException $e) { - $error = 'Ошибка при удалении сообщения'; - } - } -} - -try { - $stmt = $db->prepare(' - SELECT t.*, b.name as board_name, COUNT(p.id) as post_count - FROM threads t - JOIN boards b ON t.board_id = b.board_id - LEFT JOIN posts p ON t.thread_id = p.thread_id - GROUP BY t.id - ORDER BY t.created_at DESC - '); - $stmt->execute(); - $threads = $stmt->fetchAll(PDO::FETCH_ASSOC); - - $stmt = $db->prepare(' - SELECT p.*, t.title as thread_title, b.board_id - FROM posts p - JOIN threads t ON p.thread_id = t.thread_id - JOIN boards b ON t.board_id = b.board_id - ORDER BY p.created_at DESC - LIMIT 50 - '); - $stmt->execute(); - $recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC); -} catch (PDOException $e) { - die('Database error'); -} -?> - - - - - - mkach - Админка - - - -
-
-

mkach - Админка

- -
- - -
- - - -
- - -

Управление тредами

- - - - - - - - - - - - - - - - - - - - - - - -
IDДоскаНазваниеПостовСозданДействия
// -
- - -
-
- -

Удаление сообщений

-
-
-
- - - -
-
-
- -

Последние сообщения

- - - - - - - - - - - - - - - - - - - - - -
ТредДоскаСообщениеВремя
// - 50 ? substr($message, 0, 50) . '...' : $message; - ?> -
-
- - \ No newline at end of file diff --git a/board.php b/board.php index d81a69d..5dc4fb3 100644 --- a/board.php +++ b/board.php @@ -43,10 +43,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $title = trim($_POST['title'] ?? ''); $description = trim($_POST['description'] ?? ''); - if (strlen($message) > $config['max_message_length']) { - $error = 'Сообщение слишком длинное'; - } - if ($message || $title || ($file && $file['error'] === UPLOAD_ERR_OK)) { $postId = sprintf('%06d', mt_rand(1, 999999)); diff --git a/config.php b/config.php index 5ef07b8..0299e87 100644 --- a/config.php +++ b/config.php @@ -10,11 +10,7 @@ return [ 'upload_path' => 'uploads/', 'max_file_size' => 26214400, 'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'], - 'max_message_length' => 10000, 'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК', 'logo_enabled' => true, - 'logo_text' => 'mkach', - 'admin' => [ - 'password' => 'admin1337' - ] + 'logo_text' => 'mkach' ]; \ No newline at end of file diff --git a/config.php.example b/config.php.example index 36a98b2..59fcc91 100644 --- a/config.php.example +++ b/config.php.example @@ -10,11 +10,7 @@ return [ 'upload_path' => 'uploads/', 'max_file_size' => 26214400, 'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'], - 'max_message_length' => 10000, 'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК', 'logo_enabled' => true, - 'logo_text' => 'mkach', - 'admin' => [ - 'password' => 'admin1337' - ] + 'logo_text' => 'mkach' ]; \ No newline at end of file diff --git a/csrf.php b/csrf.php deleted file mode 100644 index d0886bb..0000000 --- a/csrf.php +++ /dev/null @@ -1,12 +0,0 @@ - \ No newline at end of file diff --git a/logger.php b/logger.php deleted file mode 100644 index e8239c2..0000000 --- a/logger.php +++ /dev/null @@ -1,16 +0,0 @@ - \ No newline at end of file diff --git a/styles.css b/styles.css index b1b03d6..ef7b980 100644 --- a/styles.css +++ b/styles.css @@ -43,7 +43,7 @@ body { color: #ff6b6b; } -.boards-btn, .logout-btn, .admin-btn { +.boards-btn, .logout-btn { background: #d6daf0; border: 1px solid #b7c5d9; padding: 5px 10px; @@ -53,7 +53,7 @@ body { margin-left: 5px; } -.boards-btn:hover, .logout-btn:hover, .admin-btn:hover { +.boards-btn:hover, .logout-btn:hover { background: #e5e9f0; }