lain/mkach
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lain:944f240e89c162a4fe0f4db1bd846839394a00c3
Branches Tags
lain:main
...
compare: lain:2a340a8c49891eb74a5b6144f26e8c03024b39e3
Branches Tags
lain:main

2 Commits
944f240e89 ... 2a340a8c49

Author SHA1 Message Date
Lain Iwakura
2a340a8c49
Revert "add admin" 
This reverts commit 944f240e89c162a4fe0f4db1bd846839394a00c3.

	изменено:      config.php
 2025-07-24 07:13:03 +03:00
Lain Iwakura
89a5905982
Revert "fix names??" 
This reverts commit 3f1633733b0091356916aac3c176c2f4537aac01.
 2025-07-24 07:12:56 +03:00
11 changed files with 14 additions and 907 deletions
Show Stats Expand all files Collapse all files

6
.htaccess
View File

@ -1,6 +0,0 @@
RewriteEngine On
<Files "admin.php">
Order Allow,Deny
Deny from all
</Files>

7
README
View File

@ -47,7 +47,6 @@ Docker установка:
- Стиль 4chan/2ch - Стиль 4chan/2ch
- Ключ доступа для входа - Ключ доступа для входа
- Автообновление постов - Автообновление постов
- Админка для управления тредами
Безопасность: Безопасность:
- Валидация файлов - Валидация файлов
@ -55,9 +54,3 @@ Docker установка:
- Защита от XSS - Защита от XSS
- Rate limiting - Rate limiting
- Безопасная загрузка файлов - Безопасная загрузка файлов
Админка:
- Доступ по паролю из конфига
- Удаление тредов
- Просмотр статистики
- Путь: /admin1337.php

420
admin.php
View File

@ -1,420 +0,0 @@
<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
$config = require 'config.php';
if (isset($_GET['logout'])) {
unset($_SESSION['admin_authenticated']);
header('Location: admin.php');
exit;
}
if (!isset($_SESSION['admin_authenticated'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
if ($password === $config['admin']['password']) {
$_SESSION['admin_authenticated'] = true;
header('Location: admin.php');
exit;
} else {
$error = 'Неверный пароль';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
font-size: 16px;
}
.container {
text-align: center;
background: rgba(0,20,0,0.8);
padding: 40px;
border: 1px solid #0f0;
border-radius: 5px;
box-shadow: 0 0 20px rgba(0,255,0,0.3);
}
h1 { margin-bottom: 30px; font-size: 2.5em; }
.form-group { margin-bottom: 20px; }
input[type="password"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px;
font-size: 18px;
width: 300px;
text-align: center;
font-family: 'Courier New', monospace;
}
input[type="password"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.5);
}
button {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px 30px;
font-size: 16px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
button:hover {
background: #0f0;
color: #000;
}
.error {
color: #f00;
margin-top: 15px;
font-size: 14px;
}
</style>
</head>
<body>
<div class="container">
<h1>mkach - Админка</h1>
<form method="post">
<div class="form-group">
<input type="password" name="password" placeholder="Введите пароль админа" required>
</div>
<button type="submit">Войти</button>
</form>
<?php if (isset($error)): ?>
<div class="error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
</div>
</body>
</html>
<?php
exit;
}
try {
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec('SET NAMES utf8');
} catch (PDOException $e) {
die('Connection failed');
}
require_once 'logger.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) {
$threadId = $_POST['delete_thread'];
try {
$db->beginTransaction();
$stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?');
$stmt->execute([$threadId]);
$stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?');
$stmt->execute([$threadId]);
$db->commit();
logAdminAction('DELETE_THREAD', "Thread ID: $threadId");
$success = 'Тред успешно удален';
} catch (PDOException $e) {
$db->rollBack();
$error = 'Ошибка при удалении треда';
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) {
$postId = $_POST['delete_post'];
if (!preg_match('/^\d{6}$/', $postId)) {
$error = 'Неверный формат номера сообщения';
} else {
try {
$stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
$exists = $stmt->fetchColumn();
if ($exists) {
$stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
logAdminAction('DELETE_POST', "Post ID: $postId");
$success = 'Сообщение №' . $postId . ' успешно удалено';
} else {
$error = 'Сообщение №' . $postId . ' не найдено';
}
} catch (PDOException $e) {
$error = 'Ошибка при удалении сообщения';
}
}
}
try {
$stmt = $db->prepare('
SELECT t.*, b.name as board_name, COUNT(p.id) as post_count
FROM threads t
JOIN boards b ON t.board_id = b.board_id
LEFT JOIN posts p ON t.thread_id = p.thread_id
GROUP BY t.id
ORDER BY t.created_at DESC
');
$stmt->execute();
$threads = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt = $db->prepare('
SELECT p.*, t.title as thread_title, b.board_id
FROM posts p
JOIN threads t ON p.thread_id = t.thread_id
JOIN boards b ON t.board_id = b.board_id
ORDER BY p.created_at DESC
LIMIT 50
');
$stmt->execute();
$recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die('Database error');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
padding: 20px;
font-size: 14px;
}
.container {
max-width: 1200px;
margin: 0 auto;
}
.header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 30px;
padding-bottom: 20px;
border-bottom: 1px solid #0f0;
}
h1 { font-size: 2em; }
.header-buttons a {
color: #0f0;
text-decoration: none;
margin-left: 20px;
padding: 10px 15px;
border: 1px solid #0f0;
transition: all 0.3s;
}
.header-buttons a:hover {
background: #0f0;
color: #000;
}
.message {
padding: 15px;
margin-bottom: 20px;
border: 1px solid;
}
.success {
background: rgba(0,255,0,0.1);
border-color: #0f0;
color: #0f0;
}
.error {
background: rgba(255,0,0,0.1);
border-color: #f00;
color: #f00;
}
.threads-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
}
.threads-table th,
.threads-table td {
padding: 10px;
text-align: left;
border-bottom: 1px solid #0f0;
}
.threads-table th {
background: rgba(0,255,0,0.1);
font-weight: bold;
}
.delete-btn {
background: #000;
border: 1px solid #f00;
color: #f00;
padding: 5px 10px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
.delete-btn:hover {
background: #f00;
color: #000;
}
.thread-title {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.thread-id {
font-family: monospace;
color: #0f0;
}
.delete-post-form {
background: rgba(0,255,0,0.05);
border: 1px solid #0f0;
padding: 20px;
margin-top: 30px;
}
.delete-post-form h2 {
margin-bottom: 20px;
color: #0f0;
}
.form-row {
display: flex;
align-items: center;
gap: 15px;
}
.form-row label {
font-weight: bold;
min-width: 150px;
}
.form-row input[type="text"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 10px;
font-family: 'Courier New', monospace;
font-size: 14px;
width: 120px;
text-align: center;
}
.form-row input[type="text"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.3);
}
.post-message {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>mkach - Админка</h1>
<div class="header-buttons">
<a href="index.php">Главная</a>
<a href="?logout=1">Выход</a>
</div>
</div>
<?php if (isset($success)): ?>
<div class="message success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<?php if (isset($error)): ?>
<div class="message error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<h2>Управление тредами</h2>
<table class="threads-table">
<thead>
<tr>
<th>ID</th>
<th>Доска</th>
<th>Название</th>
<th>Постов</th>
<th>Создан</th>
<th>Действия</th>
</tr>
</thead>
<tbody>
<?php foreach ($threads as $thread): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($thread['thread_id']) ?></td>
<td>/<?= htmlspecialchars($thread['board_id']) ?>/</td>
<td class="thread-title"><?= htmlspecialchars($thread['title'] ?? 'Без названия') ?></td>
<td><?= $thread['post_count'] ?></td>
<td><?= date('d.m.Y H:i', strtotime($thread['created_at'])) ?></td>
<td>
<form method="post" style="display: inline;" onsubmit="return confirm('Удалить тред <?= htmlspecialchars($thread['thread_id']) ?>?')">
<input type="hidden" name="delete_thread" value="<?= htmlspecialchars($thread['thread_id']) ?>">
<button type="submit" class="delete-btn">Удалить</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<h2>Удаление сообщений</h2>
<div class="delete-post-form">
<form method="post" onsubmit="return confirm('Удалить сообщение №' + document.getElementById('post_id').value + '?')">
<div class="form-row">
<label for="post_id">Номер сообщения:</label>
<input type="text" id="post_id" name="delete_post" placeholder="123456" required pattern="[0-9]{6}" title="6-значный номер сообщения">
<button type="submit" class="delete-btn">Удалить сообщение</button>
</div>
</form>
</div>
<h2>Последние сообщения</h2>
<table class="threads-table">
<thead>
<tr>
<th></th>
<th>Тред</th>
<th>Доска</th>
<th>Сообщение</th>
<th>Время</th>
</tr>
</thead>
<tbody>
<?php foreach ($recentPosts as $post): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($post['post_id']) ?></td>
<td class="thread-title"><?= htmlspecialchars($post['thread_title'] ?? 'Без названия') ?></td>
<td>/<?= htmlspecialchars($post['board_id']) ?>/</td>
<td class="post-message">
<?php
$message = htmlspecialchars($post['message'] ?? '');
echo strlen($message) > 50 ? substr($message, 0, 50) . '...' : $message;
?>
</td>
<td><?= date('d.m.Y H:i', strtotime($post['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>

420
admin1337.php
View File

@ -1,420 +0,0 @@
<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
$config = require 'config.php';
if (isset($_GET['logout'])) {
unset($_SESSION['admin_authenticated']);
header('Location: admin.php');
exit;
}
if (!isset($_SESSION['admin_authenticated'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
if ($password === $config['admin']['password']) {
$_SESSION['admin_authenticated'] = true;
header('Location: admin.php');
exit;
} else {
$error = 'Неверный пароль';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
font-size: 16px;
}
.container {
text-align: center;
background: rgba(0,20,0,0.8);
padding: 40px;
border: 1px solid #0f0;
border-radius: 5px;
box-shadow: 0 0 20px rgba(0,255,0,0.3);
}
h1 { margin-bottom: 30px; font-size: 2.5em; }
.form-group { margin-bottom: 20px; }
input[type="password"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px;
font-size: 18px;
width: 300px;
text-align: center;
font-family: 'Courier New', monospace;
}
input[type="password"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.5);
}
button {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px 30px;
font-size: 16px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
button:hover {
background: #0f0;
color: #000;
}
.error {
color: #f00;
margin-top: 15px;
font-size: 14px;
}
</style>
</head>
<body>
<div class="container">
<h1>mkach - Админка</h1>
<form method="post">
<div class="form-group">
<input type="password" name="password" placeholder="Введите пароль админа" required>
</div>
<button type="submit">Войти</button>
</form>
<?php if (isset($error)): ?>
<div class="error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
</div>
</body>
</html>
<?php
exit;
}
try {
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec('SET NAMES utf8');
} catch (PDOException $e) {
die('Connection failed');
}
require_once 'logger.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) {
$threadId = $_POST['delete_thread'];
try {
$db->beginTransaction();
$stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?');
$stmt->execute([$threadId]);
$stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?');
$stmt->execute([$threadId]);
$db->commit();
logAdminAction('DELETE_THREAD', "Thread ID: $threadId");
$success = 'Тред успешно удален';
} catch (PDOException $e) {
$db->rollBack();
$error = 'Ошибка при удалении треда';
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) {
$postId = $_POST['delete_post'];
if (!preg_match('/^\d{6}$/', $postId)) {
$error = 'Неверный формат номера сообщения';
} else {
try {
$stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
$exists = $stmt->fetchColumn();
if ($exists) {
$stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
logAdminAction('DELETE_POST', "Post ID: $postId");
$success = 'Сообщение №' . $postId . ' успешно удалено';
} else {
$error = 'Сообщение №' . $postId . ' не найдено';
}
} catch (PDOException $e) {
$error = 'Ошибка при удалении сообщения';
}
}
}
try {
$stmt = $db->prepare('
SELECT t.*, b.name as board_name, COUNT(p.id) as post_count
FROM threads t
JOIN boards b ON t.board_id = b.board_id
LEFT JOIN posts p ON t.thread_id = p.thread_id
GROUP BY t.id
ORDER BY t.created_at DESC
');
$stmt->execute();
$threads = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt = $db->prepare('
SELECT p.*, t.title as thread_title, b.board_id
FROM posts p
JOIN threads t ON p.thread_id = t.thread_id
JOIN boards b ON t.board_id = b.board_id
ORDER BY p.created_at DESC
LIMIT 50
');
$stmt->execute();
$recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die('Database error');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
padding: 20px;
font-size: 14px;
}
.container {
max-width: 1200px;
margin: 0 auto;
}
.header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 30px;
padding-bottom: 20px;
border-bottom: 1px solid #0f0;
}
h1 { font-size: 2em; }
.header-buttons a {
color: #0f0;
text-decoration: none;
margin-left: 20px;
padding: 10px 15px;
border: 1px solid #0f0;
transition: all 0.3s;
}
.header-buttons a:hover {
background: #0f0;
color: #000;
}
.message {
padding: 15px;
margin-bottom: 20px;
border: 1px solid;
}
.success {
background: rgba(0,255,0,0.1);
border-color: #0f0;
color: #0f0;
}
.error {
background: rgba(255,0,0,0.1);
border-color: #f00;
color: #f00;
}
.threads-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
}
.threads-table th,
.threads-table td {
padding: 10px;
text-align: left;
border-bottom: 1px solid #0f0;
}
.threads-table th {
background: rgba(0,255,0,0.1);
font-weight: bold;
}
.delete-btn {
background: #000;
border: 1px solid #f00;
color: #f00;
padding: 5px 10px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
.delete-btn:hover {
background: #f00;
color: #000;
}
.thread-title {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.thread-id {
font-family: monospace;
color: #0f0;
}
.delete-post-form {
background: rgba(0,255,0,0.05);
border: 1px solid #0f0;
padding: 20px;
margin-top: 30px;
}
.delete-post-form h2 {
margin-bottom: 20px;
color: #0f0;
}
.form-row {
display: flex;
align-items: center;
gap: 15px;
}
.form-row label {
font-weight: bold;
min-width: 150px;
}
.form-row input[type="text"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 10px;
font-family: 'Courier New', monospace;
font-size: 14px;
width: 120px;
text-align: center;
}
.form-row input[type="text"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.3);
}
.post-message {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>mkach - Админка</h1>
<div class="header-buttons">
<a href="index.php">Главная</a>
<a href="?logout=1">Выход</a>
</div>
</div>
<?php if (isset($success)): ?>
<div class="message success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<?php if (isset($error)): ?>
<div class="message error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<h2>Управление тредами</h2>
<table class="threads-table">
<thead>
<tr>
<th>ID</th>
<th>Доска</th>
<th>Название</th>
<th>Постов</th>
<th>Создан</th>
<th>Действия</th>
</tr>
</thead>
<tbody>
<?php foreach ($threads as $thread): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($thread['thread_id']) ?></td>
<td>/<?= htmlspecialchars($thread['board_id']) ?>/</td>
<td class="thread-title"><?= htmlspecialchars($thread['title'] ?? 'Без названия') ?></td>
<td><?= $thread['post_count'] ?></td>
<td><?= date('d.m.Y H:i', strtotime($thread['created_at'])) ?></td>
<td>
<form method="post" style="display: inline;" onsubmit="return confirm('Удалить тред <?= htmlspecialchars($thread['thread_id']) ?>?')">
<input type="hidden" name="delete_thread" value="<?= htmlspecialchars($thread['thread_id']) ?>">
<button type="submit" class="delete-btn">Удалить</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<h2>Удаление сообщений</h2>
<div class="delete-post-form">
<form method="post" onsubmit="return confirm('Удалить сообщение №' + document.getElementById('post_id').value + '?')">
<div class="form-row">
<label for="post_id">Номер сообщения:</label>
<input type="text" id="post_id" name="delete_post" placeholder="123456" required pattern="[0-9]{6}" title="6-значный номер сообщения">
<button type="submit" class="delete-btn">Удалить сообщение</button>
</div>
</form>
</div>
<h2>Последние сообщения</h2>
<table class="threads-table">
<thead>
<tr>
<th></th>
<th>Тред</th>
<th>Доска</th>
<th>Сообщение</th>
<th>Время</th>
</tr>
</thead>
<tbody>
<?php foreach ($recentPosts as $post): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($post['post_id']) ?></td>
<td class="thread-title"><?= htmlspecialchars($post['thread_title'] ?? 'Без названия') ?></td>
<td>/<?= htmlspecialchars($post['board_id']) ?>/</td>
<td class="post-message">
<?php
$message = htmlspecialchars($post['message'] ?? '');
echo strlen($message) > 50 ? substr($message, 0, 50) . '...' : $message;
?>
</td>
<td><?= date('d.m.Y H:i', strtotime($post['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>

8
board.php
View File

@ -14,8 +14,6 @@ $config = require 'config.php';
$boardId = $_GET['board'] ?? 'b'; $boardId = $_GET['board'] ?? 'b';
$threadId = isset($_GET['thread']) ? urldecode($_GET['thread']) : null; $threadId = isset($_GET['thread']) ? urldecode($_GET['thread']) : null;
try { try {
$db = new PDO( $db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}", "mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
@ -45,10 +43,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$title = trim($_POST['title'] ?? ''); $title = trim($_POST['title'] ?? '');
$description = trim($_POST['description'] ?? ''); $description = trim($_POST['description'] ?? '');
if (strlen($message) > $config['max_message_length']) {
$error = 'Сообщение слишком длинное';
}
if ($message || $title || ($file && $file['error'] === UPLOAD_ERR_OK)) { if ($message || $title || ($file && $file['error'] === UPLOAD_ERR_OK)) {
$postId = sprintf('%06d', mt_rand(1, 999999)); $postId = sprintf('%06d', mt_rand(1, 999999));
@ -130,7 +124,7 @@ if ($threadId) {
$posts = $stmt->fetchAll(PDO::FETCH_ASSOC); $posts = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (empty($posts)) { if (empty($posts)) {
header('Location: board.php?board=' . urlencode($boardId)); header('Location: board.php?board=' . $boardId);
exit; exit;
} }
} catch (PDOException $e) { } catch (PDOException $e) {

6
config.php
View File

@ -10,11 +10,7 @@ return [
'upload_path' => 'uploads/', 'upload_path' => 'uploads/',
'max_file_size' => 26214400, 'max_file_size' => 26214400,
'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'], 'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'],
'max_message_length' => 10000,
'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК', 'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК',
'logo_enabled' => true, 'logo_enabled' => true,
'logo_text' => 'mkach', 'logo_text' => 'mkach'
'admin' => [
'password' => 'admin1337'
]
]; ];

6
config.php.example
View File

@ -10,11 +10,7 @@ return [
'upload_path' => 'uploads/', 'upload_path' => 'uploads/',
'max_file_size' => 26214400, 'max_file_size' => 26214400,
'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'], 'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'],
'max_message_length' => 10000,
'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК', 'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК',
'logo_enabled' => true, 'logo_enabled' => true,
'logo_text' => 'mkach', 'logo_text' => 'mkach'
'admin' => [
'password' => 'admin1337'
]
]; ];

12
csrf.php
View File

@ -1,12 +0,0 @@
<?php
function generateCSRFToken() {
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
return $_SESSION['csrf_token'];
}
function validateCSRFToken($token) {
return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
}
?>

16
logger.php
View File

@ -1,16 +0,0 @@
<?php
function logAdminAction($action, $details = '') {
$logFile = 'logs/admin.log';
$logDir = dirname($logFile);
if (!is_dir($logDir)) {
mkdir($logDir, 0755, true);
}
$timestamp = date('Y-m-d H:i:s');
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$logEntry = "[$timestamp] [$ip] $action: $details\n";
file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
}
?>

10
newthread.php
View File

@ -96,13 +96,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
'); ');
$stmt->execute([$threadId, $boardId, $title, $description, $fileName, $fileSize, $fileType, $ip, $anonymousId]); $stmt->execute([$threadId, $boardId, $title, $description, $fileName, $fileSize, $fileType, $ip, $anonymousId]);
if ($message) {
$stmt = $db->prepare(' $stmt = $db->prepare('
INSERT INTO posts (post_id, thread_id, board_id, message, file_name, file_size, file_type, ip_address, anonymous_id) INSERT INTO posts (post_id, thread_id, board_id, message, ip_address, anonymous_id)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?)
'); ');
$stmt->execute([$postId, $threadId, $boardId, $message, $fileName, $fileSize, $fileType, $ip, $anonymousId]); $stmt->execute([$postId, $threadId, $boardId, $message, $ip, $anonymousId]);
}
header('Location: board.php?board=' . urlencode($boardId) . '&thread=' . urlencode($threadId)); header('Location: board.php?board=' . $boardId . '&thread=' . $threadId);
exit; exit;
} }
} else { } else {

4
styles.css
View File

@ -43,7 +43,7 @@ body {
color: #ff6b6b; color: #ff6b6b;
} }
.boards-btn, .logout-btn, .admin-btn { .boards-btn, .logout-btn {
background: #d6daf0; background: #d6daf0;
border: 1px solid #b7c5d9; border: 1px solid #b7c5d9;
padding: 5px 10px; padding: 5px 10px;
@ -53,7 +53,7 @@ body {
margin-left: 5px; margin-left: 5px;
} }
.boards-btn:hover, .logout-btn:hover, .admin-btn:hover { .boards-btn:hover, .logout-btn:hover {
background: #e5e9f0; background: #e5e9f0;
} }