setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die('Connection failed: ' . $e->getMessage());
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: index.php');
exit;
}
function is_registered($db, $username) {
$stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
$stmt->execute([$username]);
return $stmt->fetchColumn() ? true : false;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);
$signature = $_POST['signature'] ?? '';
$is_encrypted = isset($_POST['encrypted']) ? 1 : 0;
if ($username && $message) {
if (is_registered($db, $username)) {
if (!isset($_SESSION['username']) || $_SESSION['username'] !== $username) {
$error = 'Это имя занято. Войдите для отправки.';
}
}
if (empty($error)) {
try {
$stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
$stmt->execute([$username, $message, $signature, $is_encrypted]);
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
}
}
if (isset($_GET['delete']) && isset($_SESSION['is_moderator']) && $_SESSION['is_moderator']) {
$msg_id = (int)$_GET['delete'];
$db->prepare('DELETE FROM messages WHERE id = ?')->execute([$msg_id]);
header('Location: index.php');
exit;
}
try {
$stmt = $db->query('SELECT * FROM messages ORDER BY created_at DESC LIMIT 50');
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
?>
Text0Nly