lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
text0Nly/main/index.php
Lain Iwakura 0894483bb1
updated messages bar
2025-06-16 03:16:06 +03:00

161 lines
6.3 KiB
PHP
Raw Blame History

<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');
$config = require 'config.php';
try {
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die('Connection failed: ' . $e->getMessage());
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: index.php');
exit;
}
function is_registered($db, $username) {
$stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
$stmt->execute([$username]);
return $stmt->fetchColumn() ? true : false;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);
$signature = $_POST['signature'] ?? '';
$is_encrypted = isset($_POST['encrypted']) ? 1 : 0;
if ($username && $message) {
$stmt = $db->prepare('SELECT is_blocked FROM users WHERE username = ?');
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && $user['is_blocked']) {
$error = 'Ваш аккаунт заблокирован';
} else if (is_registered($db, $username)) {
if (!isset($_SESSION['username']) || $_SESSION['username'] !== $username) {
$error = 'Это имя занято. Войдите для отправки.';
}
}
if (empty($error)) {
try {
$stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
$stmt->execute([$username, $message, $signature, $is_encrypted]);
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
}
}
if (isset($_GET['delete']) && isset($_SESSION['is_moderator']) && $_SESSION['is_moderator']) {
$msg_id = (int)$_GET['delete'];
$db->prepare('DELETE FROM messages WHERE id = ?')->execute([$msg_id]);
header('Location: index.php');
exit;
}
try {
$stmt = $db->query('SELECT * FROM messages ORDER BY created_at DESC LIMIT 50');
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Text0Nly</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<div class="header">
<h1>Text0Nly</h1>
<div class="header-buttons">
<a href="https://git.sr.ht/~iwakuralain/text0Nly" target="_blank" class="source-btn">Source code</a>
<?php if (isset($_SESSION['username'])): ?>
<span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span>
<?php if (!empty($_SESSION['is_moderator'])): ?>
<a href="admin.php">Admin Panel</a>
<?php endif; ?>
<a href="?logout=1">Logout</a>
<?php else: ?>
<a href="login.php">Login</a>
<a href="register.php">Register</a>
<?php endif; ?>
</div>
</div>
<?php if (!empty($error)): ?>
<div class="error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<div class="messages-container" id="messages">
<?php foreach ($messages as $msg): ?>
<div class="message">
<span class="username"><?= htmlspecialchars($msg['username']) ?></span>
<?php if ($msg['is_encrypted']): ?>
<span class="encrypted">[Encrypted]</span>
<?php endif; ?>
<span class="time"><?= $msg['created_at'] ?></span>
<div class="clear"></div>
<div class="message-content"><?= nl2br(htmlspecialchars($msg['message'])) ?></div>
<?php if ($msg['signature']): ?>
<div class="signature">Signature: <?= htmlspecialchars($msg['signature']) ?></div>
<?php endif; ?>
<?php if (!empty($_SESSION['is_moderator'])): ?>
<form method="get" style="display:inline">
<input type="hidden" name="delete" value="<?= $msg['id'] ?>">
<button type="submit" class="delete-btn">удалить</button>
</form>
<?php endif; ?>
</div>
<?php endforeach; ?>
</div>
</div>
<div class="message-bar">
<form method="post" class="message-form">
<div class="message-inputs">
<input type="text" name="username" placeholder="Your username" required maxlength="50" value="<?= isset($_SESSION['username']) ? htmlspecialchars($_SESSION['username']) : '' ?>">
<textarea name="message" placeholder="Your message" required></textarea>
</div>
<div class="message-options">
<textarea name="signature" placeholder="PGP signature (optional)" class="signature-input"></textarea>
<div class="checkbox-wrapper">
<input type="checkbox" name="encrypted" id="encrypted">
<label for="encrypted">Message is encrypted</label>
</div>
<button type="submit" class="send-btn">Send</button>
</div>
</form>
</div>
<script>
setInterval(() => {
fetch(window.location.href)
.then(response => response.text())
.then(html => {
const parser = new DOMParser();
const doc = parser.parseFromString(html, 'text/html');
document.getElementById('messages').innerHTML = doc.getElementById('messages').innerHTML;
});
}, 5000);
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink