42 lines
1.6 KiB
PHP
Executable File
42 lines
1.6 KiB
PHP
Executable File
<?php
|
|
//error_reporting(E_ALL);
|
|
//ini_set('display_errors', '1');
|
|
|
|
require_once ('/home/grizzly/store/comments/db.php');
|
|
|
|
function cleanText($value) {
|
|
$value = strip_tags($value);
|
|
$value = htmlentities($value, ENT_QUOTES, "UTF-8");
|
|
$value = trim($value);
|
|
$value = stripslashes($value);
|
|
$value = strval($value);
|
|
// $value = mysql_real_escape_string($value);
|
|
return $value;
|
|
}
|
|
|
|
if(isset($_POST['save'])) {
|
|
$login_name = cleanText($_POST['login_name']);
|
|
$auth = cleanText($_POST['auth_key']);
|
|
$comment = cleanText($_POST['comment']);
|
|
$time = time();
|
|
$auth_file = "/home/" . $login_name . "/.auth_key.grizzly";
|
|
$pageUrl = "https://tilde.team/~grizzly";
|
|
|
|
if (!file_exists($auth_file) || !is_file($auth_file)) { die(header("Location: " . $pageUrl . "/?error=auth_file_not_readable")); } $auth_key = file_get_contents($auth_file);
|
|
|
|
if (cleanText($auth_key) != $auth) { die(header("Location: " . $pageUrl . "/?error=not_valid_auth_key")); }
|
|
if (strlen($comment) < 1 || strlen($login_name) < 1) { die(header("Location: " . $pageUrl . "/?error=fill_all_inputs")); }
|
|
if (strlen($comment) > 240) { die(header("Location: " . $pageUrl . "/?error=max_240_characters")); }
|
|
|
|
$query = "INSERT INTO `comments` (login_name, post_time, comment) VALUES(:login_name, :post_time, :comment)";
|
|
$stmt = $db->prepare($query);
|
|
$stmt->bindParam(':login_name', $login_name);
|
|
$stmt->bindParam(':post_time', $time);
|
|
$stmt->bindParam(':comment', $comment);
|
|
$stmt->execute();
|
|
$db = null;
|
|
|
|
header("Location: " . $pageUrl . "/?success=posted");
|
|
}
|
|
?>
|