<?php require(__DIR__ . "/../../libs/page.php"); $ref = 1732684297; function getOut($typer, $idr) { if ($typer == 'user' || $typer == 'comment') { header("Location: " . '/' . $typer . '.php?id=' . htmlspecialchars($idr)); die(); } header("Location: /"); die(); } function post_handler() { global $ref; global $username; global $db; if (!$username || !array_key_exists('post', $_POST)) { return; } $postie = $_POST['post']; $postType = (array_key_exists('type', $_POST)) ? $_POST['type'] : 'root'; $postId = (array_key_exists('id', $_POST)) ? $_POST['id'] : 'root'; if (strlen($postie) < 1 || strlen($postie) > 1024) { getOut($postType, $postId); } if (is_uploaded_file($_FILES['file']['tmp_name'])) { $fid = bin2hex(random_bytes(16)); $type = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); $type = strtolower($type); $mime = mime_content_type('test' . $type); $legal = ['png','gif','jpeg','jpg','mp4','webm','mp3','wav']; if (in_array($type, $legal)) { move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pic/' . $fid . '.' . $type); $postie .= "\nhttps://" . $_SERVER['HTTP_HOST'] . '/pic/' . $fid . '.' . $type; } } $poid = bin2hex(random_bytes(16)); $stmt = $db->prepare("SELECT * FROM comment WHERE username = ? ORDER BY date DESC"); $stmt->execute([ $username ]); $userposts = $stmt->fetchAll(PDO::FETCH_DEFAULT); if ($userposts[0]['date'] - (microtime(true) - $ref) > -3) { echo "You have been rate limited."; return; } $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)"); $stmt->execute([$username,$postType,$postId,microtime(true) - $ref,$postie,$poid]); $postieP = "https://nbg.dervland.net/comment.php?id=" . $poid; $user10 = ':system'; if ($postType == 'user') { $postie = "A user commented on your wall: " . $postieP; $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)"); $stmt->execute([$user10,'notification',$postId,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]); } elseif ($postType == 'comment') { $stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC"); $stmt->execute([ $postId ]); $posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT); $posts2 = $posts1[0]['username']; $postie = "A user replied to your post: " . $postieP; $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)"); $stmt->execute([$user10,'notification',$posts2,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]); } getOut($postType, $postId); } post_handler();