CoalfaxRevamped
/
Coalfax-Revamped
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
It's a better more secure (hopefully) coalfax, NOT MADE IN WORDPRESS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
316 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Coalfax-Revamped/submit_coalburner.php

90 lines
4.0 KiB
Raw Permalink Blame History 

  1. <?php session_start();

  2. if ($_SERVER['REQUEST_METHOD'] == 'POST') {

  3.     // Setting variables

  4.     // Change this variable to 1 to disable this submission forum, for emergencies only.

  5.     $redalert = 0;

  6. 

  7.     if ($redalert == 1) {

  8.         die("Error: Red alert is in effect, submissions are disabled, please try again later.");

  9.     } else {

  10.         // Captcha validation

  11.         include_once $_SERVER['DOCUMENT_ROOT'] . '/vendor/dapphp/securimage/securimage.php';

  12. 

  13.         $securimage = new Securimage();

  14.         if ($securimage->check($_POST['captcha_code']) == false) {

  15.             // the code was incorrect

  16.             // you should handle the error so that the form processor doesn't continue

  17.             // or you can use the following code if there is no validation or you do not know how

  18.             echo "The security code entered was incorrect.<br /><br />";

  19.             echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";

  20.             die;

  21.         }

  22. 

  23.         // Image handling

  24.         // Check if file was uploaded without errors

  25.         if (isset($_FILES["images"]) && $_FILES["images"]["error"] == 0) {

  26.             // Checks the file MIME type itself to make sure it's actually a png/jpg/jpeg

  27.             $allowed = getimagesize($_FILES["images"]["tmp_name"]);

  28.             if ($allowed['mime'] == ("image/png") ||

  29.                 $allowed['mime'] == ("image/jpg") ||

  30.                 $allowed['mime'] == ("image/jpeg")||

  31.                 $allowed['mime'] == ("image/webp")) {

  32.                 $filename = $_FILES["images"]["name"];

  33.                 $filetype = $_FILES["images"]["type"];

  34.                 $filesize = $_FILES["images"]["size"];

  35.                 $filetmp = $_FILES["images"]["tmp_name"];

  36. 

  37.                 if (file_exists("images/" . $filename)) {

  38.                     die("Error: File already exists.");

  39.                 }

  40. 

  41.                 // Verify file size - 5MB maximum

  42.                 $maxsize = 5 * 1024 * 1024;

  43.                 if ($filesize > $maxsize) {

  44.                     die("Error: File size is larger than the allowed limit.");

  45.                 }

  46.         

  47.                 // Verify MIME type of the file

  48.                 if (in_array($filetype, $allowed)) {

  49.                     move_uploaded_file($filetmp, "images/" . $filename);

  50.                     echo "Image uploaded successfully.<br /><br />";

  51.                 } else {

  52.                     echo "Error: There was a problem uploading your image. Please try again.";

  53.                 }

  54.             } else {

  55.                 echo "Error: " . $_FILES["images"]["error"];

  56.             }

  57.         }

  58. 

  59.         // Database variables

  60.         $servername = "localhost"; // Make sure to change this to the server your database is on

  61.         $username = "root";

  62.         $password = "";

  63.         $dbname = "coalfax"; // I recommend naming your database something other than this for security reasons

  64. 

  65.         // Forum handling

  66.         try {

  67.             $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);

  68.             $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

  69.             $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  70. 

  71.             $stmt = $conn->prepare("INSERT INTO coalburners (name, proofs, body, images) VALUES (:name, :proofs, :body, :images)");

  72.             $stmt->bindParam(':name', $name);

  73.             $stmt->bindParam(':proofs', $proofs);

  74.             $stmt->bindParam(':body', $body);

  75.             $stmt->bindParam(':images', $filename);

  76. 

  77.             // Converts post data from special characters if any to HTML entries.

  78.             $name = htmlspecialchars($_POST["name"], ENT_COMPAT | ENT_HTML5, "UTF-8");

  79.             $proofs = htmlspecialchars($_POST["proofs"], ENT_COMPAT | ENT_HTML5, "UTF-8");

  80.             $body = htmlspecialchars($_POST["body"], ENT_COMPAT | ENT_HTML5, "UTF-8");

  81.             $stmt->execute();

  82. 

  83.             echo "Coalburner added successfully. Click <a href='javascript:history.go(-1)'>here</a> to go back.";

  84.         } catch (PDOException $e) {

  85.             echo "Error: " . $e->getMessage();

  86.         }

  87.         $conn = null;

  88.     }

  89. }