It's a better more secure (hopefully) coalfax, NOT MADE IN WORDPRESS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

90 lines
4.0 KiB

  1. <?php session_start();
  2. if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  3. // Setting variables
  4. // Change this variable to 1 to disable this submission forum, for emergencies only.
  5. $redalert = 0;
  6. if ($redalert == 1) {
  7. die("Error: Red alert is in effect, submissions are disabled, please try again later.");
  8. } else {
  9. // Captcha validation
  10. include_once $_SERVER['DOCUMENT_ROOT'] . '/vendor/dapphp/securimage/securimage.php';
  11. $securimage = new Securimage();
  12. if ($securimage->check($_POST['captcha_code']) == false) {
  13. // the code was incorrect
  14. // you should handle the error so that the form processor doesn't continue
  15. // or you can use the following code if there is no validation or you do not know how
  16. echo "The security code entered was incorrect.<br /><br />";
  17. echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
  18. die;
  19. }
  20. // Image handling
  21. // Check if file was uploaded without errors
  22. if (isset($_FILES["images"]) && $_FILES["images"]["error"] == 0) {
  23. // Checks the file MIME type itself to make sure it's actually a png/jpg/jpeg
  24. $allowed = getimagesize($_FILES["images"]["tmp_name"]);
  25. if ($allowed['mime'] == ("image/png") ||
  26. $allowed['mime'] == ("image/jpg") ||
  27. $allowed['mime'] == ("image/jpeg")||
  28. $allowed['mime'] == ("image/webp")) {
  29. $filename = $_FILES["images"]["name"];
  30. $filetype = $_FILES["images"]["type"];
  31. $filesize = $_FILES["images"]["size"];
  32. $filetmp = $_FILES["images"]["tmp_name"];
  33. if (file_exists("images/" . $filename)) {
  34. die("Error: File already exists.");
  35. }
  36. // Verify file size - 5MB maximum
  37. $maxsize = 5 * 1024 * 1024;
  38. if ($filesize > $maxsize) {
  39. die("Error: File size is larger than the allowed limit.");
  40. }
  41. // Verify MIME type of the file
  42. if (in_array($filetype, $allowed)) {
  43. move_uploaded_file($filetmp, "images/" . $filename);
  44. echo "Image uploaded successfully.<br /><br />";
  45. } else {
  46. echo "Error: There was a problem uploading your image. Please try again.";
  47. }
  48. } else {
  49. echo "Error: " . $_FILES["images"]["error"];
  50. }
  51. }
  52. // Database variables
  53. $servername = "localhost"; // Make sure to change this to the server your database is on
  54. $username = "root";
  55. $password = "";
  56. $dbname = "coalfax"; // I recommend naming your database something other than this for security reasons
  57. // Forum handling
  58. try {
  59. $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
  60. $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  61. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  62. $stmt = $conn->prepare("INSERT INTO coalburners (name, proofs, body, images) VALUES (:name, :proofs, :body, :images)");
  63. $stmt->bindParam(':name', $name);
  64. $stmt->bindParam(':proofs', $proofs);
  65. $stmt->bindParam(':body', $body);
  66. $stmt->bindParam(':images', $filename);
  67. // Converts post data from special characters if any to HTML entries.
  68. $name = htmlspecialchars($_POST["name"], ENT_COMPAT | ENT_HTML5, "UTF-8");
  69. $proofs = htmlspecialchars($_POST["proofs"], ENT_COMPAT | ENT_HTML5, "UTF-8");
  70. $body = htmlspecialchars($_POST["body"], ENT_COMPAT | ENT_HTML5, "UTF-8");
  71. $stmt->execute();
  72. echo "Coalburner added successfully. Click <a href='javascript:history.go(-1)'>here</a> to go back.";
  73. } catch (PDOException $e) {
  74. echo "Error: " . $e->getMessage();
  75. }
  76. $conn = null;
  77. }
  78. }