<?php session_start();
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
// Setting variables
|
|
// Change this variable to 1 to disable this submission forum, for emergencies only.
|
|
$redalert = 0;
|
|
|
|
if ($redalert == 1) {
|
|
die("Error: Red alert is in effect, submissions are disabled, please try again later.");
|
|
} else {
|
|
// Captcha validation
|
|
include_once $_SERVER['DOCUMENT_ROOT'] . '/vendor/dapphp/securimage/securimage.php';
|
|
|
|
$securimage = new Securimage();
|
|
if ($securimage->check($_POST['captcha_code']) == false) {
|
|
// the code was incorrect
|
|
// you should handle the error so that the form processor doesn't continue
|
|
// or you can use the following code if there is no validation or you do not know how
|
|
echo "The security code entered was incorrect.<br /><br />";
|
|
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
|
|
die;
|
|
}
|
|
|
|
// Image handling
|
|
// Check if file was uploaded without errors
|
|
if (isset($_FILES["images"]) && $_FILES["images"]["error"] == 0) {
|
|
// Checks the file MIME type itself to make sure it's actually a png/jpg/jpeg
|
|
$allowed = getimagesize($_FILES["images"]["tmp_name"]);
|
|
if ($allowed['mime'] == ("image/png") ||
|
|
$allowed['mime'] == ("image/jpg") ||
|
|
$allowed['mime'] == ("image/jpeg")||
|
|
$allowed['mime'] == ("image/webp")) {
|
|
$filename = $_FILES["images"]["name"];
|
|
$filetype = $_FILES["images"]["type"];
|
|
$filesize = $_FILES["images"]["size"];
|
|
$filetmp = $_FILES["images"]["tmp_name"];
|
|
|
|
if (file_exists("images/" . $filename)) {
|
|
die("Error: File already exists.");
|
|
}
|
|
|
|
// Verify file size - 5MB maximum
|
|
$maxsize = 5 * 1024 * 1024;
|
|
if ($filesize > $maxsize) {
|
|
die("Error: File size is larger than the allowed limit.");
|
|
}
|
|
|
|
// Verify MIME type of the file
|
|
if (in_array($filetype, $allowed)) {
|
|
move_uploaded_file($filetmp, "images/" . $filename);
|
|
echo "Image uploaded successfully.<br /><br />";
|
|
} else {
|
|
echo "Error: There was a problem uploading your image. Please try again.";
|
|
}
|
|
} else {
|
|
echo "Error: " . $_FILES["images"]["error"];
|
|
}
|
|
}
|
|
|
|
// Database variables
|
|
$servername = "localhost"; // Make sure to change this to the server your database is on
|
|
$username = "root";
|
|
$password = "";
|
|
$dbname = "coalfax"; // I recommend naming your database something other than this for security reasons
|
|
|
|
// Forum handling
|
|
try {
|
|
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
|
|
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
|
|
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
$stmt = $conn->prepare("INSERT INTO coalburners (name, proofs, body, images) VALUES (:name, :proofs, :body, :images)");
|
|
$stmt->bindParam(':name', $name);
|
|
$stmt->bindParam(':proofs', $proofs);
|
|
$stmt->bindParam(':body', $body);
|
|
$stmt->bindParam(':images', $filename);
|
|
|
|
// Converts post data from special characters if any to HTML entries.
|
|
$name = htmlspecialchars($_POST["name"], ENT_COMPAT | ENT_HTML5, "UTF-8");
|
|
$proofs = htmlspecialchars($_POST["proofs"], ENT_COMPAT | ENT_HTML5, "UTF-8");
|
|
$body = htmlspecialchars($_POST["body"], ENT_COMPAT | ENT_HTML5, "UTF-8");
|
|
$stmt->execute();
|
|
|
|
echo "Coalburner added successfully. Click <a href='javascript:history.go(-1)'>here</a> to go back.";
|
|
} catch (PDOException $e) {
|
|
echo "Error: " . $e->getMessage();
|
|
}
|
|
$conn = null;
|
|
}
|
|
}
|