It's a better more secure (hopefully) coalfax, NOT MADE IN WORDPRESS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

89 lines
4.0 KiB

<?php session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Setting variables
// Change this variable to 1 to disable this submission forum, for emergencies only.
$redalert = 0;
if ($redalert == 1) {
die("Error: Red alert is in effect, submissions are disabled, please try again later.");
} else {
// Captcha validation
include_once $_SERVER['DOCUMENT_ROOT'] . '/vendor/dapphp/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
die;
}
// Image handling
// Check if file was uploaded without errors
if (isset($_FILES["images"]) && $_FILES["images"]["error"] == 0) {
// Checks the file MIME type itself to make sure it's actually a png/jpg/jpeg
$allowed = getimagesize($_FILES["images"]["tmp_name"]);
if ($allowed['mime'] == ("image/png") ||
$allowed['mime'] == ("image/jpg") ||
$allowed['mime'] == ("image/jpeg")||
$allowed['mime'] == ("image/webp")) {
$filename = $_FILES["images"]["name"];
$filetype = $_FILES["images"]["type"];
$filesize = $_FILES["images"]["size"];
$filetmp = $_FILES["images"]["tmp_name"];
if (file_exists("images/" . $filename)) {
die("Error: File already exists.");
}
// Verify file size - 5MB maximum
$maxsize = 5 * 1024 * 1024;
if ($filesize > $maxsize) {
die("Error: File size is larger than the allowed limit.");
}
// Verify MIME type of the file
if (in_array($filetype, $allowed)) {
move_uploaded_file($filetmp, "images/" . $filename);
echo "Image uploaded successfully.<br /><br />";
} else {
echo "Error: There was a problem uploading your image. Please try again.";
}
} else {
echo "Error: " . $_FILES["images"]["error"];
}
}
// Database variables
$servername = "localhost"; // Make sure to change this to the server your database is on
$username = "root";
$password = "";
$dbname = "coalfax"; // I recommend naming your database something other than this for security reasons
// Forum handling
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("INSERT INTO coalburners (name, proofs, body, images) VALUES (:name, :proofs, :body, :images)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':proofs', $proofs);
$stmt->bindParam(':body', $body);
$stmt->bindParam(':images', $filename);
// Converts post data from special characters if any to HTML entries.
$name = htmlspecialchars($_POST["name"], ENT_COMPAT | ENT_HTML5, "UTF-8");
$proofs = htmlspecialchars($_POST["proofs"], ENT_COMPAT | ENT_HTML5, "UTF-8");
$body = htmlspecialchars($_POST["body"], ENT_COMPAT | ENT_HTML5, "UTF-8");
$stmt->execute();
echo "Coalburner added successfully. Click <a href='javascript:history.go(-1)'>here</a> to go back.";
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null;
}
}