"hide_php" にファイルをアップロード
このコミットが含まれているのは:
コミット
4f959386de
|
@ -120,8 +120,8 @@ switch ($submit){
|
|||
$limit = time() + 9999999;
|
||||
$path = '/';
|
||||
setcookie('name', $name, $limit, $path);
|
||||
setcookie('key', s_pass_e($key), $limit, $path);
|
||||
setcookie('edit_pass', s_pass_e($edit_pass), $limit, $path);
|
||||
$_SESSION['key'] = $key;
|
||||
$_SESSION['edit_pass'] = $edit_pass;
|
||||
setcookie('color', $color, $limit, $path);
|
||||
setcookie("comment:{$board}", $content, $limit, $path);
|
||||
setcookie("title:{$board}", $title, $limit, $path);
|
||||
|
@ -289,8 +289,8 @@ $output = '<p>貴方は新しくスレッドを<b class="color_bl">作成</b>し
|
|||
$limit = time() + 9990999;
|
||||
$path = '/';
|
||||
setcookie('name', $name, $limit, $path);
|
||||
setcookie('key', s_pass_e($key), $limit, $path);
|
||||
setcookie('edit_pass', s_pass_e($edit_pass), $limit, $path);
|
||||
$_SESSION['key'] = $key;
|
||||
$_SESSION['edit_pass'] = $edit_pass;
|
||||
setcookie('color', $color, $limit, $path);
|
||||
setcookie("comment:{$board}-{$thread}", $content, $limit, $path);
|
||||
|
||||
|
|
|
@ -1,440 +1,440 @@
|
|||
<?php
|
||||
//直接アクセスしちゃだめ
|
||||
require $d_root.'/hide_php/conf/c.php';
|
||||
require $d_root.'/hide_php/conf/submit.php';
|
||||
require $d_root.'/hide_php/conf/form.php';
|
||||
require $d_root.'/hide_php/conf/bbs.php';
|
||||
|
||||
|
||||
//画像処理
|
||||
function image_text($image){
|
||||
if (!empty($image)){
|
||||
return base64_encode(file_get_contents($image));
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function s_image($image_text){
|
||||
if (!empty($image_text)){
|
||||
return '{{'.$image_text.'}}';
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
function get_image($text){
|
||||
global $d_root;
|
||||
$w1 = '{{';
|
||||
$w2 = '}}';
|
||||
$d1 = strpos($text, $w1);
|
||||
if ($d1 !== false){
|
||||
$d2 = strpos($text, $w2);
|
||||
if (($d2 !== false) and ($d2 > $d1)){
|
||||
$d1_a = $d1 + 2;
|
||||
$d2_a = $d2 - $d1 - 2;
|
||||
$name = substr($text, $d1_a, $d2_a);
|
||||
if ($name !== '.'){
|
||||
if ((!empty($name)) && (file_exists($d_root.'/sqlike/bbs/file/'.$name))){
|
||||
return $name;
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function vi_image_type($image_file_type){
|
||||
if (stripos($image_file_type, 'image/') === false){
|
||||
return '';
|
||||
} else {
|
||||
$o = array('gif','png','jpeg','jpg','webp','ico');
|
||||
foreach ($o as $t){
|
||||
if (empty($t)){
|
||||
return '';
|
||||
}
|
||||
if (stripos($image_file_type, $t) !== false){
|
||||
return $t;
|
||||
}
|
||||
}
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function get_owner_passwd($board){
|
||||
global $d_root;
|
||||
if ($board >= 200){
|
||||
$board_file = $d_root.'/sqlike/bbs/user_board/'.$board.'.txt';
|
||||
(file_exists($board_file)?$board_data = explode("'", get($board_file, 1)):exit);
|
||||
list($board_title, $board_description, $board_content, $board_access_passwd, $board_edit_passwd) = $board_data;
|
||||
return (string)$board_edit_passwd;
|
||||
} else {
|
||||
$keyfile = $d_root.'/sqlike/own/master_key.txt';
|
||||
return pass((file_exists($keyfile)?get($keyfile, 1):exit));
|
||||
}
|
||||
}
|
||||
|
||||
function remove_images_from_thread($thread_file){
|
||||
global $d_root;
|
||||
$thread_content = file_get_contents($thread_file);
|
||||
$thread_rows = explode(PHP_EOL, $thread_content);
|
||||
foreach ($thread_rows as $row){
|
||||
if (strpos($row, "'") === false){
|
||||
continue;
|
||||
}
|
||||
$d = explode("'", $row);
|
||||
$image_file = get_image($d[5]);
|
||||
if (!empty($image_file)){
|
||||
unlink($d_root.'/sqlike/bbs/file/'.$image_file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$w = '-';
|
||||
$bbs_dir = $d_root.'/sqlike/bbs';
|
||||
|
||||
$reason_session = '<h1>認証に失敗</h1>フォームの認証に失敗しました。<br><p>この画面が何度も表示される場合は、投稿フォームをリロードして下さい。</p>';
|
||||
$reason_passwd = '<h1>照合エラー</h1>編集パスワードが間違っています。<br>';
|
||||
//前提条件ここまで
|
||||
|
||||
|
||||
|
||||
|
||||
//投稿した
|
||||
if (isset($_POST['submit'])){
|
||||
$submit = $_POST['submit'];
|
||||
|
||||
//認証
|
||||
if (isset($_POST['session'])){
|
||||
$session_num = h($_POST['session']);
|
||||
if (isset($_POST['area'])){
|
||||
$areas = $_POST['area'];
|
||||
if (substr_count($areas, '#') === 1){
|
||||
list($areas, $edit_num) = explode('#', $areas);
|
||||
} elseif (isset($_POST['edit_num'])){
|
||||
$edit_num = $_POST['edit_num'];
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
if (empty($edit_num)){
|
||||
form_die();
|
||||
}
|
||||
$meta = $areas;
|
||||
|
||||
//板とスレッドの検出-ここで定義しちゃおう
|
||||
if (substr_count($meta, $w) === 1){
|
||||
$area = explode($w, $meta);
|
||||
$board = (int)$area[0];
|
||||
$thread = (int)$area[1];
|
||||
$areas = (string)$board.$w.(string)$thread;
|
||||
} else {
|
||||
$board = (int)substr($meta, 0, 1);
|
||||
$thread = (int)substr($meta, 1);
|
||||
$areas = (string)$board.(string)$thread;
|
||||
}
|
||||
//未指定と0はだ駄目
|
||||
if (empty($board)){
|
||||
form_die();
|
||||
}
|
||||
if (empty($thread)){
|
||||
form_die();
|
||||
}
|
||||
$thread_file = $bbs_dir.'/'.$board.'/'.$thread.'.txt';
|
||||
if (file_exists($thread_file) === false){
|
||||
form_die();
|
||||
}
|
||||
if (empty(get($thread_file, $edit_num + 1))){
|
||||
form_die();
|
||||
}
|
||||
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
|
||||
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
|
||||
if (check_session($meta, $session_num, $url, false)){
|
||||
|
||||
|
||||
//switch長いよ
|
||||
switch ($submit){
|
||||
|
||||
case 'edit':
|
||||
//セッションの代用
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session($meta, $session_num);
|
||||
|
||||
(isset($_COOKIE['edit_pass'])?$s_edit_pass=s_pass_d($_COOKIE['edit_pass']):$s_edit_pass = '');
|
||||
$output = '<h1>パスワードを入力</h1>
|
||||
<form action="" method="POST">
|
||||
<label>編集パスワード:<input type="text" name="edit_passwd" value="'.$s_edit_pass.'" style="background:#fff;color:#a04;border:solid 0.1em #111;"></label>
|
||||
<button type="submit" name="submit" value="editing_comment" class="enter">編 集</button>
|
||||
<input type="hidden" name="session" value="'.$session_num.'">
|
||||
<input type="hidden" name="edit_num" value="'.$edit_num.'">
|
||||
<input type="hidden" name="area" value="'.$areas.'">
|
||||
<p><br></p>
|
||||
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
|
||||
</form><p><br></p><p><br></p><p><br></p>';
|
||||
break;
|
||||
|
||||
case 'editing_comment':
|
||||
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
|
||||
$hashed = pass($edit_passwd);
|
||||
|
||||
//コメントを取得
|
||||
$edit_thread_row = get($thread_file, $edit_num + 1);
|
||||
if ($edit_thread_row === false){
|
||||
exit;
|
||||
}
|
||||
$value = explode("'", $edit_thread_row);
|
||||
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
|
||||
$master_key = get_owner_passwd($board);
|
||||
|
||||
if ((not_empty($true_edit_pass) && ($hashed === $true_edit_pass)) || ($hashed === $master_key)){
|
||||
|
||||
//セッションの代用
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session($meta, $session_num);
|
||||
|
||||
//1番目はタイトル編集も
|
||||
if ((int)$edit_num === 1){
|
||||
$append_form = '<p><label>タイトル<input type="text" name="title" value="'.get($thread_file, 1).'"></label></p>';
|
||||
$append_form_1 = '<h3>危険</h3><p>以下の欄に「このスレッドを削除します」と入力すると、<strong>消滅します。</strong></p><p><label>確認<input type="text" name="kill_thread"></label></p>';
|
||||
} else {
|
||||
$append_form = '';
|
||||
$append_form_1 = '';
|
||||
}
|
||||
|
||||
if ($hashed === $master_key){
|
||||
$notice = '<p><b class="color_bl">管理人</b>モードで編集しています。(本文がエスケープされません。「<」は「'.h('<').'」にする等の対策が必要です)</p>';
|
||||
$comment_text = h(preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p)));
|
||||
} else {
|
||||
$notice = '<p><b class="color_bl">通常</b>モードで編集しています。(特に気をつけるポイントはありません)</p>';
|
||||
$comment_text = preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p));
|
||||
}
|
||||
//クッキー内容
|
||||
$s_name=(isset($_COOKIE['name'])?$_COOKIE['name']:$name_p);
|
||||
$s_key=(isset($_COOKIE['key'])?s_pass_d($_COOKIE['key']):'');
|
||||
|
||||
//文字色リスト
|
||||
$color_option = '<div><p>文字色<br>';
|
||||
$count = 0;
|
||||
foreach ($color_list as $c){
|
||||
$color_option = $color_option.'<label class="'.$c.'"><input type="radio" name="color" value="'.$c.'" id="'.$c.'"';
|
||||
if ($color_p === $c){
|
||||
$color_option = $color_option.' checked';
|
||||
}
|
||||
$color_option = $color_option.'>'.$color_name_list[$count].'</label> ';
|
||||
++$count;
|
||||
}
|
||||
$color_option = $color_option.'</p></div>';
|
||||
|
||||
|
||||
$comment_array = [$thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p];
|
||||
$p_view = true;
|
||||
|
||||
$output = '<h1>内容を修正</h1>'.$notice.'<p>以下、もとの内容です。</p><hr>
|
||||
{P}
|
||||
<p><br></p>
|
||||
<form action="" method="POST" enctype="multipart/form-data" id="form">
|
||||
<h2>投稿内容を修正</h2>
|
||||
<input type="hidden" name="area" value="'.$areas.'"><input type="hidden" name="session" value="'.$session_num.'">
|
||||
<input type="hidden" name="edit_num" value="'.$edit_num.'"><input type="hidden" name="edit_passwd" value="'.h($edit_passwd).'">
|
||||
<input type="hidden" name="past_file" value="'.get_image($content_p).'">'.$append_form.
|
||||
'<p><label><b>名前</b><input type="text" name="name" value="'.h($s_name).'"></label><label>#トリップ<input type="text" name="key" value="'.h($s_key).'"></label></p>
|
||||
<p><label><b>内容</b><br><textarea rows="8" cols="25" name="comment" class="'.$color_p.'" id="text">'.$comment_text.'</textarea></label></p>
|
||||
'.$color_option.'
|
||||
<p><label>編集パスワード<input type="text" name="edit_pass" value="'.$edit_passwd.'"></label></p>
|
||||
<p><label><input type="checkbox" name="pass" value="change">名前、トリップ、パスワードを変更する</label></p>
|
||||
<p style="float:right;"><button type="submit" name="submit" value="edited_comment" class="enter">編集完了</button></p>
|
||||
<p><label class="file">画像を選択<input type="file" name="image" accept="image/*"></label></p>
|
||||
<p><label><input type="checkbox" name="check" value="del">今の画像を削除するか上書きするか新規追加する</label></p>
|
||||
<p><br></p>'.$append_form_1.'</form>
|
||||
<p><br></p>
|
||||
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
|
||||
<p><br></p>編集を完了すると<b>掲示板ページへ飛びます。</b><p><br></p>';
|
||||
} else {
|
||||
$output = $reason_passwd;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'edited_comment':
|
||||
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
|
||||
|
||||
//ファイルをロック
|
||||
file_lock('thread:'.$board.'-'.$thread);
|
||||
|
||||
$edit_thread_row = get($thread_file, $edit_num + 1);
|
||||
if ($edit_thread_row === false){
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
exit;
|
||||
}
|
||||
$value = explode("'", $edit_thread_row);
|
||||
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
|
||||
$master_key = get_owner_passwd($board);
|
||||
|
||||
if ((not_empty($true_edit_pass) && (pass($edit_passwd) === $true_edit_pass)) || (pass($edit_passwd) === $master_key)){
|
||||
|
||||
(isset($_POST['comment'])?$content = $_POST['comment']:form_die());
|
||||
(isset($_POST['color'])?$color = h($_POST['color']):form_die());
|
||||
(isset($_POST['past_file'])?$image_name = h($_POST['past_file']):form_die());
|
||||
if (in_array($color, $color_list) === false){
|
||||
form_die();
|
||||
}
|
||||
|
||||
|
||||
//種別
|
||||
if (pass($edit_passwd) === get_owner_passwd($board)){
|
||||
$content = str_replace("'", h("'"), L1(nl2br($content, false)));
|
||||
} else {
|
||||
$content = p($content);
|
||||
}
|
||||
|
||||
|
||||
if (!not_empty($content)){
|
||||
$content = rand_comment();
|
||||
}
|
||||
|
||||
$edit_pass = $true_edit_pass;
|
||||
$name = $name_p;
|
||||
$key = $key_p;
|
||||
if (isset($_POST['pass'])){
|
||||
if ($_POST['pass'] === 'change'){
|
||||
(isset($_POST['edit_pass'])?$edit_pass = pass(h($_POST['edit_pass'])):form_die());
|
||||
if (isset($_POST['name'])){
|
||||
if ((not_empty($_POST['name'])) && (strlen($name) < 100)){
|
||||
$name = h($_POST['name']);
|
||||
}
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
(isset($_POST['key'])?$key = t_key($name, h($_POST['key'])):form_die());
|
||||
}
|
||||
}
|
||||
|
||||
if ((int)$edit_num === 1){
|
||||
(isset($_POST['title'])?$title = h($_POST['title']):form_die());
|
||||
(isset($_POST['kill_thread'])?$kill_thread = $_POST['kill_thread']:form_die());
|
||||
|
||||
##危険地帯
|
||||
if ($kill_thread === 'このスレッドを削除します'){
|
||||
remove_images_from_thread($thread_file);
|
||||
unlink($thread_file);
|
||||
|
||||
//ここでロック解除
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
header("Location:/board.php?Board={$board}");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!not_empty($title)){
|
||||
$title = get($thread_file, 1);
|
||||
}
|
||||
} else {
|
||||
$title = get($thread_file, 1);
|
||||
}
|
||||
|
||||
if (isset($_POST['check'])){
|
||||
if ($_POST['check'] === 'del'){
|
||||
$past_image = $bbs_dir.'/file/'.$image_name;
|
||||
if (file_exists($past_image)){
|
||||
if (!empty($image_name)){
|
||||
unlink($past_image);
|
||||
}
|
||||
}
|
||||
$image_name = '';
|
||||
$image_text = image_text($_FILES['image']['tmp_name']);
|
||||
$image_file_type = vi_image_type($_FILES['image']['type']);
|
||||
if (!empty($image_text) && !empty($image_file_type)){
|
||||
if (in_array($image_file_type, $white_type_list) === false){
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
form_die();
|
||||
}
|
||||
$image_name = mt_rand().'.'.$image_file_type;
|
||||
$path = $bbs_dir.'/file/' .$image_name;
|
||||
while (file_exists($path)){
|
||||
$image_name = mt_rand().'.'.$image_file_type;
|
||||
$path = $bbs_dir.'/file/'.$image_name;
|
||||
}
|
||||
file_put_contents($path, base64_decode($image_text), LOCK_EX);
|
||||
}
|
||||
}
|
||||
}
|
||||
$content = $content.s_image($image_name);
|
||||
|
||||
$thread_content = implode(PHP_EOL, get_rows($thread_file, 2));
|
||||
$past_string = $edit_thread_row;
|
||||
$new_string = L1(implode("'", [$thread_id_p, $name, $key, $date_p, $color, $content, $edit_pass]));
|
||||
$string = $title.PHP_EOL.str_replace($past_string, $new_string, $thread_content).PHP_EOL;
|
||||
file_put_contents($thread_file, $string, LOCK_EX);
|
||||
|
||||
//解除
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
|
||||
//転送
|
||||
header("Location:./board.php?Board={$board}");
|
||||
exit;
|
||||
|
||||
} else {
|
||||
$output = $reason_passwd;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
not_found();
|
||||
break;
|
||||
}
|
||||
//長いswitch終わり
|
||||
|
||||
} else {
|
||||
$output = $reason_session;
|
||||
}
|
||||
//認証結果
|
||||
|
||||
} else {
|
||||
$output = $reason_session;
|
||||
}
|
||||
//トークン送信
|
||||
|
||||
}
|
||||
//投稿
|
||||
|
||||
|
||||
|
||||
##########html開始
|
||||
html_head('編集-', '', $d_root.'/sqlike/css/form/bbs.css', false);
|
||||
|
||||
if (isset($output)){
|
||||
if (isset($p_view, $comment_array)){
|
||||
if ($p_view === true){
|
||||
$output = explode('{P}', $output);
|
||||
echo $output[0];
|
||||
view_comment($comment_array, '', '');
|
||||
echo $output[1];
|
||||
} else {
|
||||
echo $output;
|
||||
}
|
||||
} else {
|
||||
echo $output;
|
||||
}
|
||||
}
|
||||
echo '<p><br><br></p>';
|
||||
if (isset($meta)){
|
||||
echo '<p>(<a href="/thread.php?Area='.$meta.'">戻る</a>)</p>';
|
||||
}
|
||||
|
||||
$f = $d_root.'/sqlike/html/form/thread_edit.html';
|
||||
if (file_exists($f)){
|
||||
include $f;
|
||||
}
|
||||
|
||||
if (isset($submit)){
|
||||
if ($submit === 'editing_comment'){
|
||||
html_foot($d_root.'/js/text_color.js', '');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
html_foot('', '');
|
||||
<?php
|
||||
//直接アクセスしちゃだめ
|
||||
require $d_root.'/hide_php/conf/c.php';
|
||||
require $d_root.'/hide_php/conf/submit.php';
|
||||
require $d_root.'/hide_php/conf/form.php';
|
||||
require $d_root.'/hide_php/conf/bbs.php';
|
||||
|
||||
|
||||
//画像処理
|
||||
function image_text($image){
|
||||
if (!empty($image)){
|
||||
return base64_encode(file_get_contents($image));
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function s_image($image_text){
|
||||
if (!empty($image_text)){
|
||||
return '{{'.$image_text.'}}';
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
function get_image($text){
|
||||
global $d_root;
|
||||
$w1 = '{{';
|
||||
$w2 = '}}';
|
||||
$d1 = strpos($text, $w1);
|
||||
if ($d1 !== false){
|
||||
$d2 = strpos($text, $w2);
|
||||
if (($d2 !== false) and ($d2 > $d1)){
|
||||
$d1_a = $d1 + 2;
|
||||
$d2_a = $d2 - $d1 - 2;
|
||||
$name = substr($text, $d1_a, $d2_a);
|
||||
if ($name !== '.'){
|
||||
if ((!empty($name)) && (file_exists($d_root.'/sqlike/bbs/file/'.$name))){
|
||||
return $name;
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function vi_image_type($image_file_type){
|
||||
if (stripos($image_file_type, 'image/') === false){
|
||||
return '';
|
||||
} else {
|
||||
$o = array('gif','png','jpeg','jpg','webp','ico');
|
||||
foreach ($o as $t){
|
||||
if (empty($t)){
|
||||
return '';
|
||||
}
|
||||
if (stripos($image_file_type, $t) !== false){
|
||||
return $t;
|
||||
}
|
||||
}
|
||||
return '';
|
||||
}
|
||||
}
|
||||
function get_owner_passwd($board){
|
||||
global $d_root;
|
||||
if ($board >= 200){
|
||||
$board_file = $d_root.'/sqlike/bbs/user_board/'.$board.'.txt';
|
||||
(file_exists($board_file)?$board_data = explode("'", get($board_file, 1)):exit);
|
||||
list($board_title, $board_description, $board_content, $board_access_passwd, $board_edit_passwd) = $board_data;
|
||||
return (string)$board_edit_passwd;
|
||||
} else {
|
||||
$keyfile = $d_root.'/sqlike/own/master_key.txt';
|
||||
return pass((file_exists($keyfile)?get($keyfile, 1):exit));
|
||||
}
|
||||
}
|
||||
|
||||
function remove_images_from_thread($thread_file){
|
||||
global $d_root;
|
||||
$thread_content = file_get_contents($thread_file);
|
||||
$thread_rows = explode(PHP_EOL, $thread_content);
|
||||
foreach ($thread_rows as $row){
|
||||
if (strpos($row, "'") === false){
|
||||
continue;
|
||||
}
|
||||
$d = explode("'", $row);
|
||||
$image_file = get_image($d[5]);
|
||||
if (!empty($image_file)){
|
||||
unlink($d_root.'/sqlike/bbs/file/'.$image_file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$w = '-';
|
||||
$bbs_dir = $d_root.'/sqlike/bbs';
|
||||
|
||||
$reason_session = '<h1>認証に失敗</h1>フォームの認証に失敗しました。<br><p>この画面が何度も表示される場合は、投稿フォームをリロードして下さい。</p>';
|
||||
$reason_passwd = '<h1>照合エラー</h1>編集パスワードが間違っています。<br>';
|
||||
//前提条件ここまで
|
||||
|
||||
|
||||
|
||||
|
||||
//投稿した
|
||||
if (isset($_POST['submit'])){
|
||||
$submit = $_POST['submit'];
|
||||
|
||||
//認証
|
||||
if (isset($_POST['session'])){
|
||||
$session_num = h($_POST['session']);
|
||||
if (isset($_POST['area'])){
|
||||
$areas = $_POST['area'];
|
||||
if (substr_count($areas, '#') === 1){
|
||||
list($areas, $edit_num) = explode('#', $areas);
|
||||
} elseif (isset($_POST['edit_num'])){
|
||||
$edit_num = $_POST['edit_num'];
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
if (empty($edit_num)){
|
||||
form_die();
|
||||
}
|
||||
$meta = $areas;
|
||||
|
||||
//板とスレッドの検出-ここで定義しちゃおう
|
||||
if (substr_count($meta, $w) === 1){
|
||||
$area = explode($w, $meta);
|
||||
$board = (int)$area[0];
|
||||
$thread = (int)$area[1];
|
||||
$areas = (string)$board.$w.(string)$thread;
|
||||
} else {
|
||||
$board = (int)substr($meta, 0, 1);
|
||||
$thread = (int)substr($meta, 1);
|
||||
$areas = (string)$board.(string)$thread;
|
||||
}
|
||||
//未指定と0はだ駄目
|
||||
if (empty($board)){
|
||||
form_die();
|
||||
}
|
||||
if (empty($thread)){
|
||||
form_die();
|
||||
}
|
||||
$thread_file = $bbs_dir.'/'.$board.'/'.$thread.'.txt';
|
||||
if (file_exists($thread_file) === false){
|
||||
form_die();
|
||||
}
|
||||
if (empty(get($thread_file, $edit_num + 1))){
|
||||
form_die();
|
||||
}
|
||||
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
|
||||
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
|
||||
if (check_session($meta, $session_num, $url, false)){
|
||||
|
||||
|
||||
//switch長いよ
|
||||
switch ($submit){
|
||||
|
||||
case 'edit':
|
||||
//セッションの代用
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session($meta, $session_num);
|
||||
|
||||
(isset($_SESSION['edit_pass'])?$s_edit_pass=$_SESSION['edit_pass']:$s_edit_pass = '');
|
||||
$output = '<h1>パスワードを入力</h1>
|
||||
<form action="" method="POST">
|
||||
<label>編集パスワード:<input type="text" name="edit_passwd" value="'.$s_edit_pass.'"></label>
|
||||
<button type="submit" name="submit" value="editing_comment" class="enter">編 集</button>
|
||||
<input type="hidden" name="session" value="'.$session_num.'">
|
||||
<input type="hidden" name="edit_num" value="'.$edit_num.'">
|
||||
<input type="hidden" name="area" value="'.$areas.'">
|
||||
<p><br></p>
|
||||
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
|
||||
</form><p><br></p><p><br></p><p><br></p>';
|
||||
break;
|
||||
|
||||
case 'editing_comment':
|
||||
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
|
||||
$hashed = pass($edit_passwd);
|
||||
|
||||
//コメントを取得
|
||||
$edit_thread_row = get($thread_file, $edit_num + 1);
|
||||
if ($edit_thread_row === false){
|
||||
exit;
|
||||
}
|
||||
$value = explode("'", $edit_thread_row);
|
||||
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
|
||||
$master_key = get_owner_passwd($board);
|
||||
|
||||
if ((not_empty($true_edit_pass) && ($hashed === $true_edit_pass)) || ($hashed === $master_key)){
|
||||
|
||||
//セッションの代用
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session($meta, $session_num);
|
||||
|
||||
//1番目はタイトル編集も
|
||||
if ((int)$edit_num === 1){
|
||||
$append_form = '<p><label>タイトル<input type="text" name="title" value="'.get($thread_file, 1).'"></label></p>';
|
||||
$append_form_1 = '<h3>危険</h3><p>以下の欄に「このスレッドを削除します」と入力すると、<strong>消滅します。</strong></p><p><label>確認<input type="text" name="kill_thread"></label></p>';
|
||||
} else {
|
||||
$append_form = '';
|
||||
$append_form_1 = '';
|
||||
}
|
||||
|
||||
if ($hashed === $master_key){
|
||||
$notice = '<p><b class="color_bl">管理人</b>モードで編集しています。(本文がエスケープされません。「<」は「'.h('<').'」にする等の対策が必要です)</p>';
|
||||
$comment_text = h(preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p)));
|
||||
} else {
|
||||
$notice = '<p><b class="color_bl">通常</b>モードで編集しています。(特に気をつけるポイントはありません)</p>';
|
||||
$comment_text = preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p));
|
||||
}
|
||||
//クッキー内容
|
||||
$s_name = (isset($_COOKIE['name'])?$_COOKIE['name']:$name_p);
|
||||
$s_key = (isset($_SESSION['key'])?$_SESSION['key']:'');
|
||||
|
||||
//文字色リスト
|
||||
$color_option = '<div><p>文字色<br>';
|
||||
$count = 0;
|
||||
foreach ($color_list as $c){
|
||||
$color_option = $color_option.'<label class="'.$c.'"><input type="radio" name="color" value="'.$c.'" id="'.$c.'"';
|
||||
if ($color_p === $c){
|
||||
$color_option = $color_option.' checked';
|
||||
}
|
||||
$color_option = $color_option.'>'.$color_name_list[$count].'</label> ';
|
||||
++$count;
|
||||
}
|
||||
$color_option = $color_option.'</p></div>';
|
||||
|
||||
|
||||
$comment_array = [$thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p];
|
||||
$p_view = true;
|
||||
|
||||
$output = '<h1>内容を修正</h1>'.$notice.'<p>以下、もとの内容です。</p><hr>
|
||||
{P}
|
||||
<p><br></p>
|
||||
<form action="" method="POST" enctype="multipart/form-data" id="form">
|
||||
<h2>投稿内容を修正</h2>
|
||||
<input type="hidden" name="area" value="'.$areas.'"><input type="hidden" name="session" value="'.$session_num.'">
|
||||
<input type="hidden" name="edit_num" value="'.$edit_num.'"><input type="hidden" name="edit_passwd" value="'.h($edit_passwd).'">
|
||||
<input type="hidden" name="past_file" value="'.get_image($content_p).'">'.$append_form.
|
||||
'<p><label><b>名前</b><input type="text" name="name" value="'.h($s_name).'"></label><label>#トリップ<input type="text" name="key" value="'.h($s_key).'"></label></p>
|
||||
<p><label><b>内容</b><br><textarea rows="8" cols="25" name="comment" class="'.$color_p.'" id="text">'.$comment_text.'</textarea></label></p>
|
||||
'.$color_option.'
|
||||
<p><label>編集パスワード<input type="text" name="edit_pass" value="'.$edit_passwd.'"></label></p>
|
||||
<p><label><input type="checkbox" name="pass" value="change">名前、トリップ、パスワードを変更する</label></p>
|
||||
<p style="float:right;"><button type="submit" name="submit" value="edited_comment" class="enter">編集完了</button></p>
|
||||
<p><label class="file">画像を選択<input type="file" name="image" accept="image/*"></label></p>
|
||||
<p><label><input type="checkbox" name="check" value="del">今の画像を削除するか上書きするか新規追加する</label></p>
|
||||
<p><br></p>'.$append_form_1.'</form>
|
||||
<p><br></p>
|
||||
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
|
||||
<p><br></p>編集を完了すると<b>掲示板ページへ飛びます。</b><p><br></p>';
|
||||
} else {
|
||||
$output = $reason_passwd;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'edited_comment':
|
||||
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
|
||||
|
||||
//ファイルをロック
|
||||
file_lock('thread:'.$board.'-'.$thread);
|
||||
|
||||
$edit_thread_row = get($thread_file, $edit_num + 1);
|
||||
if ($edit_thread_row === false){
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
exit;
|
||||
}
|
||||
$value = explode("'", $edit_thread_row);
|
||||
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
|
||||
$master_key = get_owner_passwd($board);
|
||||
|
||||
if ((not_empty($true_edit_pass) && (pass($edit_passwd) === $true_edit_pass)) || (pass($edit_passwd) === $master_key)){
|
||||
|
||||
(isset($_POST['comment'])?$content = $_POST['comment']:form_die());
|
||||
(isset($_POST['color'])?$color = h($_POST['color']):form_die());
|
||||
(isset($_POST['past_file'])?$image_name = h($_POST['past_file']):form_die());
|
||||
if (in_array($color, $color_list) === false){
|
||||
form_die();
|
||||
}
|
||||
|
||||
|
||||
//種別
|
||||
if (pass($edit_passwd) === get_owner_passwd($board)){
|
||||
$content = str_replace("'", h("'"), L1(nl2br($content, false)));
|
||||
} else {
|
||||
$content = p($content);
|
||||
}
|
||||
|
||||
|
||||
if (!not_empty($content)){
|
||||
$content = rand_comment();
|
||||
}
|
||||
|
||||
$edit_pass = $true_edit_pass;
|
||||
$name = $name_p;
|
||||
$key = $key_p;
|
||||
if (isset($_POST['pass'])){
|
||||
if ($_POST['pass'] === 'change'){
|
||||
(isset($_POST['edit_pass'])?$edit_pass = pass(h($_POST['edit_pass'])):form_die());
|
||||
if (isset($_POST['name'])){
|
||||
if ((not_empty($_POST['name'])) && (strlen($name) < 100)){
|
||||
$name = h($_POST['name']);
|
||||
}
|
||||
} else {
|
||||
form_die();
|
||||
}
|
||||
(isset($_POST['key'])?$key = t_key($name, h($_POST['key'])):form_die());
|
||||
}
|
||||
}
|
||||
|
||||
if ((int)$edit_num === 1){
|
||||
(isset($_POST['title'])?$title = h($_POST['title']):form_die());
|
||||
(isset($_POST['kill_thread'])?$kill_thread = $_POST['kill_thread']:form_die());
|
||||
|
||||
##危険地帯
|
||||
if ($kill_thread === 'このスレッドを削除します'){
|
||||
remove_images_from_thread($thread_file);
|
||||
unlink($thread_file);
|
||||
|
||||
//ここでロック解除
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
header("Location:/board.php?Board={$board}");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!not_empty($title)){
|
||||
$title = get($thread_file, 1);
|
||||
}
|
||||
} else {
|
||||
$title = get($thread_file, 1);
|
||||
}
|
||||
|
||||
if (isset($_POST['check'])){
|
||||
if ($_POST['check'] === 'del'){
|
||||
$past_image = $bbs_dir.'/file/'.$image_name;
|
||||
if (file_exists($past_image)){
|
||||
if (!empty($image_name)){
|
||||
unlink($past_image);
|
||||
}
|
||||
}
|
||||
$image_name = '';
|
||||
$image_text = image_text($_FILES['image']['tmp_name']);
|
||||
$image_file_type = vi_image_type($_FILES['image']['type']);
|
||||
if (!empty($image_text) && !empty($image_file_type)){
|
||||
if (in_array($image_file_type, $white_type_list) === false){
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
form_die();
|
||||
}
|
||||
$image_name = mt_rand().'.'.$image_file_type;
|
||||
$path = $bbs_dir.'/file/' .$image_name;
|
||||
while (file_exists($path)){
|
||||
$image_name = mt_rand().'.'.$image_file_type;
|
||||
$path = $bbs_dir.'/file/'.$image_name;
|
||||
}
|
||||
file_put_contents($path, base64_decode($image_text), LOCK_EX);
|
||||
}
|
||||
}
|
||||
}
|
||||
$content = $content.s_image($image_name);
|
||||
|
||||
$thread_content = implode(PHP_EOL, get_rows($thread_file, 2));
|
||||
$past_string = $edit_thread_row;
|
||||
$new_string = L1(implode("'", [$thread_id_p, $name, $key, $date_p, $color, $content, $edit_pass]));
|
||||
$string = $title.PHP_EOL.str_replace($past_string, $new_string, $thread_content).PHP_EOL;
|
||||
file_put_contents($thread_file, $string, LOCK_EX);
|
||||
|
||||
//解除
|
||||
file_unlock('thread:'.$board.'-'.$thread);
|
||||
|
||||
//転送
|
||||
header("Location:./board.php?Board={$board}");
|
||||
exit;
|
||||
|
||||
} else {
|
||||
$output = $reason_passwd;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
not_found();
|
||||
break;
|
||||
}
|
||||
//長いswitch終わり
|
||||
|
||||
} else {
|
||||
$output = $reason_session;
|
||||
}
|
||||
//認証結果
|
||||
|
||||
} else {
|
||||
$output = $reason_session;
|
||||
}
|
||||
//トークン送信
|
||||
|
||||
}
|
||||
//投稿
|
||||
|
||||
|
||||
|
||||
##########html開始
|
||||
html_head('編集-', '', $d_root.'/sqlike/css/form/bbs.css', false);
|
||||
|
||||
if (isset($output)){
|
||||
if (isset($p_view, $comment_array)){
|
||||
if ($p_view === true){
|
||||
$output = explode('{P}', $output);
|
||||
echo $output[0];
|
||||
view_comment($comment_array, '', '');
|
||||
echo $output[1];
|
||||
} else {
|
||||
echo $output;
|
||||
}
|
||||
} else {
|
||||
echo $output;
|
||||
}
|
||||
}
|
||||
echo '<p><br><br></p>';
|
||||
if (isset($meta)){
|
||||
echo '<p>(<a href="/thread.php?Area='.$meta.'">戻る</a>)</p>';
|
||||
}
|
||||
|
||||
$f = $d_root.'/sqlike/html/form/thread_edit.html';
|
||||
if (file_exists($f)){
|
||||
include $f;
|
||||
}
|
||||
|
||||
if (isset($submit)){
|
||||
if ($submit === 'editing_comment'){
|
||||
html_foot($d_root.'/js/text_color.js', '');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
html_foot('', '');
|
||||
|
|
|
@ -1,47 +1,48 @@
|
|||
<?php
|
||||
//直接アクセスしちゃだめ
|
||||
|
||||
require $d_root.'/hide_php/conf/c.php';
|
||||
require $d_root.'/hide_php/conf/submit.php';
|
||||
require $d_root.'/hide_php/conf/form.php';
|
||||
//定義
|
||||
|
||||
|
||||
|
||||
if (isset($_GET['Board'])){
|
||||
$board = (int)$_GET['Board'];
|
||||
} else {
|
||||
not_found();
|
||||
}
|
||||
if ($board === 0){
|
||||
not_found();
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['session_num'], $_POST['access_passwd'])){
|
||||
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
|
||||
if (check_session('login', $_POST['session_num'], $url, true)){
|
||||
setcookie('login:'.$board, s_pass_e(h($_POST['access_passwd'])), ['expires' => time() + 9999, 'path' => '/', 'samesite' => 'Strict']);
|
||||
header('Location:./board.php?Board='.$board);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session('login', $session_num);
|
||||
|
||||
|
||||
######html開始
|
||||
html_head('ログイン-', '', '', false);
|
||||
echo '<h1>ログイン</h1>';
|
||||
echo '<form action="" method="POST">
|
||||
<input type="hidden" name="session_num" value="'.$session_num.'">
|
||||
<p><label><b>アクセスパスワード</b><input type="text" name="access_passwd" style="background:#fff;color:#111;width:40%;font-size:1em;height:1.4em;"></label><button type="submit" style="background:#eef;padding:.3em;">ログイン</button></p>
|
||||
</form>';
|
||||
|
||||
html_foot('', '');
|
||||
|
||||
<?php
|
||||
//直接アクセスしちゃだめ
|
||||
|
||||
require $d_root.'/hide_php/conf/c.php';
|
||||
require $d_root.'/hide_php/conf/submit.php';
|
||||
require $d_root.'/hide_php/conf/form.php';
|
||||
session_start();
|
||||
//定義
|
||||
|
||||
|
||||
|
||||
if (isset($_GET['Board'])){
|
||||
$board = (int)$_GET['Board'];
|
||||
} else {
|
||||
not_found();
|
||||
}
|
||||
if ($board === 0){
|
||||
not_found();
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['session_num'], $_POST['access_passwd'])){
|
||||
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
|
||||
if (check_session('login', $_POST['session_num'], $url, true)){
|
||||
$_SESSION['login:'.$board] = pass(h($_POST['access_passwd']));
|
||||
header('Location:./board.php?Board='.$board);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
$session_num = one_time_pass(50, 100);
|
||||
set_session('login', $session_num);
|
||||
|
||||
|
||||
######html開始
|
||||
html_head('ログイン-', '', $d_root.'/sqlike/css/form/bbs.css', false);
|
||||
echo '<h1>ログイン</h1>';
|
||||
echo '<form action="" method="POST">
|
||||
<input type="hidden" name="session_num" value="'.$session_num.'">
|
||||
<p><label><b>アクセスパスワード</b><input type="text" name="access_passwd"></label><button type="submit" style="background:#eef;padding:.3em;">ログイン</button></p>
|
||||
</form>';
|
||||
|
||||
html_foot('', '');
|
||||
|
||||
|
|
|
@ -164,7 +164,7 @@ $output = '<h1>プレビュー</h1><p>以下の内容で板を作成します。
|
|||
|
||||
case 'edit':
|
||||
(isset($_POST['board'])?$board=(int)$_POST['board']:form_die());
|
||||
$s_edit_pass=(isset($_COOKIE['edit_pass'])?s_pass_d($_COOKIE['edit_pass']):'');
|
||||
$s_edit_pass=(isset($_SESSION['edit_pass'])?$_SESSION['edit_pass']:'');
|
||||
|
||||
//セッションの代用
|
||||
$session_num = one_time_pass(50, 100);
|
||||
|
|
読み込み中…
新しいイシューから参照