may/gaku-ura
may
/
gaku-ura
0
0
フォーク 0
コード イシュー プルリクエスト パッケージ プロジェクト リリース Wiki アクティビティ

"hide_php" にファイルをアップロード

このコミットが含まれているのは:
may 2024-04-25 20:28:12 +09:00
87fe73d5e2
コミット 4f959386de
4個のファイルの変更493行の追加492行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

8
hide_php/MarisaDB.php
ファイルの表示

@ -120,8 +120,8 @@ switch ($submit){
$limit = time() + 9999999;
$path = '/';
setcookie('name', $name, $limit, $path);
setcookie('key', s_pass_e($key), $limit, $path);
setcookie('edit_pass', s_pass_e($edit_pass), $limit, $path);
$_SESSION['key'] = $key;
$_SESSION['edit_pass'] = $edit_pass;
setcookie('color', $color, $limit, $path);
setcookie("comment:{$board}", $content, $limit, $path);
setcookie("title:{$board}", $title, $limit, $path);
@ -289,8 +289,8 @@ $output = '<p>貴方は新しくスレッドを<b class="color_bl">作成</b>し
$limit = time() + 9990999;
$path = '/';
setcookie('name', $name, $limit, $path);
setcookie('key', s_pass_e($key), $limit, $path);
setcookie('edit_pass', s_pass_e($edit_pass), $limit, $path);
$_SESSION['key'] = $key;
$_SESSION['edit_pass'] = $edit_pass;
setcookie('color', $color, $limit, $path);
setcookie("comment:{$board}-{$thread}", $content, $limit, $path);

880
hide_php/MarisaDB1.php
ファイルの表示

@ -1,440 +1,440 @@
<?php
//直接アクセスしちゃだめ
require $d_root.'/hide_php/conf/c.php';
require $d_root.'/hide_php/conf/submit.php';
require $d_root.'/hide_php/conf/form.php';
require $d_root.'/hide_php/conf/bbs.php';
//画像処理
function image_text($image){
if (!empty($image)){
return base64_encode(file_get_contents($image));
} else {
return '';
}
}
function s_image($image_text){
if (!empty($image_text)){
return '{{'.$image_text.'}}';
} else {
return '';
}
}
function get_image($text){
global $d_root;
$w1 = '{{';
$w2 = '}}';
$d1 = strpos($text, $w1);
if ($d1 !== false){
$d2 = strpos($text, $w2);
if (($d2 !== false) and ($d2 > $d1)){
$d1_a = $d1 + 2;
$d2_a = $d2 - $d1 - 2;
$name = substr($text, $d1_a, $d2_a);
if ($name !== '.'){
if ((!empty($name)) && (file_exists($d_root.'/sqlike/bbs/file/'.$name))){
return $name;
} else {
return '';
}
} else {
return '';
}
} else {
return '';
}
} else {
return '';
}
}
function vi_image_type($image_file_type){
if (stripos($image_file_type, 'image/') === false){
return '';
} else {
$o = array('gif','png','jpeg','jpg','webp','ico');
foreach ($o as $t){
if (empty($t)){
return '';
}
if (stripos($image_file_type, $t) !== false){
return $t;
}
}
return '';
}
}
function get_owner_passwd($board){
global $d_root;
if ($board >= 200){
$board_file = $d_root.'/sqlike/bbs/user_board/'.$board.'.txt';
(file_exists($board_file)?$board_data = explode("'", get($board_file, 1)):exit);
list($board_title, $board_description, $board_content, $board_access_passwd, $board_edit_passwd) = $board_data;
return (string)$board_edit_passwd;
} else {
$keyfile = $d_root.'/sqlike/own/master_key.txt';
return pass((file_exists($keyfile)?get($keyfile, 1):exit));
}
}
function remove_images_from_thread($thread_file){
global $d_root;
$thread_content = file_get_contents($thread_file);
$thread_rows = explode(PHP_EOL, $thread_content);
foreach ($thread_rows as $row){
if (strpos($row, "'") === false){
continue;
}
$d = explode("'", $row);
$image_file = get_image($d[5]);
if (!empty($image_file)){
unlink($d_root.'/sqlike/bbs/file/'.$image_file);
}
}
}
$w = '-';
$bbs_dir = $d_root.'/sqlike/bbs';
$reason_session = '<h1>認証に失敗</h1>フォームの認証に失敗しました。<br><p>この画面が何度も表示される場合は、投稿フォームをリロードして下さい。</p>';
$reason_passwd = '<h1>照合エラー</h1>編集パスワードが間違っています。<br>';
//前提条件ここまで
//投稿した
if (isset($_POST['submit'])){
$submit = $_POST['submit'];
//認証
if (isset($_POST['session'])){
$session_num = h($_POST['session']);
if (isset($_POST['area'])){
$areas = $_POST['area'];
if (substr_count($areas, '#') === 1){
list($areas, $edit_num) = explode('#', $areas);
} elseif (isset($_POST['edit_num'])){
$edit_num = $_POST['edit_num'];
} else {
form_die();
}
if (empty($edit_num)){
form_die();
}
$meta = $areas;
//板とスレッドの検出-ここで定義しちゃおう
if (substr_count($meta, $w) === 1){
$area = explode($w, $meta);
$board = (int)$area[0];
$thread = (int)$area[1];
$areas = (string)$board.$w.(string)$thread;
} else {
$board = (int)substr($meta, 0, 1);
$thread = (int)substr($meta, 1);
$areas = (string)$board.(string)$thread;
}
//未指定と0はだ駄目
if (empty($board)){
form_die();
}
if (empty($thread)){
form_die();
}
$thread_file = $bbs_dir.'/'.$board.'/'.$thread.'.txt';
if (file_exists($thread_file) === false){
form_die();
}
if (empty(get($thread_file, $edit_num + 1))){
form_die();
}
} else {
form_die();
}
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
if (check_session($meta, $session_num, $url, false)){
//switch長いよ
switch ($submit){
case 'edit':
//セッションの代用
$session_num = one_time_pass(50, 100);
set_session($meta, $session_num);
(isset($_COOKIE['edit_pass'])?$s_edit_pass=s_pass_d($_COOKIE['edit_pass']):$s_edit_pass = '');
$output = '<h1>パスワードを入力</h1>
<form action="" method="POST">
<label>編集パスワード:<input type="text" name="edit_passwd" value="'.$s_edit_pass.'" style="background:#fff;color:#a04;border:solid 0.1em #111;"></label>
 <button type="submit" name="submit" value="editing_comment" class="enter"> </button>
<input type="hidden" name="session" value="'.$session_num.'">
<input type="hidden" name="edit_num" value="'.$edit_num.'">
<input type="hidden" name="area" value="'.$areas.'">
<p><br></p>
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
</form><p><br></p><p><br></p><p><br></p>';
break;
case 'editing_comment':
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
$hashed = pass($edit_passwd);
//コメントを取得
$edit_thread_row = get($thread_file, $edit_num + 1);
if ($edit_thread_row === false){
exit;
}
$value = explode("'", $edit_thread_row);
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
$master_key = get_owner_passwd($board);
if ((not_empty($true_edit_pass) && ($hashed === $true_edit_pass)) || ($hashed === $master_key)){
//セッションの代用
$session_num = one_time_pass(50, 100);
set_session($meta, $session_num);
//1番目はタイトル編集も
if ((int)$edit_num === 1){
$append_form = '<p><label>タイトル<input type="text" name="title" value="'.get($thread_file, 1).'"></label></p>';
$append_form_1 = '<h3>危険</h3><p>以下の欄に「このスレッドを削除します」と入力すると、<strong>消滅します。</strong></p><p><label>確認<input type="text" name="kill_thread"></label></p>';
} else {
$append_form = '';
$append_form_1 = '';
}
if ($hashed === $master_key){
$notice = '<p><b class="color_bl">管理人</b>モードで編集しています。(本文がエスケープされません。「&lt」は「'.h('&lt').'」にする等の対策が必要です)</p>';
$comment_text = h(preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p)));
} else {
$notice = '<p><b class="color_bl">通常</b>モードで編集しています。(特に気をつけるポイントはありません)</p>';
$comment_text = preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p));
}
//クッキー内容
$s_name=(isset($_COOKIE['name'])?$_COOKIE['name']:$name_p);
$s_key=(isset($_COOKIE['key'])?s_pass_d($_COOKIE['key']):'');
//文字色リスト
$color_option = '<div><p>文字色<br>';
$count = 0;
foreach ($color_list as $c){
$color_option = $color_option.'<label class="'.$c.'"><input type="radio" name="color" value="'.$c.'" id="'.$c.'"';
if ($color_p === $c){
$color_option = $color_option.' checked';
}
$color_option = $color_option.'>'.$color_name_list[$count].'</label> ';
++$count;
}
$color_option = $color_option.'</p></div>';
$comment_array = [$thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p];
$p_view = true;
$output = '<h1>内容を修正</h1>'.$notice.'<p>以下、もとの内容です。</p><hr>
{P}
<p><br></p>
<form action="" method="POST" enctype="multipart/form-data" id="form">
<h2>投稿内容を修正</h2>
<input type="hidden" name="area" value="'.$areas.'"><input type="hidden" name="session" value="'.$session_num.'">
<input type="hidden" name="edit_num" value="'.$edit_num.'"><input type="hidden" name="edit_passwd" value="'.h($edit_passwd).'">
<input type="hidden" name="past_file" value="'.get_image($content_p).'">'.$append_form.
'<p><label><b>名前</b><input type="text" name="name" value="'.h($s_name).'"></label><label>#トリップ<input type="text" name="key" value="'.h($s_key).'"></label></p>
<p><label><b>内容</b><br><textarea rows="8" cols="25" name="comment" class="'.$color_p.'" id="text">'.$comment_text.'</textarea></label></p>
'.$color_option.'
<p><label>編集パスワード<input type="text" name="edit_pass" value="'.$edit_passwd.'"></label></p>
<p><label><input type="checkbox" name="pass" value="change">名前、トリップ、パスワードを変更する</label></p>
<p style="float:right;"><button type="submit" name="submit" value="edited_comment" class="enter">編集完了</button></p>
<p><label class="file">画像を選択<input type="file" name="image" accept="image/*"></label></p>
<p><label><input type="checkbox" name="check" value="del">今の画像を削除するか上書きするか新規追加する</label></p>
<p><br></p>'.$append_form_1.'</form>
<p><br></p>
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
<p><br></p>編集を完了すると<b>掲示板ページへ飛びます。</b><p><br></p>';
} else {
$output = $reason_passwd;
}
break;
case 'edited_comment':
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
//ファイルをロック
file_lock('thread:'.$board.'-'.$thread);
$edit_thread_row = get($thread_file, $edit_num + 1);
if ($edit_thread_row === false){
file_unlock('thread:'.$board.'-'.$thread);
exit;
}
$value = explode("'", $edit_thread_row);
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
$master_key = get_owner_passwd($board);
if ((not_empty($true_edit_pass) && (pass($edit_passwd) === $true_edit_pass)) || (pass($edit_passwd) === $master_key)){
(isset($_POST['comment'])?$content = $_POST['comment']:form_die());
(isset($_POST['color'])?$color = h($_POST['color']):form_die());
(isset($_POST['past_file'])?$image_name = h($_POST['past_file']):form_die());
if (in_array($color, $color_list) === false){
form_die();
}
//種別
if (pass($edit_passwd) === get_owner_passwd($board)){
$content = str_replace("'", h("'"), L1(nl2br($content, false)));
} else {
$content = p($content);
}
if (!not_empty($content)){
$content = rand_comment();
}
$edit_pass = $true_edit_pass;
$name = $name_p;
$key = $key_p;
if (isset($_POST['pass'])){
if ($_POST['pass'] === 'change'){
(isset($_POST['edit_pass'])?$edit_pass = pass(h($_POST['edit_pass'])):form_die());
if (isset($_POST['name'])){
if ((not_empty($_POST['name'])) && (strlen($name) < 100)){
$name = h($_POST['name']);
}
} else {
form_die();
}
(isset($_POST['key'])?$key = t_key($name, h($_POST['key'])):form_die());
}
}
if ((int)$edit_num === 1){
(isset($_POST['title'])?$title = h($_POST['title']):form_die());
(isset($_POST['kill_thread'])?$kill_thread = $_POST['kill_thread']:form_die());
##危険地帯
if ($kill_thread === 'このスレッドを削除します'){
remove_images_from_thread($thread_file);
unlink($thread_file);
//ここでロック解除
file_unlock('thread:'.$board.'-'.$thread);
header("Location:/board.php?Board={$board}");
exit;
}
if (!not_empty($title)){
$title = get($thread_file, 1);
}
} else {
$title = get($thread_file, 1);
}
if (isset($_POST['check'])){
if ($_POST['check'] === 'del'){
$past_image = $bbs_dir.'/file/'.$image_name;
if (file_exists($past_image)){
if (!empty($image_name)){
unlink($past_image);
}
}
$image_name = '';
$image_text = image_text($_FILES['image']['tmp_name']);
$image_file_type = vi_image_type($_FILES['image']['type']);
if (!empty($image_text) && !empty($image_file_type)){
if (in_array($image_file_type, $white_type_list) === false){
file_unlock('thread:'.$board.'-'.$thread);
form_die();
}
$image_name = mt_rand().'.'.$image_file_type;
$path = $bbs_dir.'/file/' .$image_name;
while (file_exists($path)){
$image_name = mt_rand().'.'.$image_file_type;
$path = $bbs_dir.'/file/'.$image_name;
}
file_put_contents($path, base64_decode($image_text), LOCK_EX);
}
}
}
$content = $content.s_image($image_name);
$thread_content = implode(PHP_EOL, get_rows($thread_file, 2));
$past_string = $edit_thread_row;
$new_string = L1(implode("'", [$thread_id_p, $name, $key, $date_p, $color, $content, $edit_pass]));
$string = $title.PHP_EOL.str_replace($past_string, $new_string, $thread_content).PHP_EOL;
file_put_contents($thread_file, $string, LOCK_EX);
//解除
file_unlock('thread:'.$board.'-'.$thread);
//転送
header("Location:./board.php?Board={$board}");
exit;
} else {
$output = $reason_passwd;
}
break;
default:
not_found();
break;
}
//長いswitch終わり
} else {
$output = $reason_session;
}
//認証結果
} else {
$output = $reason_session;
}
//トークン送信
}
//投稿
##########html開始
html_head('編集-', '', $d_root.'/sqlike/css/form/bbs.css', false);
if (isset($output)){
if (isset($p_view, $comment_array)){
if ($p_view === true){
$output = explode('{P}', $output);
echo $output[0];
view_comment($comment_array, '', '');
echo $output[1];
} else {
echo $output;
}
} else {
echo $output;
}
}
echo '<p><br><br></p>';
if (isset($meta)){
echo '<p>(<a href="/thread.php?Area='.$meta.'">戻る</a>)</p>';
}
$f = $d_root.'/sqlike/html/form/thread_edit.html';
if (file_exists($f)){
include $f;
}
if (isset($submit)){
if ($submit === 'editing_comment'){
html_foot($d_root.'/js/text_color.js', '');
exit;
}
}
html_foot('', '');
<?php
//直接アクセスしちゃだめ
require $d_root.'/hide_php/conf/c.php';
require $d_root.'/hide_php/conf/submit.php';
require $d_root.'/hide_php/conf/form.php';
require $d_root.'/hide_php/conf/bbs.php';
//画像処理
function image_text($image){
if (!empty($image)){
return base64_encode(file_get_contents($image));
} else {
return '';
}
}
function s_image($image_text){
if (!empty($image_text)){
return '{{'.$image_text.'}}';
} else {
return '';
}
}
function get_image($text){
global $d_root;
$w1 = '{{';
$w2 = '}}';
$d1 = strpos($text, $w1);
if ($d1 !== false){
$d2 = strpos($text, $w2);
if (($d2 !== false) and ($d2 > $d1)){
$d1_a = $d1 + 2;
$d2_a = $d2 - $d1 - 2;
$name = substr($text, $d1_a, $d2_a);
if ($name !== '.'){
if ((!empty($name)) && (file_exists($d_root.'/sqlike/bbs/file/'.$name))){
return $name;
} else {
return '';
}
} else {
return '';
}
} else {
return '';
}
} else {
return '';
}
}
function vi_image_type($image_file_type){
if (stripos($image_file_type, 'image/') === false){
return '';
} else {
$o = array('gif','png','jpeg','jpg','webp','ico');
foreach ($o as $t){
if (empty($t)){
return '';
}
if (stripos($image_file_type, $t) !== false){
return $t;
}
}
return '';
}
}
function get_owner_passwd($board){
global $d_root;
if ($board >= 200){
$board_file = $d_root.'/sqlike/bbs/user_board/'.$board.'.txt';
(file_exists($board_file)?$board_data = explode("'", get($board_file, 1)):exit);
list($board_title, $board_description, $board_content, $board_access_passwd, $board_edit_passwd) = $board_data;
return (string)$board_edit_passwd;
} else {
$keyfile = $d_root.'/sqlike/own/master_key.txt';
return pass((file_exists($keyfile)?get($keyfile, 1):exit));
}
}
function remove_images_from_thread($thread_file){
global $d_root;
$thread_content = file_get_contents($thread_file);
$thread_rows = explode(PHP_EOL, $thread_content);
foreach ($thread_rows as $row){
if (strpos($row, "'") === false){
continue;
}
$d = explode("'", $row);
$image_file = get_image($d[5]);
if (!empty($image_file)){
unlink($d_root.'/sqlike/bbs/file/'.$image_file);
}
}
}
$w = '-';
$bbs_dir = $d_root.'/sqlike/bbs';
$reason_session = '<h1>認証に失敗</h1>フォームの認証に失敗しました。<br><p>この画面が何度も表示される場合は、投稿フォームをリロードして下さい。</p>';
$reason_passwd = '<h1>照合エラー</h1>編集パスワードが間違っています。<br>';
//前提条件ここまで
//投稿した
if (isset($_POST['submit'])){
$submit = $_POST['submit'];
//認証
if (isset($_POST['session'])){
$session_num = h($_POST['session']);
if (isset($_POST['area'])){
$areas = $_POST['area'];
if (substr_count($areas, '#') === 1){
list($areas, $edit_num) = explode('#', $areas);
} elseif (isset($_POST['edit_num'])){
$edit_num = $_POST['edit_num'];
} else {
form_die();
}
if (empty($edit_num)){
form_die();
}
$meta = $areas;
//板とスレッドの検出-ここで定義しちゃおう
if (substr_count($meta, $w) === 1){
$area = explode($w, $meta);
$board = (int)$area[0];
$thread = (int)$area[1];
$areas = (string)$board.$w.(string)$thread;
} else {
$board = (int)substr($meta, 0, 1);
$thread = (int)substr($meta, 1);
$areas = (string)$board.(string)$thread;
}
//未指定と0はだ駄目
if (empty($board)){
form_die();
}
if (empty($thread)){
form_die();
}
$thread_file = $bbs_dir.'/'.$board.'/'.$thread.'.txt';
if (file_exists($thread_file) === false){
form_die();
}
if (empty(get($thread_file, $edit_num + 1))){
form_die();
}
} else {
form_die();
}
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
if (check_session($meta, $session_num, $url, false)){
//switch長いよ
switch ($submit){
case 'edit':
//セッションの代用
$session_num = one_time_pass(50, 100);
set_session($meta, $session_num);
(isset($_SESSION['edit_pass'])?$s_edit_pass=$_SESSION['edit_pass']:$s_edit_pass = '');
$output = '<h1>パスワードを入力</h1>
<form action="" method="POST">
<label>編集パスワード:<input type="text" name="edit_passwd" value="'.$s_edit_pass.'"></label>
 <button type="submit" name="submit" value="editing_comment" class="enter"> </button>
<input type="hidden" name="session" value="'.$session_num.'">
<input type="hidden" name="edit_num" value="'.$edit_num.'">
<input type="hidden" name="area" value="'.$areas.'">
<p><br></p>
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
</form><p><br></p><p><br></p><p><br></p>';
break;
case 'editing_comment':
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
$hashed = pass($edit_passwd);
//コメントを取得
$edit_thread_row = get($thread_file, $edit_num + 1);
if ($edit_thread_row === false){
exit;
}
$value = explode("'", $edit_thread_row);
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
$master_key = get_owner_passwd($board);
if ((not_empty($true_edit_pass) && ($hashed === $true_edit_pass)) || ($hashed === $master_key)){
//セッションの代用
$session_num = one_time_pass(50, 100);
set_session($meta, $session_num);
//1番目はタイトル編集も
if ((int)$edit_num === 1){
$append_form = '<p><label>タイトル<input type="text" name="title" value="'.get($thread_file, 1).'"></label></p>';
$append_form_1 = '<h3>危険</h3><p>以下の欄に「このスレッドを削除します」と入力すると、<strong>消滅します。</strong></p><p><label>確認<input type="text" name="kill_thread"></label></p>';
} else {
$append_form = '';
$append_form_1 = '';
}
if ($hashed === $master_key){
$notice = '<p><b class="color_bl">管理人</b>モードで編集しています。(本文がエスケープされません。「&lt」は「'.h('&lt').'」にする等の対策が必要です)</p>';
$comment_text = h(preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p)));
} else {
$notice = '<p><b class="color_bl">通常</b>モードで編集しています。(特に気をつけるポイントはありません)</p>';
$comment_text = preg_replace('/{{[0-9].*}}/', '', str_replace('<br>', PHP_EOL, $content_p));
}
//クッキー内容
$s_name = (isset($_COOKIE['name'])?$_COOKIE['name']:$name_p);
$s_key = (isset($_SESSION['key'])?$_SESSION['key']:'');
//文字色リスト
$color_option = '<div><p>文字色<br>';
$count = 0;
foreach ($color_list as $c){
$color_option = $color_option.'<label class="'.$c.'"><input type="radio" name="color" value="'.$c.'" id="'.$c.'"';
if ($color_p === $c){
$color_option = $color_option.' checked';
}
$color_option = $color_option.'>'.$color_name_list[$count].'</label> ';
++$count;
}
$color_option = $color_option.'</p></div>';
$comment_array = [$thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p];
$p_view = true;
$output = '<h1>内容を修正</h1>'.$notice.'<p>以下、もとの内容です。</p><hr>
{P}
<p><br></p>
<form action="" method="POST" enctype="multipart/form-data" id="form">
<h2>投稿内容を修正</h2>
<input type="hidden" name="area" value="'.$areas.'"><input type="hidden" name="session" value="'.$session_num.'">
<input type="hidden" name="edit_num" value="'.$edit_num.'"><input type="hidden" name="edit_passwd" value="'.h($edit_passwd).'">
<input type="hidden" name="past_file" value="'.get_image($content_p).'">'.$append_form.
'<p><label><b>名前</b><input type="text" name="name" value="'.h($s_name).'"></label><label>#トリップ<input type="text" name="key" value="'.h($s_key).'"></label></p>
<p><label><b>内容</b><br><textarea rows="8" cols="25" name="comment" class="'.$color_p.'" id="text">'.$comment_text.'</textarea></label></p>
'.$color_option.'
<p><label>編集パスワード<input type="text" name="edit_pass" value="'.$edit_passwd.'"></label></p>
<p><label><input type="checkbox" name="pass" value="change">名前、トリップ、パスワードを変更する</label></p>
<p style="float:right;"><button type="submit" name="submit" value="edited_comment" class="enter">編集完了</button></p>
<p><label class="file">画像を選択<input type="file" name="image" accept="image/*"></label></p>
<p><label><input type="checkbox" name="check" value="del">今の画像を削除するか上書きするか新規追加する</label></p>
<p><br></p>'.$append_form_1.'</form>
<p><br></p>
<a href="/thread.php?Area='.$areas.'#'.$edit_num.'">もどる</a>
<p><br></p>編集を完了すると<b>掲示板ページへ飛びます。</b><p><br></p>';
} else {
$output = $reason_passwd;
}
break;
case 'edited_comment':
(isset($_POST['edit_passwd'])?$edit_passwd=h($_POST['edit_passwd']):form_die());
//ファイルをロック
file_lock('thread:'.$board.'-'.$thread);
$edit_thread_row = get($thread_file, $edit_num + 1);
if ($edit_thread_row === false){
file_unlock('thread:'.$board.'-'.$thread);
exit;
}
$value = explode("'", $edit_thread_row);
list($thread_id_p, $name_p, $key_p, $date_p, $color_p, $content_p, $true_edit_pass) = $value;
$master_key = get_owner_passwd($board);
if ((not_empty($true_edit_pass) && (pass($edit_passwd) === $true_edit_pass)) || (pass($edit_passwd) === $master_key)){
(isset($_POST['comment'])?$content = $_POST['comment']:form_die());
(isset($_POST['color'])?$color = h($_POST['color']):form_die());
(isset($_POST['past_file'])?$image_name = h($_POST['past_file']):form_die());
if (in_array($color, $color_list) === false){
form_die();
}
//種別
if (pass($edit_passwd) === get_owner_passwd($board)){
$content = str_replace("'", h("'"), L1(nl2br($content, false)));
} else {
$content = p($content);
}
if (!not_empty($content)){
$content = rand_comment();
}
$edit_pass = $true_edit_pass;
$name = $name_p;
$key = $key_p;
if (isset($_POST['pass'])){
if ($_POST['pass'] === 'change'){
(isset($_POST['edit_pass'])?$edit_pass = pass(h($_POST['edit_pass'])):form_die());
if (isset($_POST['name'])){
if ((not_empty($_POST['name'])) && (strlen($name) < 100)){
$name = h($_POST['name']);
}
} else {
form_die();
}
(isset($_POST['key'])?$key = t_key($name, h($_POST['key'])):form_die());
}
}
if ((int)$edit_num === 1){
(isset($_POST['title'])?$title = h($_POST['title']):form_die());
(isset($_POST['kill_thread'])?$kill_thread = $_POST['kill_thread']:form_die());
##危険地帯
if ($kill_thread === 'このスレッドを削除します'){
remove_images_from_thread($thread_file);
unlink($thread_file);
//ここでロック解除
file_unlock('thread:'.$board.'-'.$thread);
header("Location:/board.php?Board={$board}");
exit;
}
if (!not_empty($title)){
$title = get($thread_file, 1);
}
} else {
$title = get($thread_file, 1);
}
if (isset($_POST['check'])){
if ($_POST['check'] === 'del'){
$past_image = $bbs_dir.'/file/'.$image_name;
if (file_exists($past_image)){
if (!empty($image_name)){
unlink($past_image);
}
}
$image_name = '';
$image_text = image_text($_FILES['image']['tmp_name']);
$image_file_type = vi_image_type($_FILES['image']['type']);
if (!empty($image_text) && !empty($image_file_type)){
if (in_array($image_file_type, $white_type_list) === false){
file_unlock('thread:'.$board.'-'.$thread);
form_die();
}
$image_name = mt_rand().'.'.$image_file_type;
$path = $bbs_dir.'/file/' .$image_name;
while (file_exists($path)){
$image_name = mt_rand().'.'.$image_file_type;
$path = $bbs_dir.'/file/'.$image_name;
}
file_put_contents($path, base64_decode($image_text), LOCK_EX);
}
}
}
$content = $content.s_image($image_name);
$thread_content = implode(PHP_EOL, get_rows($thread_file, 2));
$past_string = $edit_thread_row;
$new_string = L1(implode("'", [$thread_id_p, $name, $key, $date_p, $color, $content, $edit_pass]));
$string = $title.PHP_EOL.str_replace($past_string, $new_string, $thread_content).PHP_EOL;
file_put_contents($thread_file, $string, LOCK_EX);
//解除
file_unlock('thread:'.$board.'-'.$thread);
//転送
header("Location:./board.php?Board={$board}");
exit;
} else {
$output = $reason_passwd;
}
break;
default:
not_found();
break;
}
//長いswitch終わり
} else {
$output = $reason_session;
}
//認証結果
} else {
$output = $reason_session;
}
//トークン送信
}
//投稿
##########html開始
html_head('編集-', '', $d_root.'/sqlike/css/form/bbs.css', false);
if (isset($output)){
if (isset($p_view, $comment_array)){
if ($p_view === true){
$output = explode('{P}', $output);
echo $output[0];
view_comment($comment_array, '', '');
echo $output[1];
} else {
echo $output;
}
} else {
echo $output;
}
}
echo '<p><br><br></p>';
if (isset($meta)){
echo '<p>(<a href="/thread.php?Area='.$meta.'">戻る</a>)</p>';
}
$f = $d_root.'/sqlike/html/form/thread_edit.html';
if (file_exists($f)){
include $f;
}
if (isset($submit)){
if ($submit === 'editing_comment'){
html_foot($d_root.'/js/text_color.js', '');
exit;
}
}
html_foot('', '');

95
hide_php/login.php
ファイルの表示

@ -1,47 +1,48 @@
<?php
//直接アクセスしちゃだめ
require $d_root.'/hide_php/conf/c.php';
require $d_root.'/hide_php/conf/submit.php';
require $d_root.'/hide_php/conf/form.php';
//定義
if (isset($_GET['Board'])){
$board = (int)$_GET['Board'];
} else {
not_found();
}
if ($board === 0){
not_found();
}
if (isset($_POST['session_num'], $_POST['access_passwd'])){
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
if (check_session('login', $_POST['session_num'], $url, true)){
setcookie('login:'.$board, s_pass_e(h($_POST['access_passwd'])), ['expires' => time() + 9999, 'path' => '/', 'samesite' => 'Strict']);
header('Location:./board.php?Board='.$board);
exit;
}
}
$session_num = one_time_pass(50, 100);
set_session('login', $session_num);
######html開始
html_head('ログイン-', '', '', false);
echo '<h1>ログイン</h1>';
echo '<form action="" method="POST">
<input type="hidden" name="session_num" value="'.$session_num.'">
<p><label><b>アクセスパスワード</b><input type="text" name="access_passwd" style="background:#fff;color:#111;width:40%;font-size:1em;height:1.4em;"></label><button type="submit" style="background:#eef;padding:.3em;">ログイン</button></p>
</form>';
html_foot('', '');
<?php
//直接アクセスしちゃだめ
require $d_root.'/hide_php/conf/c.php';
require $d_root.'/hide_php/conf/submit.php';
require $d_root.'/hide_php/conf/form.php';
session_start();
//定義
if (isset($_GET['Board'])){
$board = (int)$_GET['Board'];
} else {
not_found();
}
if ($board === 0){
not_found();
}
if (isset($_POST['session_num'], $_POST['access_passwd'])){
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
if (check_session('login', $_POST['session_num'], $url, true)){
$_SESSION['login:'.$board] = pass(h($_POST['access_passwd']));
header('Location:./board.php?Board='.$board);
exit;
}
}
$session_num = one_time_pass(50, 100);
set_session('login', $session_num);
######html開始
html_head('ログイン-', '', $d_root.'/sqlike/css/form/bbs.css', false);
echo '<h1>ログイン</h1>';
echo '<form action="" method="POST">
<input type="hidden" name="session_num" value="'.$session_num.'">
<p><label><b>アクセスパスワード</b><input type="text" name="access_passwd"></label><button type="submit" style="background:#eef;padding:.3em;">ログイン</button></p>
</form>';
html_foot('', '');

2
hide_php/mkboard.php
ファイルの表示

@ -164,7 +164,7 @@ $output = '<h1>プレビュー</h1><p>以下の内容で板を作成します。
case 'edit':
(isset($_POST['board'])?$board=(int)$_POST['board']:form_die());
$s_edit_pass=(isset($_COOKIE['edit_pass'])?s_pass_d($_COOKIE['edit_pass']):'');
$s_edit_pass=(isset($_SESSION['edit_pass'])?$_SESSION['edit_pass']:'');
//セッションの代用
$session_num = one_time_pass(50, 100);