469 行
15 KiB
PHP
469 行
15 KiB
PHP
<?php
|
||
//直接アクセスしちゃだめ
|
||
#エスケープ規定: 保存時はエスケープ、クッキーは表示時にエスケープ
|
||
#順番待ち規定: スレッド、スレッド作成、板編集の順番で優先する
|
||
|
||
require $d_root.'/hide_php/conf/c.php';
|
||
require $d_root.'/hide_php/conf/submit.php';
|
||
require $d_root.'/hide_php/conf/form.php';
|
||
require $d_root.'/hide_php/conf/bbs.php';
|
||
|
||
function image_text($image){
|
||
if (empty($image)){
|
||
return '';
|
||
} else {
|
||
return base64_encode(file_get_contents($image));
|
||
}
|
||
}
|
||
function vi($image_text, $type){
|
||
if (empty($image_text)){
|
||
return '';
|
||
} else {
|
||
return '<img src="data:image/'.$type.';base64,'.$image_text.'" alt="添付画像">';
|
||
}
|
||
}
|
||
function vi_image_type($image_file_type, $white_type_list){
|
||
if (stripos($image_file_type, 'image/') === false){
|
||
return '';
|
||
} else {
|
||
foreach ($white_type_list as $t){
|
||
if (empty($t)){
|
||
return '';
|
||
}
|
||
if (stripos($image_file_type, $t) !== false){
|
||
return $t;
|
||
}
|
||
}
|
||
return '';
|
||
}
|
||
}
|
||
|
||
$date = date('Y年m月d日 H時i分');
|
||
$w = '-';
|
||
$bbs_dir = $d_root.'/sqlike/bbs';
|
||
|
||
$reason_session = '<h1>認証に失敗</h1><p>フォームの認証に失敗しました。大変申し訳ございませんが、このエラーの場合は<b>入力内容が保存されない</b>場合がございます。</p><p>この画面が何度も表示される場合は、投稿フォームをリロードして下さい。</p>';
|
||
$reason_input = '<h1>入力ミス</h1><p>未入力の項目があります。(タイトル)と名前とコメントは必須です。</p>';
|
||
$reason_limit = '<h1>文字数制限</h1><p>名前の文字数に関するエラーがあります。名前を<b>20文字以下</b>にして下さい。</p>';
|
||
//前提条件ここまで
|
||
|
||
|
||
|
||
|
||
//投稿した
|
||
if (isset($_POST['submit'])){
|
||
$submit = $_POST['submit'];
|
||
|
||
//認証
|
||
if (isset($_POST['session_num'])){
|
||
$session_num = h($_POST['session_num']);
|
||
|
||
if (isset($_POST['board'])){
|
||
$meta = h($_POST['board']);
|
||
if (is_dir($bbs_dir.'/'.$meta) === false){
|
||
form_die();
|
||
}
|
||
|
||
} else {
|
||
|
||
if (isset($_POST['area'])){
|
||
$meta = $_POST['area'];
|
||
//板とスレッドの検出-ここで定義しちゃおう
|
||
if (substr_count($meta, $w) === 1){
|
||
$area = explode($w, $meta);
|
||
$board = (int)$area[0];
|
||
$thread = (int)$area[1];
|
||
$meta = (string)$board.$w.(string)$thread;
|
||
} else {
|
||
$board = (int)substr($meta, 0, 1);
|
||
$thread = (int)substr($meta, 1);
|
||
$meta = (string)$board.(string)$thread;
|
||
}
|
||
//未指定と0はだ駄目
|
||
if (empty($board)){
|
||
form_die();
|
||
}
|
||
if (empty($thread)){
|
||
form_die();
|
||
}
|
||
$thread_file = $bbs_dir.'/'.$board.'/'.$thread.'.txt';
|
||
if (file_exists($thread_file) === false){
|
||
form_die();
|
||
}
|
||
|
||
} else {
|
||
form_die();
|
||
}
|
||
}
|
||
$url = (isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'unset');
|
||
if (check_session($meta, $session_num, $url, false)){
|
||
|
||
|
||
//switch長いよ
|
||
switch ($submit){
|
||
case 'make_thread_view':
|
||
(isset($_POST['board'])?$board=(int)$_POST['board']:form_die());
|
||
(isset($_POST['title'])?$title=$_POST['title']:form_die());
|
||
(isset($_POST['name'])?$name=$_POST['name']:form_die());
|
||
(isset($_POST['key'])?$key=$_POST['key']:form_die());
|
||
(isset($_POST['comment'])?$content=$_POST['comment']:form_die());
|
||
(isset($_POST['color'])?$color=$_POST['color']:form_die());
|
||
(isset($_POST['edit_pass'])?$edit_pass=$_POST['edit_pass']:form_die());
|
||
(isset($_FILES['image']['tmp_name'])?$image_text=image_text($_FILES['image']['tmp_name']):form_die());
|
||
|
||
if (in_array($color, $color_list, true) === false){
|
||
form_die();
|
||
}
|
||
|
||
|
||
//トリップとパスワードは暗号化
|
||
$limit = time() + 9999999;
|
||
$path = '/';
|
||
setcookie('name', $name, $limit, $path);
|
||
$_SESSION['key'] = $key;
|
||
$_SESSION['edit_pass'] = $edit_pass;
|
||
setcookie('color', $color, $limit, $path);
|
||
setcookie("comment:{$board}", $content, $limit, $path);
|
||
setcookie("title:{$board}", $title, $limit, $path);
|
||
|
||
if (not_empty($name) && not_empty($title)){
|
||
if (strlen($name) < 100){
|
||
|
||
if (!not_empty($content)){
|
||
$content = rand_comment();
|
||
}
|
||
|
||
if (empty($image_text)){
|
||
$image_file_type = '';
|
||
} else {
|
||
$image_file_type = vi_image_type($_FILES['image']['type'], $white_type_list);
|
||
if (empty($image_file_type)){
|
||
$image_text = '';
|
||
}
|
||
}
|
||
|
||
if (!not_empty($key) || !not_empty($edit_pass)){
|
||
$warning = '<strong style="background:#222;" class="color_p">注意: パスワードまたはトリップキーがありません。</strong><br>';
|
||
} else {
|
||
$warning = '';
|
||
}
|
||
|
||
//セッションの代用
|
||
$session_num = one_time_pass(50, 100);
|
||
set_session($meta, $session_num);
|
||
|
||
$comment_array = ['1', h($name), t_key(h($name), h($key)), $date, $color, p($content).vi($image_text, $image_file_type).'<br><b style="float:right;background:#000;color:#fff;">編集パスワード:「'.h($edit_pass).'」</b>'];
|
||
$p_view = true;
|
||
|
||
$output = [
|
||
'<p>貴方は新しくスレッドを<b class="color_bl">作成</b>しようとしています。</p><hr><h1>'.h($title).'</h1>',
|
||
'<p><br></p><p>'.$warning.'このように表示されます。よれしければ作成ボタンを押して下さい。</p><p><br></p>
|
||
<form action="" method="POST">
|
||
<input type="hidden" name="board" value="'.$board.'">
|
||
<input type="hidden" name="session_num" value="'.$session_num.'">
|
||
<input type="hidden" name="title" value="'.h($title).'">
|
||
<input type="hidden" name="name" value="'.h($name).'">
|
||
<input type="hidden" name="key" value="'.h($key).'">
|
||
<input type="hidden" name="comment" value="'.h($content).'">
|
||
<input type="hidden" name="image" value="'.$image_text.'">
|
||
<input type="hidden" name="image_file_type" value="'.$image_file_type.'">
|
||
<input type="hidden" name="color" value="'.$color.'">
|
||
<input type="hidden" name="edit_pass" value="'.h($edit_pass).'">
|
||
<p class="c"><a href="/board.php?Board='.$board.'#form" class="enter">もどる</a> <button type="submit" name="submit" value="make_thread_post" class="enter">作 成</button></p>
|
||
</form><p><br></p><p>作成すると<b>掲示板ページへ飛びます。</b>成功していればスレッド一覧の最上部に貴方が作成したスレッドが表示されています。</p>'
|
||
];
|
||
} else {
|
||
$output = $reason_limit;
|
||
}
|
||
} else {
|
||
$output = $reason_input;
|
||
}
|
||
break;
|
||
|
||
|
||
|
||
case 'make_thread_post':
|
||
(isset($_POST['board'])?$board=(int)$_POST['board']:form_die());
|
||
(isset($_POST['title'])?$title=h($_POST['title']):form_die());
|
||
(isset($_POST['name'])?$name = h($_POST['name']):form_die());
|
||
(isset($_POST['key'])?$key=h($_POST['key']):form_die());
|
||
(isset($_POST['comment'])?$content=p($_POST['comment']):form_die());
|
||
(isset($_POST['color'])?$color=h($_POST['color']):form_die());
|
||
(isset($_POST['edit_pass'])?$edit_pass=h($_POST['edit_pass']):form_die());
|
||
(isset($_POST['image'])?$image_text=$_POST['image']:form_die());
|
||
(isset($_POST['image_file_type'])?$image_file_type=$_POST['image_file_type']:form_die());
|
||
|
||
if (in_array($color, $color_list, true) === false){
|
||
form_die();
|
||
}
|
||
|
||
if (!not_empty($name) || !not_empty($title)){
|
||
form_die();
|
||
}
|
||
if (strlen($name) >= 100){
|
||
form_die();
|
||
}
|
||
|
||
//画像アップロード
|
||
if (!empty($image_text) && !empty($image_file_type)){
|
||
if (in_array($image_file_type, $white_type_list, true) === false){
|
||
form_die();
|
||
}
|
||
$image_name = mt_rand().'.'.$image_file_type;
|
||
$path = $bbs_dir.'/file/'.$image_name;
|
||
while (file_exists($path)){
|
||
$image_name = mt_rand().'.'.$image_file_type;
|
||
$path = $bbs_dir.'/file/'.$image_name;
|
||
}
|
||
$upload_image = file_put_contents($path, base64_decode($image_text), LOCK_EX);
|
||
$content = $content.'{{'.$image_name.'}}';
|
||
}
|
||
|
||
//板をロック
|
||
file_lock('make_thread:'.$board);
|
||
//板が消された場合
|
||
if (!file_exists($bbs_dir.'/'.$board)){
|
||
if (isset($upload_image)){
|
||
if ($upload_image !== false){
|
||
unlink($path);
|
||
}
|
||
}
|
||
file_unlock('make_thread:'.$board);
|
||
not_found();
|
||
}
|
||
|
||
//スレッドの最大番号
|
||
$max_thread_id = 0;
|
||
$thread_files = scandir($bbs_dir.'/'.$board);
|
||
foreach ($thread_files as $thread_file){
|
||
if (substr($thread_file, 0, 1) === '.'){
|
||
continue;
|
||
}
|
||
if (preg_match('/^[0-9]+\.txt/', $thread_file) === 1){
|
||
$thread_id = (int)str_replace('.txt', '', $thread_file);
|
||
if ($thread_id > $max_thread_id){
|
||
$max_thread_id = $thread_id;
|
||
}
|
||
}
|
||
}
|
||
|
||
//新規ファイル
|
||
$thread_id = $max_thread_id + 1;
|
||
$thread_file = $bbs_dir.'/'.$board.'/'.$thread_id.'.txt';
|
||
|
||
//パスワードはハシッシュ化
|
||
$string = $title.PHP_EOL.L1(implode("'", ['1', $name, t_key($name, $key), $date, $color, $content, pass($edit_pass)])).PHP_EOL;
|
||
file_put_contents($thread_file, $string, LOCK_EX);
|
||
chmod($thread_file, 0600);
|
||
|
||
//ロック解除
|
||
file_unlock('make_thread:'.$board);
|
||
|
||
bbs_post_count($name, $key);
|
||
|
||
$limit = time() + 60;
|
||
$path = '/';
|
||
setcookie("title:{$board}", '', $limit, $path);
|
||
setcookie("comment:{$board}", '', $limit, $path);
|
||
header("Location:./board.php?Board={$board}");
|
||
exit;
|
||
break;
|
||
|
||
|
||
case 'comment_thread_view':
|
||
if (!isset($board, $thread)){
|
||
form_die();
|
||
}
|
||
(isset($_POST['name'])?$name=$_POST['name']:form_die());
|
||
(isset($_POST['key'])?$key=$_POST['key']:form_die());
|
||
(isset($_POST['rep'])?$rep=h($_POST['rep']):form_die());
|
||
(isset($_POST['comment'])?$content=$_POST['comment']:form_die());
|
||
(isset($_POST['color'])?$color=$_POST['color']:form_die());
|
||
(isset($_POST['edit_pass'])?$edit_pass=$_POST['edit_pass']:form_die());
|
||
(isset($_FILES['image']['tmp_name'])?$image_text=image_text($_FILES['image']['tmp_name']):form_die());
|
||
if (in_array($color, $color_list, true) === false){
|
||
form_die();
|
||
}
|
||
|
||
if (!empty($rep)){
|
||
$content = '>>'.$rep.PHP_EOL.$content;
|
||
}
|
||
|
||
$limit = time() + 9990999;
|
||
$path = '/';
|
||
setcookie('name', $name, $limit, $path);
|
||
$_SESSION['key'] = $key;
|
||
$_SESSION['edit_pass'] = $edit_pass;
|
||
setcookie('color', $color, $limit, $path);
|
||
setcookie("comment:{$board}-{$thread}", $content, $limit, $path);
|
||
|
||
if (not_empty($name)){
|
||
if (strlen($name) < 100){
|
||
|
||
if (!not_empty($content)){
|
||
$content = rand_comment();
|
||
}
|
||
|
||
if (empty($image_text)){
|
||
$image_file_type = '';
|
||
} else {
|
||
$image_file_type = vi_image_type($_FILES['image']['type'], $white_type_list);
|
||
if (empty($image_file_type)){
|
||
$image_text = '';
|
||
}
|
||
}
|
||
|
||
if (!not_empty($key) || !not_empty($edit_pass)){
|
||
$warning = '<strong style="background:#222;" class="color_p">注意: パスワードまたはトリップキーがありません。</strong><br>';
|
||
} else {
|
||
$warning = '';
|
||
}
|
||
|
||
//セッションの代用
|
||
$session_num = one_time_pass(50, 100);
|
||
set_session($meta, $session_num);
|
||
|
||
$comment_array = ['', h($name), t_key(h($name), h($key)), $date, $color, p($content).vi($image_text, $image_file_type).'<br><b style="float:right;background:#000;color:#fff;">編集パスワード:「'.h($edit_pass).'」</b>'];
|
||
$p_view = true;
|
||
|
||
$output = [
|
||
'<p>貴方はスレッド「<b class="color_bl">'.get($thread_file, 1).'</b>」に投稿しようとしています。</p><hr><h1>プレビュー</h1>',
|
||
'<p><br></p><p>'.$warning.'このように表示されます。よろしいでしょうか。</p><p><br></p><p><br></p>
|
||
<form action="" method="POST">
|
||
<input type="hidden" name="area" value="'.h($meta).'">
|
||
<input type="hidden" name="session_num" value="'.$session_num.'">
|
||
<input type="hidden" name="name" value="'.h($name).'">
|
||
<input type="hidden" name="key" value="'.h($key).'">
|
||
<input type="hidden" name="comment" value="'.h($content).'">
|
||
<input type="hidden" name="image" value="'.$image_text.'">
|
||
<input type="hidden" name="image_file_type" value="'.$image_file_type.'">
|
||
<input type="hidden" name="color" value="'.h($color).'">
|
||
<input type="hidden" name="edit_pass" value="'.h($edit_pass).'">
|
||
<p class="c"><a href="/thread.php?Area='.$meta.'#form" class="enter">もどる</a> <button type="submit" name="submit" value="comment_thread_post" class="enter">投 稿</button></p>
|
||
</form><p><br></p><p>投稿すると<b>掲示板ページへ飛びます。</b>成功していればスレッド一覧の最上部に貴方が投稿したスレッドが表示されています。</p><p><br></p><p><br></p>'
|
||
];
|
||
} else {
|
||
$output = $reason_limit;
|
||
}
|
||
} else {
|
||
$output = $reason_input;
|
||
}
|
||
break;
|
||
|
||
|
||
|
||
case 'comment_thread_post':
|
||
if (!isset($board, $thread)){
|
||
form_die();
|
||
}
|
||
(isset($_POST['name'])?$name=h($_POST['name']):form_die());
|
||
(isset($_POST['key'])?$key=h($_POST['key']):form_die());
|
||
(isset($_POST['comment'])?$content=p($_POST['comment']):form_die());
|
||
(isset($_POST['color'])?$color=$_POST['color']:form_die());
|
||
(isset($_POST['edit_pass'])?$edit_pass=h($_POST['edit_pass']):form_die());
|
||
(isset($_POST['image'])?$image_text=$_POST['image']:form_die());
|
||
(isset($_POST['image_file_type'])?$image_file_type=$_POST['image_file_type']:form_die());
|
||
if (in_array($color, $color_list, true) === false){
|
||
form_die();
|
||
}
|
||
|
||
if (!not_empty($name)){
|
||
form_die();
|
||
}
|
||
if (strlen($name) >= 100){
|
||
form_die();
|
||
}
|
||
|
||
//画像アップロード
|
||
if (!empty($image_text) && !empty($image_file_type)){
|
||
if (in_array($image_file_type, $white_type_list, true) === false){
|
||
form_die();
|
||
}
|
||
$image_name = mt_rand().'.'.$image_file_type;
|
||
$path = $bbs_dir.'/file/'.$image_name;
|
||
while (file_exists($path)){
|
||
$image_name = mt_rand().'.'.$image_file_type;
|
||
$path = $bbs_dir.'/file/'.$image_name;
|
||
}
|
||
$upload_image = file_put_contents($path, base64_decode($image_text), LOCK_EX);
|
||
$content = $content.'{{'.$image_name.'}}';
|
||
}
|
||
|
||
|
||
//ファイルをロック
|
||
file_lock('thread:'.$board.'-'.$thread);
|
||
|
||
if (!file_exists($thread_file)){
|
||
//板やスレッドが消された場合
|
||
if (isset($upload_image)){
|
||
if ($upload_image !== false){
|
||
unlink($path);
|
||
}
|
||
}
|
||
file_unlock('thread:'.$board.'-'.$thread);
|
||
not_found();
|
||
}
|
||
$thread_content = file_get_contents($thread_file);
|
||
|
||
//行がもとから一行多いので注意 (+1する必要はありません)
|
||
$comment_id = substr_count($thread_content, PHP_EOL);
|
||
|
||
//スレッド投稿 パスワードはハッシュ化
|
||
$string = L1(implode("'", [$comment_id, $name, t_key($name, $key), $date, $color, $content, pass($edit_pass)])).PHP_EOL;
|
||
file_put_contents($thread_file, $string, FILE_APPEND | LOCK_EX);
|
||
|
||
file_unlock('thread:'.$board.'-'.$thread);
|
||
//ロック解除
|
||
|
||
bbs_post_count($name, $key);
|
||
|
||
$limit = time() + 60;
|
||
$path = '/';
|
||
setcookie("comment:{$board}-{$thread}", '', $limit, $path);
|
||
|
||
//転送
|
||
header("Location:/board.php?Board={$board}");
|
||
exit;
|
||
break;
|
||
|
||
default:
|
||
not_found();
|
||
break;
|
||
}
|
||
//長いswitch終わり
|
||
|
||
} else {
|
||
$output = $reason_session;
|
||
}
|
||
//認証結果
|
||
|
||
} else {
|
||
$output = $reason_session;
|
||
}
|
||
//トークン送信
|
||
|
||
}
|
||
//投稿
|
||
|
||
|
||
|
||
|
||
##############html開始
|
||
html_head('書き込み-', '', $d_root.'/sqlike/css/form/bbs.css', false);
|
||
if (isset($output)){
|
||
if (isset($p_view, $comment_array) && ($p_view === true)){
|
||
echo $output[0];
|
||
view_comment($comment_array, '', '');
|
||
echo $output[1];
|
||
} else {
|
||
echo $output;
|
||
}
|
||
}
|
||
echo '<p><br></p><p>トリップキーやパスワードの記入漏れに注意して下さい。それらは通常、フォーカスしなければ表示されませんので投稿時は入力を確認して下さい。(入力欄をクリックして下さい)</p><p><br><br></p>';
|
||
if (isset($board, $thread)){
|
||
echo '<p>(<a href="/thread.php?Area='.$meta.'#form">戻る</a>)</p>';
|
||
} elseif (isset($board)){
|
||
echo '<p>(<a href="/board.php?Board='.$board.'#form">戻る</a>)</p>';
|
||
}
|
||
html_foot('', '');
|