TildeClub
/
site
mirror of https://github.com/tildeclub/site.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create index.php

This commit is contained in:
deepend-tildeclub 2023-09-03 19:12:47 -06:00 committed by GitHub
parent 88215c5320
commit ac9a03aebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
guestbook/index.php Normal file
View File

@ -0,0 +1,91 @@
<?php
declare(strict_types=1);
// Get the username and theme from the URL
$username = $_GET['user'] ?? 'default';
$theme = $_GET['theme'] ?? 'default';
// Check if the referrer matches the expected pattern for the user
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$expectedPattern = "/https?:\/\/tilde\.club\/~" . preg_quote($username, '/') . "\//";
if (!preg_match($expectedPattern, $referrer)) {
die("Access denied: Invalid referrer.");
}
try {
$db = new PDO('sqlite:./guestbook.db');
// Set error mode to exceptions
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Check if the guestbook table exists
$tableCheck = $db->query("SELECT name FROM sqlite_master WHERE type='table' AND name='guestbook'")->fetch();
// If the table doesn't exist, create it
if (!$tableCheck) {
$query = "CREATE TABLE guestbook (id INTEGER PRIMARY KEY, username TEXT, name TEXT, email TEXT, message TEXT)";
$db->exec($query);
}
$username = filter_var($username, FILTER_SANITIZE_STRING);
if (isset($_POST['name'], $_POST['email'], $_POST['message'])) {
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$email = filter_var($_POST['email'], FILTER_SANITIZE_STRING);
$message = filter_var($_POST['message'], FILTER_SANITIZE_STRING);
$stmt = $db->prepare("INSERT INTO guestbook (username, name, email, message) VALUES (:username, :name, :email, :message)");
$stmt->execute([':username' => $username, ':name' => $name, ':email' => $email, ':message' => $message]);
}
$stmt = $db->prepare("SELECT * FROM guestbook WHERE username = :username ORDER BY id DESC");
$stmt->execute([':username' => $username]);
$entries = $stmt->fetchAll();
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Welcome to <?= htmlspecialchars($username) ?>'s Guestbook!</title>
<?php
if ($theme !== 'default') {
echo '<link rel="stylesheet" href="' . ($_SERVER['HTTPS'] ? 'https' : 'http') . '://tilde.club/~' . htmlspecialchars($username) . '/' . htmlspecialchars($theme) . '.css">';
} else {
// Default theme
echo '<link rel="stylesheet" href="https://tilde.club/guestbook/default.css">';
}
?>
</head>
<body>
<h1 align="center">Welcome to <?= htmlspecialchars($username) ?>'s Guestbook!</h1>
<p>Please leave a message below to let us know what you think of our page.</p>
<form action="index.php?user=<?= htmlspecialchars($username) ?>&theme=<?= htmlspecialchars($theme) ?>" method="post">
<p>Name: <input type="text" name="name" size="30"></p>
<p>Email: <input type="text" name="email" size="30"></p>
<p>Message:</p>
<p><textarea name="message" rows="6" cols="50"></textarea></p>
<p><input type="submit" value="Submit"></p>
</form>
<h2>Guestbook Entries</h2>
<div class="entries">
<?php
if ($entries) {
foreach ($entries as $entry) {
echo '<div class="entry">';
echo '<h3>' . htmlspecialchars($entry['name']) . ' <span>(' . htmlspecialchars($entry['email']) . ')</span></h3>';
echo '<p>' . htmlspecialchars($entry['message']) . '</p>';
echo '</div>';
}
} else {
echo '<p>No guestbook entries were found for ' . htmlspecialchars($username) . '.</p>';
}
?>
</div>
</body>
</html>