Git-Admin/DevWeb
2
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Initial commit - Release v1.0

Browse Source
This commit is contained in:
Git-Admin
2026-01-13 11:36:51 +00:00
commit 5f8fe438f9
3 changed files with 172 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
index.php Executable file
View File

@@ -0,0 +1,116 @@
<?php
session_start();
// On charge la config externe
require_once 'db_config.php';
// Connexion avec les variables du fichier de config
$conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
$msg = "";
// On vérifie que le formulaire est envoyé
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['content'])) {
// 1. Vérification du Timer (1 minute)
if (isset($_SESSION['last_post_time']) && (time() - $_SESSION['last_post_time'] < 60)) {
$msg = "Erreur : Vous devez attendre 1 minute entre chaque post.";
} else {
$content = htmlspecialchars($_POST['content']);
$ip = $_SERVER['REMOTE_ADDR'];
$target_file = NULL; // Par défaut, pas d'image
$process_sql = true;
// LOGIQUE IMAGE FACULTATIVE
if (!empty($_FILES["fileToUpload"]["name"])) {
$target_dir = "uploads/";
$filename = basename($_FILES["fileToUpload"]["name"]);
// Nettoyage du nom de fichier
$filename = preg_replace("/[^a-zA-Z0-9.]/", "", $filename);
$target_file_path = $target_dir . time() . "_" . $filename;
$imageFileType = strtolower(pathinfo($target_file_path, PATHINFO_EXTENSION));
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
$msg = "Erreur : Seuls les fichiers JPG, JPEG, PNG sont autorisés.";
$process_sql = false;
}
elseif (!move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file_path)) {
$msg = "Erreur technique upload (Permissions ?).";
$process_sql = false;
} else {
$target_file = $target_file_path;
}
}
// INSERTION BDD
if ($process_sql) {
$stmt = $conn->prepare("INSERT INTO posts (content, image_path, ip_address) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $content, $target_file, $ip);
if ($stmt->execute()) {
$_SESSION['last_post_time'] = time();
$msg = "Message posté avec succès !";
} else {
$msg = "Erreur SQL."; // On évite d'afficher l'erreur précise aux utilisateurs
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Mini Forum CTF</title>
<style>
body { font-family: sans-serif; max-width: 800px; margin: auto; padding: 20px; }
.post { border: 1px solid #ccc; padding: 10px; margin-bottom: 10px; background: #f9f9f9; }
.meta { color: #555; font-size: 0.9em; }
img { max-width: 200px; display: block; margin-top: 10px; }
.menu { margin-bottom: 20px; padding: 10px; background: #eee; }
.alert { color: red; font-weight: bold; }
</style>
</head>
<body>
<div class="menu">
<a href="index.php">Accueil (Forum)</a> |
<a href="login.php">Espace Admin (Flag)</a>
</div>
<h1>Bienvenue sur le Dev Web</h1>
<?php if($msg) echo "<p class='alert'>$msg</p>"; ?>
<div style="border: 2px solid #333; padding: 15px;">
<h3>Poster un message</h3>
<form action="index.php" method="post" enctype="multipart/form-data">
<textarea name="content" rows="4" cols="50" required placeholder="Votre message..."></textarea><br><br>
Image (JPG/PNG, Min 2Mo possible) : <input type="file" name="fileToUpload"<br><br>
<input type="submit" value="Envoyer">
</form>
</div>
<hr>
<h2>Derniers messages</h2>
<?php
$sql = "SELECT * FROM posts ORDER BY id DESC";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<div class='post'>";
echo "<div class='meta'>Posté par IP: <strong>" . $row["ip_address"] . "</strong> le " . $row["created_at"] . "</div>";
echo "<p>" . nl2br($row["content"]) . "</p>";
if ($row["image_path"]) {
echo "<img src='" . $row["image_path"] . "' alt='Image user'>";
}
echo "</div>";
}
} else {
echo "Aucun message pour le moment.";
}
?>
</body>
</html>