From d76512718942b390faeb693c7a97af6c1e7bc695 Mon Sep 17 00:00:00 2001
From: Git-Admin <admin@ctf.arrobe.fr>
Date: Mon, 12 Jan 2026 22:49:29 +0000
Subject: [PATCH] Initial commit forum

---
 .env                  |   2 +
 .gitignore            |   3 ++
 db_config.example.php |   9 ++++
 index.php             | 116 +++++++++++++++++++++++++++++++++++++++++
 index.php.bak         | 118 ++++++++++++++++++++++++++++++++++++++++++
 login.php             |  53 +++++++++++++++++++
 login.php.bak         |  55 ++++++++++++++++++++
 7 files changed, 356 insertions(+)
 create mode 100755 .env
 create mode 100755 .gitignore
 create mode 100755 db_config.example.php
 create mode 100755 index.php
 create mode 100755 index.php.bak
 create mode 100755 login.php
 create mode 100755 login.php.bak

diff --git a/.env b/.env
new file mode 100755
index 0000000..041bdb4
--- /dev/null
+++ b/.env
@@ -0,0 +1,2 @@
+ADMIN_USER=lmao
+ADMIN_PASS=F^!3'?1^MTzKTcV%dHVh'|;Am
diff --git a/.gitignore b/.gitignore
new file mode 100755
index 0000000..eb72aa1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+uploads/*
+!uploads/.gitkeep
+db_config.php
diff --git a/db_config.example.php b/db_config.example.php
new file mode 100755
index 0000000..a308101
--- /dev/null
+++ b/db_config.example.php
@@ -0,0 +1,9 @@
+<?php
+$db_host = "127.0.0.1";
+$db_user = "root";
+$db_pass = "password";
+$db_name = "dev_forum";
+$admin_user = "admin";
+$admin_pass = "password";
+$flag_dev_web = "{CTFM1:TuPensesVraimentQueC'estLeFlag}";
+?>
diff --git a/index.php b/index.php
new file mode 100755
index 0000000..64523a0
--- /dev/null
+++ b/index.php
@@ -0,0 +1,116 @@
+<?php
+session_start();
+// On charge la config externe
+require_once 'db_config.php';
+
+// Connexion avec les variables du fichier de config
+$conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
+
+$msg = "";
+// On vérifie que le formulaire est envoyé
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['content'])) {
+
+    // 1. Vérification du Timer (1 minute)
+    if (isset($_SESSION['last_post_time']) && (time() - $_SESSION['last_post_time'] < 60)) {
+        $msg = "Erreur : Vous devez attendre 1 minute entre chaque post.";
+    } else {
+
+        $content = htmlspecialchars($_POST['content']);
+        $ip = $_SERVER['REMOTE_ADDR'];
+        $target_file = NULL; // Par défaut, pas d'image
+        $process_sql = true; 
+
+        // LOGIQUE IMAGE FACULTATIVE
+        if (!empty($_FILES["fileToUpload"]["name"])) {
+            $target_dir = "uploads/";
+            $filename = basename($_FILES["fileToUpload"]["name"]);
+            // Nettoyage du nom de fichier
+            $filename = preg_replace("/[^a-zA-Z0-9.]/", "", $filename);
+            $target_file_path = $target_dir . time() . "_" . $filename;
+            $imageFileType = strtolower(pathinfo($target_file_path, PATHINFO_EXTENSION));
+
+            if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
+                $msg = "Erreur : Seuls les fichiers JPG, JPEG, PNG sont autorisés.";
+                $process_sql = false;
+            } 
+            elseif (!move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file_path)) {
+                $msg = "Erreur technique upload (Permissions ?).";
+                $process_sql = false;
+            } else {
+                $target_file = $target_file_path;
+            }
+        }
+
+        // INSERTION BDD
+        if ($process_sql) {
+            $stmt = $conn->prepare("INSERT INTO posts (content, image_path, ip_address) VALUES (?, ?, ?)");
+            $stmt->bind_param("sss", $content, $target_file, $ip);
+
+            if ($stmt->execute()) {
+                $_SESSION['last_post_time'] = time();
+                $msg = "Message posté avec succès !";
+            } else {
+                $msg = "Erreur SQL."; // On évite d'afficher l'erreur précise aux utilisateurs
+            }
+        }
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Mini Forum CTF</title>
+    <style>
+        body { font-family: sans-serif; max-width: 800px; margin: auto; padding: 20px; }
+        .post { border: 1px solid #ccc; padding: 10px; margin-bottom: 10px; background: #f9f9f9; }
+        .meta { color: #555; font-size: 0.9em; }
+        img { max-width: 200px; display: block; margin-top: 10px; }
+        .menu { margin-bottom: 20px; padding: 10px; background: #eee; }
+        .alert { color: red; font-weight: bold; }
+    </style>
+</head>
+<body>
+
+<div class="menu">
+    <a href="index.php">Accueil (Forum)</a> | 
+    <a href="login.php">Espace Admin (Flag)</a>
+</div>
+
+<h1>Bienvenue sur le Dev Web</h1>
+
+<?php if($msg) echo "<p class='alert'>$msg</p>"; ?>
+
+<div style="border: 2px solid #333; padding: 15px;">
+    <h3>Poster un message</h3>
+    <form action="index.php" method="post" enctype="multipart/form-data">
+        <textarea name="content" rows="4" cols="50" required placeholder="Votre message..."></textarea><br><br>
+        Image (JPG/PNG, Min 2Mo possible) : <input type="file" name="fileToUpload"<br><br>
+        <input type="submit" value="Envoyer">
+    </form>
+</div>
+
+<hr>
+
+<h2>Derniers messages</h2>
+<?php
+$sql = "SELECT * FROM posts ORDER BY id DESC";
+$result = $conn->query($sql);
+
+if ($result->num_rows > 0) {
+    while($row = $result->fetch_assoc()) {
+        echo "<div class='post'>";
+        echo "<div class='meta'>Posté par IP: <strong>" . $row["ip_address"] . "</strong> le " . $row["created_at"] . "</div>";
+        echo "<p>" . nl2br($row["content"]) . "</p>";
+        if ($row["image_path"]) {
+            echo "<img src='" . $row["image_path"] . "' alt='Image user'>";
+        }
+        echo "</div>";
+    }
+} else {
+    echo "Aucun message pour le moment.";
+}
+?>
+
+</body>
+</html>
diff --git a/index.php.bak b/index.php.bak
new file mode 100755
index 0000000..9e16e71
--- /dev/null
+++ b/index.php.bak
@@ -0,0 +1,118 @@
+<?php
+session_start();
+// Connexion BDD
+$conn = new mysqli("127.0.0.1", "dev_user", "zZu,YFy16%;,tmz2`@QOD$@5i", "dev_forum");
+
+$msg = "";
+// On vérifie que le formulaire est envoyé
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['content'])) {
+
+    // 1. Vérification du Timer (1 minute)
+    if (isset($_SESSION['last_post_time']) && (time() - $_SESSION['last_post_time'] < 60)) {
+        $msg = "Erreur : Vous devez attendre 1 minute entre chaque post.";
+    } else {
+        
+        // --- LOGIQUE DE L'IMAGE FACULTATIVE ---
+        
+        $content = htmlspecialchars($_POST['content']);
+        $ip = $_SERVER['REMOTE_ADDR'];
+        $target_file = ""; // Par défaut, on dit qu'il n'y a pas d'image
+        $upload_success = true; // On part du principe que c'est bon
+
+        // On ne traite l'image QUE si un fichier a été envoyé
+        if (!empty($_FILES["fileToUpload"]["name"])) {
+            
+            $target_dir = "uploads/";
+            $filename = basename($_FILES["fileToUpload"]["name"]);
+            $target_file_path = $target_dir . time() . "_" . $filename;
+            $imageFileType = strtolower(pathinfo($target_file_path, PATHINFO_EXTENSION));
+
+            // Vérif extension
+            if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
+                $msg = "Erreur : Seuls les fichiers JPG, JPEG, PNG sont autorisés.";
+                $upload_success = false; // On bloque l'insertion
+            } 
+            // Tentative d'upload
+            elseif (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file_path)) {
+                // Si ça marche, on met à jour la variable pour la BDD
+                $target_file = $target_file_path;
+            } else {
+                $msg = "Erreur technique lors de l'upload.";
+                $upload_success = false;
+            }
+        }
+
+        // --- INSERTION EN BASE DE DONNÉES ---
+        // On insère seulement si l'étape d'upload (si elle a eu lieu) est valide
+        if ($upload_success) {
+            $stmt = $conn->prepare("INSERT INTO posts (content, image_path, ip_address) VALUES (?, ?, ?)");
+            $stmt->bind_param("sss", $content, $target_file, $ip);
+            
+            if ($stmt->execute()) {
+                $_SESSION['last_post_time'] = time();
+                $msg = "Message posté avec succès !";
+            } else {
+                $msg = "Erreur SQL : " . $conn->error;
+            }
+        }
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Mini Forum CTF</title>
+    <style>
+        body { font-family: sans-serif; max-width: 800px; margin: auto; padding: 20px; }
+        .post { border: 1px solid #ccc; padding: 10px; margin-bottom: 10px; background: #f9f9f9; }
+        .meta { color: #555; font-size: 0.9em; }
+        img { max-width: 200px; display: block; margin-top: 10px; }
+        .menu { margin-bottom: 20px; padding: 10px; background: #eee; }
+        .alert { color: red; font-weight: bold; }
+    </style>
+</head>
+<body>
+
+<div class="menu">
+    <a href="index.php">Accueil (Forum)</a> | 
+    <a href="login.php">Espace Admin (Flag)</a>
+</div>
+
+<h1>Bienvenue sur le Dev Web</h1>
+
+<?php if($msg) echo "<p class='alert'>$msg</p>"; ?>
+
+<div style="border: 2px solid #333; padding: 15px;">
+    <h3>Poster un message</h3>
+    <form action="index.php" method="post" enctype="multipart/form-data">
+        <textarea name="content" rows="4" cols="50" required placeholder="Votre message..."></textarea><br><br>
+        Image (JPG/PNG, Min 2Mo possible) : <input type="file" name="fileToUpload"<br><br>
+        <input type="submit" value="Envoyer">
+    </form>
+</div>
+
+<hr>
+
+<h2>Derniers messages</h2>
+<?php
+$sql = "SELECT * FROM posts ORDER BY id DESC";
+$result = $conn->query($sql);
+
+if ($result->num_rows > 0) {
+    while($row = $result->fetch_assoc()) {
+        echo "<div class='post'>";
+        echo "<div class='meta'>Posté par IP: <strong>" . $row["ip_address"] . "</strong> le " . $row["created_at"] . "</div>";
+        echo "<p>" . nl2br($row["content"]) . "</p>";
+        if ($row["image_path"]) {
+            echo "<img src='" . $row["image_path"] . "' alt='Image user'>";
+        }
+        echo "</div>";
+    }
+} else {
+    echo "Aucun message pour le moment.";
+}
+?>
+
+</body>
+</html>
diff --git a/login.php b/login.php
new file mode 100755
index 0000000..9e1c323
--- /dev/null
+++ b/login.php
@@ -0,0 +1,53 @@
+<?php
+session_start();
+require_once 'db_config.php'; 
+
+$msg = "";
+
+// Vérification Login
+if (isset($_POST['username'])) {
+    if ($_POST['username'] == $admin_user && $_POST['password'] == $admin_pass) {
+        $_SESSION['logged_in'] = true;
+    } else {
+        $msg = "Identifiants incorrects.";
+    }
+}
+
+if (isset($_GET['logout'])) {
+    session_destroy();
+    header("Location: login.php");
+    exit();
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head><title>Admin Login</title></head>
+<body style="font-family:sans-serif; padding:20px; text-align:center;">
+
+<a href="index.php">Retour au Forum</a>
+
+<?php if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true): ?>
+
+    <div style="border: 2px solid green; padding: 20px; margin-top:20px; background: #dff0d8;">
+        <h2>Félicitations !</h2>
+        <p>Voici le flag du challenge Web :</p>
+        <h1 style="color:crimson;"><?php echo $flag_dev_web; ?></h1>
+        <br>
+        <a href="login.php?logout=true">Déconnexion</a>
+    </div>
+
+<?php else: ?>
+
+    <h2>Espace Administration</h2>
+    <?php if($msg) echo "<p style='color:red'>$msg</p>"; ?>
+    <form method="post" style="border:1px solid #ccc; display:inline-block; padding:20px;">
+        User: <input type="text" name="username"><br><br>
+        Pass: <input type="password" name="password"><br><br>
+        <input type="submit" value="Se connecter">
+    </form>
+
+<?php endif; ?>
+
+</body>
+</html>
diff --git a/login.php.bak b/login.php.bak
new file mode 100755
index 0000000..b7865fa
--- /dev/null
+++ b/login.php.bak
@@ -0,0 +1,55 @@
+<?php
+session_start();
+$msg = "";
+
+// Login en dur (Hardcoded)
+$valid_user = "lmao";
+$valid_pass = "F^!3'?1^MTzKTcV%dHVh'|;Am"; // Tu peux mettre ce que tu veux ici
+
+if ($_POST['username'] == $valid_user && $_POST['password'] == $valid_pass) {
+    $_SESSION['logged_in'] = true;
+}
+
+if (isset($_GET['logout'])) {
+    session_destroy();
+    header("Location: login.php");
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Espace Admin</title>
+    <style>body { font-family: sans-serif; max-width: 800px; margin: auto; padding: 20px; }</style>
+</head>
+<body>
+
+<div class="menu" style="margin-bottom: 20px; padding: 10px; background: #eee;">
+    <a href="index.php">Accueil (Forum)</a> | 
+    <a href="login.php">Espace Admin (Flag)</a>
+</div>
+
+<?php if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true): ?>
+    
+    <div style="border: 2px solid green; padding: 20px; text-align: center; background: #dff0d8;">
+        <h2>Accès autorisé !</h2>
+        <p>Voici votre récompense :</p>
+        <h1>{CTFM1:lebeurredecacahuetesestsouscoté}</h1>
+        <br>
+        <a href="login.php?logout=true">Se déconnecter</a>
+    </div>
+
+<?php else: ?>
+
+    <h2>Connexion Requise</h2>
+    <form method="post">
+        User: <input type="text" name="username"><br><br>
+        Pass: <input type="password" name="password"><br><br>
+        <input type="submit" value="Se connecter">
+    </form>
+    <p><em>(Tu peux tenter: admin / supersecret)</em></p>
+
+<?php endif; ?>
+
+</body>
+</html>