1
0
orblog-legacy/private/pages/post.php
2024-07-13 19:19:16 +03:00

99 lines
3.0 KiB
PHP

<?php
/*-----------------------------------------------------------------------------
orblog - Simple blog for hidden networks.
Version: 0.1
Git: https://code.fossee.net/chicory/orblog-legacy
Copyright: chicory@fossee.net 2020
License: http://www.apache.org/licenses/LICENSE-2.0
-----------------------------------------------------------------------------*/
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
/*-- Get post contents -----------------------------------------------------*/
if($id <= 0)
{
header('Location:'.URL.'index.php?view=404'); exit;
}
$result = $sqlite -> query('SELECT * FROM `posts` WHERE id='.$id);
$post_data = $result -> fetchArray(SQLITE3_ASSOC);
if(!$post_data['time'])
{
header('Location:'.URL.'index.php?view=404'); exit;
}
$_TPL['title'] = $post_data['title'].' | '.TITLE;
include_template('header');
/*-- View post contents ----------------------------------------------------*/
$parser = new Parsedown();
$_TPL['id'] = $id;
$_TPL['time'] = date("d.m.y", $post_data['time']);
$_TPL['title'] = $post_data['title'];
$_TPL['desc'] = parser($post_data['desc']);
$_TPL['text'] = parser($post_data['text']);
$_TPL['tags'] = separate_tags($post_data['tags']);
$_TPL['comments'] = $post_data['comments'];
include_template('post');
/*-- Add a comment --------------------------------------------------------*/
if($_GET['action'] == 'add_comment' && COMMENTS)
{
$post_url = URL.'index.php?view=post&id='.$_TPL['id'];
if(empty($_POST['text']) or $_POST['captcha'] != $_SESSION['captcha'])
{
header('Location:'.$post_url.'&error=comment_err#add'); exit;
}
if($_SESSION['flood'] and (time() - $_SESSION['flood']) < ANTIFLOOD)
{
header('Location:'.$post_url.'&error=antiflood#add'); exit;
}
$_SESSION['flood'] = time();
$query = 'INSERT INTO `comments` (id, time, text, admin)
VALUES (:id, :time, :text, :admin)';
$stmt = $sqlite -> prepare($query);
$stmt -> bindValue(':id', $id, SQLITE3_INTEGER);
$stmt -> bindValue(':time', time(), SQLITE3_INTEGER);
$stmt -> bindValue(':text', $_POST['text'], SQLITE3_TEXT);
$stmt -> bindValue(':admin', $_SESSION['admin'], SQLITE3_INTEGER);
$stmt->execute();
$query = 'UPDATE `posts` SET comments = '.($post_data['comments']+1).'
WHERE id = '.$id;
$sqlite -> exec($query);
}
/*-- View comments --------------------------------------------------------*/
$parser -> setSafeMode(true);
$query = 'SELECT * FROM `comments` WHERE id='.$id;
$result = $sqlite -> query($query);
view_comments($result);
/*-- Comment form ---------------------------------------------------------*/
if(COMMENTS)
{
$_SESSION['captcha'] = gen_captcha();
if ($_GET['error'] == "comment_err") $_TPL['error'] = $_LANG['comment_err'];
if ($_GET['error'] == "antiflood") $_TPL['error'] = $_LANG['flood_err'];
include_template('comment_form');
}