API tools faq
paste
Advertisement
Guest User

What has science wrought

a guest
Mar 12th, 2017
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 31.48 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. //Alright, here's the code. Before you notice all the goto statements everywhere, let me just put out a disclaimer:
  4. //I made this code intentionally throwing out good practice. I thought it would be fun to make something with nothing but goto statements.
  5. //And it was fun, but when I realized that the permissions sytem I had laid out was woefully unequipped to deal with different levels of
  6. //access, I had to restrict access to the site as some users were able to do things that only I should be allowed to do.
  7. //If you need help with anything, feel free to PM me because I know that this is probably not good code at all and I've worked on projects in which
  8. //I DO write good code (in fact, my job depends on it)
  9.  
  10. echo '[{"type": "text", "content": "I discovered several critical security flaws in the bbs because I wrote it in terrible php code. I\'m working on it but the BBS is down for now<br> <br>- Collin"}]';
  11.  
  12. die();
  13. session_start();
  14. if(!isset($_POST["do"]) || !isset($_POST["width"]))
  15.     die("-1");
  16.  
  17. $consoleWidth = intval($_POST["width"]);
  18.  
  19. echo '[';
  20. if(isset($_POST["data"])){
  21.     $input = getInput($_POST["data"]);
  22.  
  23. }
  24.  
  25. switch($_POST["do"]){
  26.  
  27.     case "startup":
  28.         echo '{"type": "clear"},';
  29.         session_destroy();
  30.         session_start();
  31.         startup:
  32.  
  33.         echo '{"type": "text", "content": "';
  34.         displayBanner("=", "LOGIN", $consoleWidth);
  35.         echo '<br><br>Enter Username<br><br>For new users, type \'new\'<br>"}';
  36.        
  37.         echo ',{"type": "input", "content": "Username: "},{"type": "callback", "content": "loginusername"}]';
  38.         break;
  39.     case "loginusername":
  40.         echo '{"type": "clear"},';
  41.         loginusername:
  42.         if(!isset($_POST["data"])){
  43.                 //RIP code quality
  44.             goto startup;
  45.         }
  46.         if(strlen($input[1]) == 0){
  47.             echo '{"type": "text", "content": "Error: nothing entered<br>"},';
  48.             goto startup;
  49.         }
  50.         if(strcmp(strtolower($input[1]), "new") == 0){
  51.             goto newuser;
  52.         }
  53.  
  54.         $mysqli = new mysqli('127.0.0.1', USER_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  55.         $result = $mysqli->query("select * from users where username='" . $mysqli->real_escape_string($input[1]) . "';");
  56.         if($result->num_rows == 1){
  57.  
  58.             $_SESSION["username"] = $input[1];
  59.             echo '{"type": "text", "content": "';
  60.             echo '<br><br>Enter Password\nOr type \"back\" to go back<br>"}';
  61.             echo ',{"type": "password", "content": "Password: "},{"type": "callback", "content": "checkloginpassword"}]';
  62.         }else{
  63.             echo '{"type": "text", "content": "Username not found"},';
  64.             goto startup;
  65.         }
  66.         break;
  67.     case "newuser":
  68.         echo '{"type": "clear"},';
  69.         newuser:
  70.         echo '{"type": "input",';
  71.         echo '"content": "Enter New Username: "},';
  72.         echo '{"type": "callback",';
  73.         echo '"content": "registerusername"}]';
  74.        
  75.         break;
  76.     case "registerusername":
  77.         echo '{"type": "clear"},';
  78.         registerusername:
  79.         if(!isset($_POST["data"])){
  80.             echo '{"type": "text", "content": "Error: nothing entered<br>"},';
  81.             goto newuser;
  82.         }
  83.         if(strlen($input[1]) == 0){
  84.             echo '{"type": "text", "content": "Error: nothing entered<br>"},';
  85.             goto newuser;
  86.         }
  87.         if(strcmp(strtolower($input[1]), "new") == 0){
  88.             echo '{"type": "text", "content": "Error: \'new\' is not an acceptable username"},';
  89.             goto newuser;
  90.         }
  91.  
  92.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  93.         $result = $mysqli->query("SELECT * FROM users WHERE username = '" . $mysqli->real_escape_string($input[1]) . "';");
  94.         if($result->num_rows >= 1){
  95.             echo '{"type": "text", "content": "Error: That username is taken!"},';
  96.             goto newuser;
  97.         }else{
  98.             $_SESSION["username"] = $mysqli->real_escape_string($input[1]);
  99.             wrong2ndpassword:
  100.             echo '{"type": "text", "content": "Enter password."},{"type": "text", "content": "Password must:<br>* Contain 1 capital letter<br>* Be 8 characters long"}, {"type": "password", "content": "Enter Password: "}, {"type": "callback", "content": "checkpassword"}]';
  101.  
  102.         }
  103.         break; 
  104.     case "checkpassword":
  105.         echo '{"type": "clear"},';
  106.         checkpassword:
  107.         if(!isset($_POST["data"])){
  108.             goto loginusername;
  109.         }else if(strcmp(strtolower($input[1]), "back") == 0 || strlen($input[1]) == 0){
  110.             goto startup;
  111.         }
  112.        
  113.         if(checkPasswordCorrectness($input[1]) == 3){
  114.             $_SESSION["passwordAttempt1"] = password_hash($input[1], PASSWORD_BCRYPT);
  115.             reenterpassword:
  116.             echo '{"type": "text", "content": "Password works"}, {"type": "password", "content": "Re-enter password: "},';
  117.             echo '{"type": "callback", "content": "recheckpassword"}]';
  118.         }else{
  119.             $wrong = checkPasswordCorrectness($input[1]);
  120.             echo '{"type": "text", "content": "Error<br>';
  121.             if(!($wrong & 1))
  122.                 echo '* Password is not long enough<br>';
  123.             if(!($wrong & 2))
  124.                 echo '* Password contains no capital letters<br>';
  125.             echo '<br>"},';
  126.             goto wrong2ndpassword;
  127.         }
  128.  
  129.         break;
  130.     case "recheckpassword":
  131.         echo '{"type": "clear"},';
  132.         recheckpassword:
  133.         if(!isset($_POST["data"]))
  134.             goto reenterpassword;
  135.         else if(strcmp(strtolower($input[1]), "back") == 0 || strlen($input[1]) == 0)
  136.             goto startup;
  137.         if(password_verify($input[1], $_SESSION["passwordAttempt1"])){
  138.             $_SESSION["passwordAttempt1"] = "";
  139.             $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  140.             $mysqli->query("INSERT INTO users(username, password) VALUE('" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . password_hash($input[1], PASSWORD_BCRYPT) . "');");
  141.             if($mysqli->errno){
  142.                 echo '{"type": "text", "content": "Error while registering. Email Collin"}]';
  143.             }else{
  144.                 echo '{"type": "text", "content": "Registration successful!"},';
  145.                 $_SESSION["loggedin"] = true;
  146.                 $input = "";
  147.                 goto mainmenu;
  148.             }
  149.         }else{
  150.             echo '{"type": "text", "content": "Error: Passwords do not match."},';
  151.             goto wrong2ndpassword;
  152.         }
  153.  
  154.         break;
  155.     case "checkloginpassword":
  156.         echo '{"type": "clear"},';
  157.         checkloginpassword:
  158.  
  159.         if(!isset($_POST["data"]))
  160.             goto startup;
  161.         if(strlen($input[1]) == 0)
  162.             goto startup;
  163.         if(strcmp(strtolower($input[1]), "back") == 0)
  164.             goto startup;
  165.        
  166.  
  167.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  168.         $result = $mysqli->query("SELECT * FROM users WHERE username='" . $mysqli->real_escape_string($_SESSION["username"]) ."';");
  169.         $row = $result->fetch_assoc();
  170.         if(password_verify($input[1], $row["password"])){
  171.             $_SESSION["loggedin"] = true;
  172.             $input = "";
  173.             goto mainmenu;
  174.         }else{
  175.             echo '{"type": "text", "content": "Error: incorrect password"},';
  176.             goto startup;
  177.         }
  178.  
  179.     case "mainmenu":
  180.         echo '{"type": "clear"},';
  181.         mainmenu:
  182.         if(!isset($_SESSION["loggedin"])){
  183.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  184.             goto startup;
  185.         }
  186.  
  187.         echo '{"type": "text", "content": ' . json_encode(htmlspecialchars("Welcome " . $_SESSION["username"]) . '<br>&nbsp;') . '},';
  188.         echo '{"type": "button", "content": "Read New Messages", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  189.         echo '{"type": "inlinetext", "content": "&nbsp;&nbsp;&nbsp;&nbsp;"},';
  190.         echo '{"type": "button", "content": "Post New Message", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  191.         echo '{"type": "inlinetext", "content": "&nbsp;&nbsp;&nbsp;&nbsp;"},';
  192.         echo '{"type": "text", "content": "<br>&nbsp;"},';
  193.         echo '{"type": "button", "content": "Read All Messages", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  194.         echo '{"type": "inlinetext", "content": "&nbsp;&nbsp;&nbsp;&nbsp;"},';
  195.         echo '{"type": "button", "content": "Search Categories", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  196.         echo '{"type": "text", "content": "<br>&nbsp;"},';
  197.         echo '{"type": "button", "content": "List Categories", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  198.        
  199.         echo '{"type": "callback", "content": "mainmenuoptions"}]';
  200.         break;
  201.  
  202.     case "mainmenuoptions":
  203.         echo '{"type": "clear"},';
  204.         mainmenuoptions:
  205.         if(!isset($_SESSION["loggedin"])){
  206.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  207.             goto startup;
  208.         }
  209.         if(!isset($_POST["data"])){
  210.             goto mainmenu;
  211.         }
  212.         switch(strtolower($input[1])){
  213.             case "read all messages":      
  214.                 goto getallmessages;
  215.                 break;
  216.             case "read new messages":
  217.                 goto getnewmessages;
  218.                 break;
  219.             case "post new message":
  220.                 goto newtitle;
  221.                 break;
  222.             case "search categories":
  223.                 goto searchcategory;
  224.                 break;
  225.             case "list categories":
  226.                 goto getallcategories;
  227.                 break;
  228.             default:
  229.                 goto mainmenu;
  230.                 break;
  231.         }
  232.         break;
  233.  
  234.     case "searchcategory":
  235.         echo '{"type": "clear"},';
  236.         searchcategory:
  237.         if(!isset($_SESSION["loggedin"])){
  238.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  239.             goto startup;
  240.         }
  241.         echo '{"type": "text", "content": "Enter the category you want to search"},';
  242.         echo '{"type": "input", "content": ""},';
  243.         echo '{"type": "callback", "content": "getcategories"}]';
  244.  
  245.         break;
  246.     case "getallcategories":
  247.         echo '{"type": "clear"},';
  248.         getallcategories:
  249.         if(!isset($_SESSION["loggedin"])){
  250.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  251.         }
  252.         if(strcmp($input[0], "input") == 0){
  253.             if(strcmp(strtolower($input[1]), "next") == 0){
  254.                 $_SESSION["offset"] += 5;
  255.             }else if(strcmp(strtolower($input[1]), "back") == 0){
  256.                 $_SESSION["offset"] -= 5;
  257.             }else if(strcmp(strtolower($input[1]), "menu") == 0){
  258.                 $_SESSION["offset"] = 0;
  259.                 goto mainmenu;
  260.             }else{
  261.                 $_SESSION["offset"] = 0;
  262.             }
  263.         }else{
  264.             if(strtolower($input[1]) == "list categories"){
  265.                 $_SESSION["offset"] = 0;
  266.             }else{
  267.                 goto getcategories;
  268.             }
  269.         }
  270.         echo '{"type": "text", "content": "';
  271.         displayBanner("=", "", $consoleWidth);
  272.         echo '"},';
  273.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  274.         $result = $mysqli->query("SELECT category, count(*) as numposts from posts where category is not null group by category order by numposts desc limit 5 offset " . $_SESSION["offset"] . ";");
  275.         if($mysqli->errno){
  276.             echo '{"type": "text", "content": "error with query. Contact Collin!!!' . $_SESSION["offset"] . '"}]';
  277.             die();
  278.         }
  279.         $rownum = 0;
  280.         while($row = $result->fetch_assoc()){
  281.             if($rownum > 0){
  282.                 echo '{"type": "text", "content": "';
  283.                 displayBanner("-", "", $consoleWidth);
  284.                 echo '"},';
  285.             }
  286.             $rownum++;
  287.             echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["category"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  288.             echo '{"type": "text", "content": ' . json_encode(htmlspecialchars("<br> <br>" . $row["numposts"] . " posts")) . '},';
  289.         }
  290.         echo '{"type": "text", "content": "';
  291.         displayBanner("=", "", $consoleWidth);
  292.         echo '"},';
  293.    
  294.         echo '{"type": "input", "content": "(Next/Back/Menu): "},';
  295.         echo '{"type": "callback", "content": "getallcategories"}]';
  296.  
  297.         break;
  298.     case "getcategories":
  299.         echo '{"type": "clear"},';
  300.         getcategories:
  301.         if(!isset($_SESSION["loggedin"])){
  302.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  303.             goto startup;
  304.         }
  305.        
  306.         if(!isset($_SESSION["offset"]))
  307.             $_SESSION["offset"] = 0;
  308.  
  309.         if(strcmp($input[0], "input") == 0){
  310.             if(strcmp(strtolower($input[1]), "next") == 0){
  311.                 $_SESSION["offset"] += 5;
  312.             }else if(strcmp(strtolower($input[1]), "back") == 0){
  313.                 $_SESSION["offset"] -= 5;
  314.             }else if(strcmp(strtolower($input[1]), "menu") == 0){
  315.                 $_SESSION["offset"] = 0;
  316.                 goto mainmenu;
  317.             }
  318.         }else if($input[0] == "button" && is_numeric($input[1])){
  319.             $_SESSION["menu"] = "getcategories";
  320.             goto readmessage;
  321.         }
  322.    
  323.         if(strtolower($input[1]) != "return to menu" && strtolower($input[1]) != "next" && strtolower($input[1]) != "back" && strlen($input[1]) > 0){
  324.             $_SESSION["search"] = $input[1];
  325.         }
  326.        
  327.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  328.         $query = "SELECT author, id, title, date, category FROM posts WHERE category LIKE '" . $mysqli->real_escape_string($_SESSION["search"]) . "' ORDER BY id DESC LIMIT 5 OFFSET " . $mysqli->real_escape_string($_SESSION["offset"]) . ";";
  329.         $result = $mysqli->query($query);
  330.        
  331.         echo '{"type": "text", "content": "';
  332.         displayBanner("=", "", $consoleWidth);
  333.         echo '"},';
  334.         $rowNum = 0;
  335.         while($row = $result->fetch_assoc()){
  336.             if($rowNum > 0){
  337.                 echo '{"type": "text", "content": "<br>';
  338.                 displayBanner("_", "", $consoleWidth);
  339.                 echo '"},';
  340.             }
  341.             $rowNum++;
  342.             $prefix = "";
  343.             if($row["reply"] === "1")
  344.                 $prefix = "re: ";
  345.             echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  346.             echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix . htmlspecialchars($row["title"]) . '"') .'},';
  347.             echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["author"])) . '},';
  348.             echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["date"])) . '},';   
  349.         }
  350.         echo '{"type": "text", "content": "&nbsp;\n"},';
  351.         echo '{"type": "text", "content": "';
  352.         displayBanner("=", "", $consoleWidth);
  353.         echo '"},';
  354.         echo '{"type": "input", "content": "(Next/Back/Menu): "},';
  355.         echo '{"type": "callback", "content": "getcategories"}]';
  356.  
  357.         break;
  358.     case "getallmessages":
  359.         getallmessages:
  360.         echo '{"type": "clear"},';
  361.        
  362.         if(!isset($_SESSION["loggedin"])){
  363.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  364.             goto startup;
  365.         }
  366.  
  367.         if(!isset($_SESSION["offset"]))
  368.             $_SESSION["offset"] = 0;
  369.  
  370.         if(strcmp($input[0], "input") == 0){
  371.             if(strcmp(strtolower($input[1]), "next") == 0){
  372.                 $_SESSION["offset"] += 5;
  373.             }else if(strcmp(strtolower($input[1]), "back") == 0){
  374.                 $_SESSION["offset"] -= 5;
  375.             }else if(strcmp(strtolower($input[1]), "menu") == 0){
  376.                 $_SESSION["offset"] = 0;
  377.                 goto mainmenu;
  378.             }
  379.         }else if(is_numeric($input[1])){
  380.             $_SESSION["menu"] = "getallmessages";
  381.             goto readmessage;
  382.         }
  383.  
  384.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  385.         $result = $mysqli->query("SELECT * FROM posts ORDER BY id DESC limit 5 offset " . $mysqli->real_escape_string($_SESSION["offset"]));
  386.         echo '{"type": "text", "content": "';
  387.         displayBanner("=", "", $consoleWidth);
  388.         echo '"},';
  389.         $rowNum = 0;
  390.         while($row = $result->fetch_assoc()){
  391.             if($rowNum > 0){
  392.                 echo '{"type": "text", "content": "<br>';
  393.                 displayBanner("_", "", $consoleWidth);
  394.                 echo '"},';
  395.             }
  396.             $rowNum++;
  397.             $prefix = "";
  398.             if($row["reply"] === "1")
  399.                 $prefix = "re: ";
  400.             echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  401.             echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix . htmlspecialchars($row["title"]) . '"') .'},';
  402.             echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["author"])) . '},';
  403.             echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["date"])) . '},';
  404.            
  405.         }
  406.         echo '{"type": "text", "content": "&nbsp;\n"},';
  407.         echo '{"type": "text", "content": "';
  408.         displayBanner("=", "", $consoleWidth);
  409.         echo '"},';
  410.         echo '{"type": "input", "content": "(Next/Back/Menu): "},';
  411.  
  412.         echo '{"type": "callback", "content": "getallmessages"}]';
  413.         break;
  414.     case "readmessage":
  415.         echo '{"type": "clear"},';
  416.         readmessage:
  417.  
  418.  
  419.         if(strcmp($input[0], "button") == 0){
  420.             if(strcmp(strtolower($input[1]), "return to menu") == 0){
  421.                 goto mainmenu;
  422.             }else if(strcmp(strtolower($input[1]), "reply")){
  423.                 //goto replytomessage;
  424.             }
  425.         }
  426.    
  427.         $_SESSION["replytopost"] = intval($input[1]);
  428.  
  429.         echo '{"type": "text", "content": "';
  430.         displayBanner("=", "", $consoleWidth);
  431.         echo '"},';
  432.  
  433.         $prefix = "";
  434.        
  435.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  436.         $result = $mysqli->query("SELECT * FROM posts WHERE id=" . intval($input[1]) . ";");
  437.         $row = $result->fetch_assoc();
  438.  
  439.         if($row["reply"] === "1")
  440.             $prefix = "re: ";
  441.         echo '{"type": "text", "content": ' . json_encode("Author:   " . htmlspecialchars($row["author"])) . '},';
  442.         echo '{"type": "text", "content": ' . json_encode("Title:    " . $prefix . htmlspecialchars($row["title"])) . '},';
  443.         if(strlen($row["category"]) > 1)
  444.             echo '{"type": "text", "content": ' . json_encode("Category: " . htmlspecialchars($row["category"])) . '},';
  445.         echo '{"type": "text", "content": "';
  446.         displayBanner("-", "", $consoleWidth);
  447.         echo '"},';
  448.         echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($row["body"])) . '},';
  449.         echo '{"type": "text", "content": "<br> "},';
  450.         echo '{"type": "button", "content": "Return to menu", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  451.         echo '{"type": "inlinetext", "content": "    "},';
  452.         echo '{"type": "button", "content": "Reply", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  453.         echo '{"type": "callback", "content": "readmessagemenu"}]';
  454.  
  455.         $result = $mysqli->query("SELECT * FROM readposts WHERE user='" . $mysqli->real_escape_string($_SESSION["username"]) . "' AND id=" . $mysqli->real_escape_string($input[1]) . ";");
  456.         if($result->num_rows == 0){
  457.             $mysqli->query("INSERT INTO readposts(id, user) values(" . $mysqli->real_escape_string($input[1]) . ", '" . $mysqli->real_escape_string($_SESSION["username"]) . "');");
  458.         }
  459.  
  460.         break;
  461.     case "readmessagemenu":
  462.         echo '{"type": "clear"},';
  463.         readmessagemenu:
  464.         if(strcmp(strtolower($input[1]), "reply") == 0){
  465.             goto replymessage;
  466.            
  467.         }else if(strcmp(strtolower($input[1]), "return to menu") == 0){
  468.             if(isset($_SESSION["menu"])){
  469.                 switch($_SESSION["menu"]){
  470.                     case "getallmessages":
  471.                         goto getallmessages;
  472.                         break;
  473.                     case "getnewmessages":
  474.                         goto getnewmessages;
  475.                         break;
  476.                     case "getallcategories":
  477.                         goto getallcategories;
  478.                         break; 
  479.                     case "getcategories":
  480.                         goto getcategories;
  481.                         break;
  482.                 }
  483.             }else{
  484.                 goto getallmessages;
  485.             }
  486.         }
  487.  
  488.         break;
  489.     case "getnewmessages":
  490.         echo '{"type": "clear"},';
  491.         getnewmessages:
  492.  
  493.         if(!isset($_SESSION["loggedin"])){
  494.             echo '{"type": "text", "content": "Error: Not logged in"}]';
  495.             goto startup;
  496.         }
  497.  
  498.         if(!isset($_SESSION["offset"]))
  499.             $_SESSION["offset"] = 0;
  500.  
  501.         if(strcmp($input[0], "input") == 0){
  502.             if(strcmp(strtolower($input[1]), "next") == 0){
  503.                 $_SESSION["offset"] += 5;
  504.             }else if(strcmp(strtolower($input[1]), "back") == 0){
  505.                 $_SESSION["offset"] -= 5;
  506.             }else if(strcmp(strtolower($input[1]), "menu") == 0){
  507.                 $_SESSION["offset"] = 0;
  508.                 goto mainmenu;
  509.             }
  510.         }else if(is_numeric($input[1])){
  511.             $_SESSION["menu"] = "getnewmessages";
  512.             goto readmessage;
  513.         }
  514.  
  515.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  516.         $query = ("select distinct title, author, posts.id from posts, readposts where posts.id NOT IN (Select readposts.id from readposts where user='" . $mysqli->real_escape_string($_SESSION["username"]) . "') and user!='" . $mysqli->real_escape_string($_SESSION["username"]) . "' ORDER BY id DESC limit 5 offset " . $mysqli->real_escape_string($_SESSION["offset"]));
  517.         $result = $mysqli->query($query);
  518.         echo '{"type": "text", "content": "';
  519.         displayBanner("=", "", $consoleWidth);
  520.         echo '"},';
  521.         $rowNum = 0;
  522.         while($row = $result->fetch_assoc()){
  523.             if($rowNum > 0){
  524.                 echo '{"type": "text", "content": "<br>';
  525.                 displayBanner("_", "", $consoleWidth);
  526.                 echo '"},';
  527.             }
  528.             $rowNum++;
  529.             $prefix = "";
  530.    
  531.             if($row["reply"] === "1")
  532.                 $prefix = "re: ";
  533.             echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  534.             echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix .htmlspecialchars($row["title"]) . '"') . '},';
  535.             echo '{"type": "inlinetext", "content": ' . json_encode('<br>' . htmlspecialchars($row["author"])) . '},';
  536.             echo '{"type": "inlinetext", "content": ' . json_encode('<br>' . htmlspecialchars($row["date"])) . '},';
  537.         }
  538.         echo '{"type": "text", "content": "&nbsp;\n"},';
  539.         echo '{"type": "text", "content": "';
  540.         displayBanner("=", "", $consoleWidth);
  541.         echo '"},';
  542.         echo '{"type": "input", "content": "(Next/Back/Menu): "},';
  543.  
  544.         echo '{"type": "callback", "content": "getnewmessages"}]';
  545.         break;
  546.     case "newtitle":
  547.         echo '{"type": "clear"},';
  548.         newtitle:
  549.  
  550.         $_SESSION["newposttitle"] = "";
  551.         if(!isset($_SESSION["loggedin"])){
  552.             goto startup;
  553.         }
  554.        
  555.         echo '{"type": "text", "content": "Type the Title of your post<br>(You will confirm everything at the end)<br>&nbsp;"},';
  556.         echo '{"type": "input", "content": "Title: "},';
  557.         echo '{"type": "callback", "content": "newcategory"}]';
  558.         break;
  559.  
  560.     case "newcategory":
  561.         echo '{"type": "clear"},';
  562.         newcategory:
  563.    
  564.         if(!isset($_SESSION["loggedin"])){
  565.             goto startup;
  566.         }
  567.         if(!isset($_POST["data"])){
  568.             echo '{"type": "text", "content": "Error: nothing entered"},';
  569.             goto newtitle;
  570.         }
  571.         if(strlen($input[1]) == 0){
  572.             echo '{"type": "text", "content": "Error: nothing entered"},';
  573.             goto newtitle;
  574.         }
  575.         $_SESSION["newposttitle"] = $input[1];
  576.  
  577.         echo '{"type": "text", "content": "Type the category of your post: "},';
  578.         echo '{"type": "input", "content": ""},';
  579.         echo '{"type": "callback", "content": "newbody"}]';
  580.        
  581.         break;
  582.     case "newbody":
  583.         echo '{"type": "clear"},';
  584.         newbody:
  585.         if(!isset($_SESSION["loggedin"])){
  586.             goto startup;
  587.         }
  588.         if(!isset($_POST["data"])){
  589.             echo '{"type": "text", "content": "Error: nothing entered"},';
  590.             goto newcategory;
  591.         }
  592.         if(strlen($input[1]) == 0){
  593.             echo '{"type": "text", "content": "Error: nothing entered"},';
  594.             goto newcategory;
  595.         }
  596.         if((strtolower($input[1]) == "announcements" || strtolower($input[1]) == "announcement" || strtolower($input[1]) == "announce") && $_SESSION["username"] != "collin"){
  597.             echo '{"type": "text", "content": "Error: unauthorized"},';
  598.             goto newcategory;
  599.         }
  600.        
  601.        
  602.         $_SESSION["newpostcategory"] = $input[1];
  603.         echo '{"type": "text", "content": "Type the body of your post.<br> <br>';
  604.         displayBanner("-", "", $consoleWidth);
  605.         echo '"},';
  606.         echo '{"type": "button", "content": "Submit", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  607.         echo '{"type": "text", "content": "<br>&nbsp;"},';
  608.         echo '{"type": "input", "modifier": "returnallowed"},';
  609.         echo '{"type": "callback", "content": "doublecheckpost"}]';
  610.        
  611.         break;
  612.     case "doublecheckpost":
  613.         echo '{"type": "clear"},';
  614.         doublecheckpost:
  615.         if(!isset($_SESSION["loggedin"])){
  616.             goto startup;
  617.         }
  618.         if(!isset($_POST["data"])){
  619.             echo '{"type": "text", "content": "Error: nothing entered"},';
  620.             goto newtitle;
  621.         }
  622.         if(strlen($input[1]) == 0){
  623.             echo '{"type": "text", "content": "Error: nothing entered"},';
  624.             goto newtitle;
  625.         }
  626.         if(!isset($_SESSION["newposttitle"])){
  627.             echo '{"type": "text", "content": "Error: no title entered"},';
  628.             goto newtitle;
  629.         }
  630.         $_SESSION["newpostbody"] = $input[1];
  631.         echo '{"type": "text", "content": "';
  632.         displayBanner("=", "", $consoleWidth);
  633.         echo '"},';
  634.         echo '{"type": "text", "content": ' . json_encode('Author:   ' . htmlspecialchars($_SESSION["username"])) . '},';
  635.         echo '{"type": "text", "content": ' . json_encode('Title:    ' . htmlspecialchars($_SESSION["newposttitle"])) . '},';
  636.         echo '{"type": "text", "content": ' . json_encode('Category: ' . htmlspecialchars($_SESSION["newpostcategory"])) . '},';
  637.         echo '{"type": "text", "content": "';
  638.         displayBanner("=", "", $consoleWidth);
  639.         echo '"},';
  640.         echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($input[1])) . '},';
  641.         echo '{"type": "text", "content": "';
  642.         displayBanner("=", "", $consoleWidth);
  643.         echo '"},';
  644.         echo '{"type": "input", "content": "Is this okay? (Yes/No/Menu): "},';
  645.         echo '{"type": "callback", "content": "checkandsubmitpost"}]';
  646.         break;
  647.     case "checkandsubmitpost":
  648.         echo '{"type": "clear"},';
  649.         checkandsubmitpost:
  650.  
  651.         if(!isset($_SESSION["loggedin"])){
  652.             goto startup;
  653.         }
  654.         if(!isset($_SESSION["newposttitle"]) || !isset($_SESSION["newpostbody"])){
  655.             echo '{"type": "text", "content": "Error: no title/body entered"},';
  656.             goto newtitle;
  657.         }
  658.         if(strlen(strip_tags(str_replace(' ', '', $_SESSION["newpostbody"]))) == 0 || strlen(strip_tags(str_replace(' ', '', $_SESSION["newposttitle"]))) == 0 || strlen($_SESSION["newpostbody"]) < 10){
  659.             echo '{"type": "text", "content": "Error: no title/body entered"},';
  660.             goto newtitle;
  661.         }
  662.         switch(strtolower($input[1])){
  663.             case "no":
  664.                 goto newtitle;
  665.                 break;
  666.             case "menu":
  667.                 goto mainmenu;
  668.                 break;
  669.         }
  670.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  671.         $mysqli->query("INSERT INTO posts(body, title, author, category) VALUES('" . $mysqli->real_escape_string($_SESSION["newpostbody"]) . "', '" . $mysqli->real_escape_string($_SESSION["newposttitle"]) . "', '" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . $mysqli->real_escape_string($_SESSION["newpostcategory"]) . "');");
  672.         if($mysqli->errno){
  673.             echo '{"type": "text", "content": "There was an error with your post!"},';
  674.             goto newtitle;
  675.         }
  676.         $result = $mysqli->query("SELECT id FROM posts WHERE author='" . $mysqli->real_escape_string($_SESSION["username"]) . "' ORDER BY id DESC;");
  677.         if($mysqli->errno){
  678.             echo '{"type": "text", "content": "There was an error with your post!"},';
  679.             goto newtitle;
  680.         }
  681.         $row = $result->fetch_assoc();
  682.         $mysqli->query("INSERT INTO readposts(id, user) values(" . $mysqli->real_escape_string($row["id"]) . ", '" . $mysqli->real_escape_string($_SESSION["username"]) . "');");
  683.         if($mysqli->errno){
  684.             echo '{"type": "text", "content": "There was an error with your post!"},';
  685.             goto newtitle;
  686.         }
  687.         $_SESSION["newposttitle"] = "";
  688.         $_SESSION["newpostbody"] = "";
  689.        
  690.         $input[1] = $row["id"];
  691.         echo '{"type": "text", "content": "Message posted successfully"},';
  692.         goto readmessage;
  693.     case "replymessage":
  694.         replymessage:
  695.         echo '{"type": "clear"},';
  696.         if(!isset($_SESSION["loggedin"])){
  697.             goto startup;
  698.         }
  699.         if(!isset($_SESSION["replytopost"])){
  700.             goto mainmenu;
  701.         }
  702.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  703.         $result = $mysqli->query("SELECT title, author, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";");
  704.         if($result->num_rows == 0)
  705.             goto mainmenu;
  706.         $row = $result->fetch_assoc();
  707.         echo '{"type": "text", "content": "';
  708.         displayBanner("=", "", $consoleWidth);
  709.         echo '"},';
  710.         echo '{"type": "text", "content": ' . json_encode("Replying to: " . htmlspecialchars($row["author"])) . '},';
  711.         echo '{"type": "text", "content": ' . json_encode("Subject: \"re: " . htmlspecialchars($row["title"])) . '},';
  712.         echo '{"type": "text", "content": "';
  713.         displayBanner("=", "", $consoleWidth);
  714.         echo '"},';
  715.         echo '{"type": "button", "content": "Submit", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
  716.         echo '{"type": "input", "modifier": "returnallowed"},';
  717.         echo '{"type": "callback", "content": "checkreply"}]';
  718.         break;
  719.     case "checkreply":
  720.         echo '{"type": "clear"},';
  721.         checkreply:
  722.         $_SESSION["replybody"] = $input[1];
  723.         if(strlen(strip_tags(str_replace(' ', '', $_SESSION["replybody"]))) == 0){
  724.             goto replymessage;
  725.         }
  726.  
  727.         echo '{"type": "text", "content": "';
  728.         displayBanner("=", "", $consoleWidth);
  729.         echo '"},';
  730.         echo '{"type": "text", "content": ' . json_encode("Author: " . htmlspecialchars($_SESSION["username"])) . '},';
  731.         $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  732.         $result = $mysqli->query("SELECT title, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";");
  733.         $row = $result->fetch_assoc();
  734.         echo '{"type": "text", "content": ' . json_encode("Title: \"re: " . htmlspecialchars($row["title"])) . '},';
  735.         echo '{"type": "text", "content": "';
  736.         displayBanner("=", "", $consoleWidth);
  737.         echo '"},';
  738.         echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($input[1])) . '},';
  739.         echo '{"type": "input", "content": "Is this okay? (Yes/No/Menu): "},';
  740.         echo '{"type": "callback", "content": "postmessage"}]';
  741.         break;
  742.     case "postmessage":
  743.         echo '{"type": "clear"},';
  744.         postmessage:
  745.         if(!isset($_SESSION["loggedin"]))
  746.             goto mainmenu;
  747.    
  748.         if(!isset($_SESSION["replytopost"])){
  749.             echo '{"type": "text", "content": "Error: no post to reply to"},';
  750.             goto mainmenu;
  751.         }
  752.         if(strlen(strip_tags(str_replace(' ', '', $_SESSION["replybody"]))) == 0){
  753.             goto replymessage;
  754.         }
  755.        
  756.         switch(strtolower($input[1])){
  757.             case "yes":
  758.                 $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
  759.                 $row = $mysqli->query("SELECT title, author, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";")->fetch_assoc();
  760.                 $query = "INSERT INTO posts(author, title, body, reply, reply_to, category) values('" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . $mysqli->real_escape_string($row["title"]) . "', '" . $mysqli->real_escape_string($_SESSION["replybody"]) . "', 1, '" . $row["author"] . "', '" . $row["category"] . "');";
  761.                 $mysqli->query($query);
  762.                 if($mysqli->errno)
  763.                     die('{"type": "text", "content": "ERROR! QUERY FAILED!<br> <br> ' . $query . '"}]');
  764.                 $row = $mysqli->query("SELECT id FROM posts WHERE author='" . $mysqli->real_escape_string($_SESSION["username"]) . "' order by id DESC;")->fetch_assoc();
  765.                 $input[1] = $row["id"];
  766.                 goto readmessage;
  767.                 break;
  768.             case "no":
  769.                 goto replymessage;
  770.                 break;
  771.             case "menu":
  772.                 goto mainmenu;
  773.                 break;
  774.             default:
  775.                 break;
  776.            
  777.         }
  778.        
  779.         break;
  780.        
  781.        
  782.    
  783. }
  784.  
  785. function checkPasswordCorrectness($password){
  786.     $correct = 0;
  787.     if(strlen($password) >= 8)
  788.         $correct = $correct | 1;
  789.     if(preg_match("/[A-Z]/", $password))
  790.         $correct = $correct | 2;
  791.     return $correct;
  792. }
  793.  
  794. function displayBanner($banner, $bannerText, $width){
  795.     for($i = 0; $i < floor(($width - strlen($bannerText)) / 2); $i++)
  796.         echo $banner;
  797.     echo $bannerText;
  798.     for($i = 0; $i < ceil(($width - strlen($bannerText)) / 2); $i++)
  799.         echo $banner;
  800. }
  801.  
  802. function getInput($inputString){
  803.     return explode(':', $inputString, 2);
  804. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!