Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Alright, here's the code. Before you notice all the goto statements everywhere, let me just put out a disclaimer:
- //I made this code intentionally throwing out good practice. I thought it would be fun to make something with nothing but goto statements.
- //And it was fun, but when I realized that the permissions sytem I had laid out was woefully unequipped to deal with different levels of
- //access, I had to restrict access to the site as some users were able to do things that only I should be allowed to do.
- //If you need help with anything, feel free to PM me because I know that this is probably not good code at all and I've worked on projects in which
- //I DO write good code (in fact, my job depends on it)
- echo '[{"type": "text", "content": "I discovered several critical security flaws in the bbs because I wrote it in terrible php code. I\'m working on it but the BBS is down for now<br> <br>- Collin"}]';
- die();
- session_start();
- if(!isset($_POST["do"]) || !isset($_POST["width"]))
- die("-1");
- $consoleWidth = intval($_POST["width"]);
- echo '[';
- if(isset($_POST["data"])){
- $input = getInput($_POST["data"]);
- }
- switch($_POST["do"]){
- case "startup":
- echo '{"type": "clear"},';
- session_destroy();
- session_start();
- startup:
- echo '{"type": "text", "content": "';
- displayBanner("=", "LOGIN", $consoleWidth);
- echo '<br><br>Enter Username<br><br>For new users, type \'new\'<br>"}';
- echo ',{"type": "input", "content": "Username: "},{"type": "callback", "content": "loginusername"}]';
- break;
- case "loginusername":
- echo '{"type": "clear"},';
- loginusername:
- if(!isset($_POST["data"])){
- //RIP code quality
- goto startup;
- }
- if(strlen($input[1]) == 0){
- echo '{"type": "text", "content": "Error: nothing entered<br>"},';
- goto startup;
- }
- if(strcmp(strtolower($input[1]), "new") == 0){
- goto newuser;
- }
- $mysqli = new mysqli('127.0.0.1', USER_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("select * from users where username='" . $mysqli->real_escape_string($input[1]) . "';");
- if($result->num_rows == 1){
- $_SESSION["username"] = $input[1];
- echo '{"type": "text", "content": "';
- echo '<br><br>Enter Password\nOr type \"back\" to go back<br>"}';
- echo ',{"type": "password", "content": "Password: "},{"type": "callback", "content": "checkloginpassword"}]';
- }else{
- echo '{"type": "text", "content": "Username not found"},';
- goto startup;
- }
- break;
- case "newuser":
- echo '{"type": "clear"},';
- newuser:
- echo '{"type": "input",';
- echo '"content": "Enter New Username: "},';
- echo '{"type": "callback",';
- echo '"content": "registerusername"}]';
- break;
- case "registerusername":
- echo '{"type": "clear"},';
- registerusername:
- if(!isset($_POST["data"])){
- echo '{"type": "text", "content": "Error: nothing entered<br>"},';
- goto newuser;
- }
- if(strlen($input[1]) == 0){
- echo '{"type": "text", "content": "Error: nothing entered<br>"},';
- goto newuser;
- }
- if(strcmp(strtolower($input[1]), "new") == 0){
- echo '{"type": "text", "content": "Error: \'new\' is not an acceptable username"},';
- goto newuser;
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT * FROM users WHERE username = '" . $mysqli->real_escape_string($input[1]) . "';");
- if($result->num_rows >= 1){
- echo '{"type": "text", "content": "Error: That username is taken!"},';
- goto newuser;
- }else{
- $_SESSION["username"] = $mysqli->real_escape_string($input[1]);
- wrong2ndpassword:
- echo '{"type": "text", "content": "Enter password."},{"type": "text", "content": "Password must:<br>* Contain 1 capital letter<br>* Be 8 characters long"}, {"type": "password", "content": "Enter Password: "}, {"type": "callback", "content": "checkpassword"}]';
- }
- break;
- case "checkpassword":
- echo '{"type": "clear"},';
- checkpassword:
- if(!isset($_POST["data"])){
- goto loginusername;
- }else if(strcmp(strtolower($input[1]), "back") == 0 || strlen($input[1]) == 0){
- goto startup;
- }
- if(checkPasswordCorrectness($input[1]) == 3){
- $_SESSION["passwordAttempt1"] = password_hash($input[1], PASSWORD_BCRYPT);
- reenterpassword:
- echo '{"type": "text", "content": "Password works"}, {"type": "password", "content": "Re-enter password: "},';
- echo '{"type": "callback", "content": "recheckpassword"}]';
- }else{
- $wrong = checkPasswordCorrectness($input[1]);
- echo '{"type": "text", "content": "Error<br>';
- if(!($wrong & 1))
- echo '* Password is not long enough<br>';
- if(!($wrong & 2))
- echo '* Password contains no capital letters<br>';
- echo '<br>"},';
- goto wrong2ndpassword;
- }
- break;
- case "recheckpassword":
- echo '{"type": "clear"},';
- recheckpassword:
- if(!isset($_POST["data"]))
- goto reenterpassword;
- else if(strcmp(strtolower($input[1]), "back") == 0 || strlen($input[1]) == 0)
- goto startup;
- if(password_verify($input[1], $_SESSION["passwordAttempt1"])){
- $_SESSION["passwordAttempt1"] = "";
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $mysqli->query("INSERT INTO users(username, password) VALUE('" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . password_hash($input[1], PASSWORD_BCRYPT) . "');");
- if($mysqli->errno){
- echo '{"type": "text", "content": "Error while registering. Email Collin"}]';
- }else{
- echo '{"type": "text", "content": "Registration successful!"},';
- $_SESSION["loggedin"] = true;
- $input = "";
- goto mainmenu;
- }
- }else{
- echo '{"type": "text", "content": "Error: Passwords do not match."},';
- goto wrong2ndpassword;
- }
- break;
- case "checkloginpassword":
- echo '{"type": "clear"},';
- checkloginpassword:
- if(!isset($_POST["data"]))
- goto startup;
- if(strlen($input[1]) == 0)
- goto startup;
- if(strcmp(strtolower($input[1]), "back") == 0)
- goto startup;
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT * FROM users WHERE username='" . $mysqli->real_escape_string($_SESSION["username"]) ."';");
- $row = $result->fetch_assoc();
- if(password_verify($input[1], $row["password"])){
- $_SESSION["loggedin"] = true;
- $input = "";
- goto mainmenu;
- }else{
- echo '{"type": "text", "content": "Error: incorrect password"},';
- goto startup;
- }
- case "mainmenu":
- echo '{"type": "clear"},';
- mainmenu:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- echo '{"type": "text", "content": ' . json_encode(htmlspecialchars("Welcome " . $_SESSION["username"]) . '<br> ') . '},';
- echo '{"type": "button", "content": "Read New Messages", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": " "},';
- echo '{"type": "button", "content": "Post New Message", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": " "},';
- echo '{"type": "text", "content": "<br> "},';
- echo '{"type": "button", "content": "Read All Messages", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": " "},';
- echo '{"type": "button", "content": "Search Categories", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "text", "content": "<br> "},';
- echo '{"type": "button", "content": "List Categories", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "callback", "content": "mainmenuoptions"}]';
- break;
- case "mainmenuoptions":
- echo '{"type": "clear"},';
- mainmenuoptions:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- if(!isset($_POST["data"])){
- goto mainmenu;
- }
- switch(strtolower($input[1])){
- case "read all messages":
- goto getallmessages;
- break;
- case "read new messages":
- goto getnewmessages;
- break;
- case "post new message":
- goto newtitle;
- break;
- case "search categories":
- goto searchcategory;
- break;
- case "list categories":
- goto getallcategories;
- break;
- default:
- goto mainmenu;
- break;
- }
- break;
- case "searchcategory":
- echo '{"type": "clear"},';
- searchcategory:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- echo '{"type": "text", "content": "Enter the category you want to search"},';
- echo '{"type": "input", "content": ""},';
- echo '{"type": "callback", "content": "getcategories"}]';
- break;
- case "getallcategories":
- echo '{"type": "clear"},';
- getallcategories:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- }
- if(strcmp($input[0], "input") == 0){
- if(strcmp(strtolower($input[1]), "next") == 0){
- $_SESSION["offset"] += 5;
- }else if(strcmp(strtolower($input[1]), "back") == 0){
- $_SESSION["offset"] -= 5;
- }else if(strcmp(strtolower($input[1]), "menu") == 0){
- $_SESSION["offset"] = 0;
- goto mainmenu;
- }else{
- $_SESSION["offset"] = 0;
- }
- }else{
- if(strtolower($input[1]) == "list categories"){
- $_SESSION["offset"] = 0;
- }else{
- goto getcategories;
- }
- }
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT category, count(*) as numposts from posts where category is not null group by category order by numposts desc limit 5 offset " . $_SESSION["offset"] . ";");
- if($mysqli->errno){
- echo '{"type": "text", "content": "error with query. Contact Collin!!!' . $_SESSION["offset"] . '"}]';
- die();
- }
- $rownum = 0;
- while($row = $result->fetch_assoc()){
- if($rownum > 0){
- echo '{"type": "text", "content": "';
- displayBanner("-", "", $consoleWidth);
- echo '"},';
- }
- $rownum++;
- echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["category"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "text", "content": ' . json_encode(htmlspecialchars("<br> <br>" . $row["numposts"] . " posts")) . '},';
- }
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "input", "content": "(Next/Back/Menu): "},';
- echo '{"type": "callback", "content": "getallcategories"}]';
- break;
- case "getcategories":
- echo '{"type": "clear"},';
- getcategories:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- if(!isset($_SESSION["offset"]))
- $_SESSION["offset"] = 0;
- if(strcmp($input[0], "input") == 0){
- if(strcmp(strtolower($input[1]), "next") == 0){
- $_SESSION["offset"] += 5;
- }else if(strcmp(strtolower($input[1]), "back") == 0){
- $_SESSION["offset"] -= 5;
- }else if(strcmp(strtolower($input[1]), "menu") == 0){
- $_SESSION["offset"] = 0;
- goto mainmenu;
- }
- }else if($input[0] == "button" && is_numeric($input[1])){
- $_SESSION["menu"] = "getcategories";
- goto readmessage;
- }
- if(strtolower($input[1]) != "return to menu" && strtolower($input[1]) != "next" && strtolower($input[1]) != "back" && strlen($input[1]) > 0){
- $_SESSION["search"] = $input[1];
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $query = "SELECT author, id, title, date, category FROM posts WHERE category LIKE '" . $mysqli->real_escape_string($_SESSION["search"]) . "' ORDER BY id DESC LIMIT 5 OFFSET " . $mysqli->real_escape_string($_SESSION["offset"]) . ";";
- $result = $mysqli->query($query);
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- $rowNum = 0;
- while($row = $result->fetch_assoc()){
- if($rowNum > 0){
- echo '{"type": "text", "content": "<br>';
- displayBanner("_", "", $consoleWidth);
- echo '"},';
- }
- $rowNum++;
- $prefix = "";
- if($row["reply"] === "1")
- $prefix = "re: ";
- echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix . htmlspecialchars($row["title"]) . '"') .'},';
- echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["author"])) . '},';
- echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["date"])) . '},';
- }
- echo '{"type": "text", "content": " \n"},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "input", "content": "(Next/Back/Menu): "},';
- echo '{"type": "callback", "content": "getcategories"}]';
- break;
- case "getallmessages":
- getallmessages:
- echo '{"type": "clear"},';
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- if(!isset($_SESSION["offset"]))
- $_SESSION["offset"] = 0;
- if(strcmp($input[0], "input") == 0){
- if(strcmp(strtolower($input[1]), "next") == 0){
- $_SESSION["offset"] += 5;
- }else if(strcmp(strtolower($input[1]), "back") == 0){
- $_SESSION["offset"] -= 5;
- }else if(strcmp(strtolower($input[1]), "menu") == 0){
- $_SESSION["offset"] = 0;
- goto mainmenu;
- }
- }else if(is_numeric($input[1])){
- $_SESSION["menu"] = "getallmessages";
- goto readmessage;
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT * FROM posts ORDER BY id DESC limit 5 offset " . $mysqli->real_escape_string($_SESSION["offset"]));
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- $rowNum = 0;
- while($row = $result->fetch_assoc()){
- if($rowNum > 0){
- echo '{"type": "text", "content": "<br>';
- displayBanner("_", "", $consoleWidth);
- echo '"},';
- }
- $rowNum++;
- $prefix = "";
- if($row["reply"] === "1")
- $prefix = "re: ";
- echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix . htmlspecialchars($row["title"]) . '"') .'},';
- echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["author"])) . '},';
- echo '{"type": "inlinetext", "content": ' . json_encode("<br>" . htmlspecialchars($row["date"])) . '},';
- }
- echo '{"type": "text", "content": " \n"},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "input", "content": "(Next/Back/Menu): "},';
- echo '{"type": "callback", "content": "getallmessages"}]';
- break;
- case "readmessage":
- echo '{"type": "clear"},';
- readmessage:
- if(strcmp($input[0], "button") == 0){
- if(strcmp(strtolower($input[1]), "return to menu") == 0){
- goto mainmenu;
- }else if(strcmp(strtolower($input[1]), "reply")){
- //goto replytomessage;
- }
- }
- $_SESSION["replytopost"] = intval($input[1]);
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- $prefix = "";
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT * FROM posts WHERE id=" . intval($input[1]) . ";");
- $row = $result->fetch_assoc();
- if($row["reply"] === "1")
- $prefix = "re: ";
- echo '{"type": "text", "content": ' . json_encode("Author: " . htmlspecialchars($row["author"])) . '},';
- echo '{"type": "text", "content": ' . json_encode("Title: " . $prefix . htmlspecialchars($row["title"])) . '},';
- if(strlen($row["category"]) > 1)
- echo '{"type": "text", "content": ' . json_encode("Category: " . htmlspecialchars($row["category"])) . '},';
- echo '{"type": "text", "content": "';
- displayBanner("-", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($row["body"])) . '},';
- echo '{"type": "text", "content": "<br> "},';
- echo '{"type": "button", "content": "Return to menu", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": " "},';
- echo '{"type": "button", "content": "Reply", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "callback", "content": "readmessagemenu"}]';
- $result = $mysqli->query("SELECT * FROM readposts WHERE user='" . $mysqli->real_escape_string($_SESSION["username"]) . "' AND id=" . $mysqli->real_escape_string($input[1]) . ";");
- if($result->num_rows == 0){
- $mysqli->query("INSERT INTO readposts(id, user) values(" . $mysqli->real_escape_string($input[1]) . ", '" . $mysqli->real_escape_string($_SESSION["username"]) . "');");
- }
- break;
- case "readmessagemenu":
- echo '{"type": "clear"},';
- readmessagemenu:
- if(strcmp(strtolower($input[1]), "reply") == 0){
- goto replymessage;
- }else if(strcmp(strtolower($input[1]), "return to menu") == 0){
- if(isset($_SESSION["menu"])){
- switch($_SESSION["menu"]){
- case "getallmessages":
- goto getallmessages;
- break;
- case "getnewmessages":
- goto getnewmessages;
- break;
- case "getallcategories":
- goto getallcategories;
- break;
- case "getcategories":
- goto getcategories;
- break;
- }
- }else{
- goto getallmessages;
- }
- }
- break;
- case "getnewmessages":
- echo '{"type": "clear"},';
- getnewmessages:
- if(!isset($_SESSION["loggedin"])){
- echo '{"type": "text", "content": "Error: Not logged in"}]';
- goto startup;
- }
- if(!isset($_SESSION["offset"]))
- $_SESSION["offset"] = 0;
- if(strcmp($input[0], "input") == 0){
- if(strcmp(strtolower($input[1]), "next") == 0){
- $_SESSION["offset"] += 5;
- }else if(strcmp(strtolower($input[1]), "back") == 0){
- $_SESSION["offset"] -= 5;
- }else if(strcmp(strtolower($input[1]), "menu") == 0){
- $_SESSION["offset"] = 0;
- goto mainmenu;
- }
- }else if(is_numeric($input[1])){
- $_SESSION["menu"] = "getnewmessages";
- goto readmessage;
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $query = ("select distinct title, author, posts.id from posts, readposts where posts.id NOT IN (Select readposts.id from readposts where user='" . $mysqli->real_escape_string($_SESSION["username"]) . "') and user!='" . $mysqli->real_escape_string($_SESSION["username"]) . "' ORDER BY id DESC limit 5 offset " . $mysqli->real_escape_string($_SESSION["offset"]));
- $result = $mysqli->query($query);
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- $rowNum = 0;
- while($row = $result->fetch_assoc()){
- if($rowNum > 0){
- echo '{"type": "text", "content": "<br>';
- displayBanner("_", "", $consoleWidth);
- echo '"},';
- }
- $rowNum++;
- $prefix = "";
- if($row["reply"] === "1")
- $prefix = "re: ";
- echo '{"type": "button", "content": ' . json_encode(htmlspecialchars($row["id"])) . ', "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "inlinetext", "content": ' . json_encode(' "' . $prefix .htmlspecialchars($row["title"]) . '"') . '},';
- echo '{"type": "inlinetext", "content": ' . json_encode('<br>' . htmlspecialchars($row["author"])) . '},';
- echo '{"type": "inlinetext", "content": ' . json_encode('<br>' . htmlspecialchars($row["date"])) . '},';
- }
- echo '{"type": "text", "content": " \n"},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "input", "content": "(Next/Back/Menu): "},';
- echo '{"type": "callback", "content": "getnewmessages"}]';
- break;
- case "newtitle":
- echo '{"type": "clear"},';
- newtitle:
- $_SESSION["newposttitle"] = "";
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- echo '{"type": "text", "content": "Type the Title of your post<br>(You will confirm everything at the end)<br> "},';
- echo '{"type": "input", "content": "Title: "},';
- echo '{"type": "callback", "content": "newcategory"}]';
- break;
- case "newcategory":
- echo '{"type": "clear"},';
- newcategory:
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- if(!isset($_POST["data"])){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newtitle;
- }
- if(strlen($input[1]) == 0){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newtitle;
- }
- $_SESSION["newposttitle"] = $input[1];
- echo '{"type": "text", "content": "Type the category of your post: "},';
- echo '{"type": "input", "content": ""},';
- echo '{"type": "callback", "content": "newbody"}]';
- break;
- case "newbody":
- echo '{"type": "clear"},';
- newbody:
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- if(!isset($_POST["data"])){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newcategory;
- }
- if(strlen($input[1]) == 0){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newcategory;
- }
- if((strtolower($input[1]) == "announcements" || strtolower($input[1]) == "announcement" || strtolower($input[1]) == "announce") && $_SESSION["username"] != "collin"){
- echo '{"type": "text", "content": "Error: unauthorized"},';
- goto newcategory;
- }
- $_SESSION["newpostcategory"] = $input[1];
- echo '{"type": "text", "content": "Type the body of your post.<br> <br>';
- displayBanner("-", "", $consoleWidth);
- echo '"},';
- echo '{"type": "button", "content": "Submit", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "text", "content": "<br> "},';
- echo '{"type": "input", "modifier": "returnallowed"},';
- echo '{"type": "callback", "content": "doublecheckpost"}]';
- break;
- case "doublecheckpost":
- echo '{"type": "clear"},';
- doublecheckpost:
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- if(!isset($_POST["data"])){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newtitle;
- }
- if(strlen($input[1]) == 0){
- echo '{"type": "text", "content": "Error: nothing entered"},';
- goto newtitle;
- }
- if(!isset($_SESSION["newposttitle"])){
- echo '{"type": "text", "content": "Error: no title entered"},';
- goto newtitle;
- }
- $_SESSION["newpostbody"] = $input[1];
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode('Author: ' . htmlspecialchars($_SESSION["username"])) . '},';
- echo '{"type": "text", "content": ' . json_encode('Title: ' . htmlspecialchars($_SESSION["newposttitle"])) . '},';
- echo '{"type": "text", "content": ' . json_encode('Category: ' . htmlspecialchars($_SESSION["newpostcategory"])) . '},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($input[1])) . '},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "input", "content": "Is this okay? (Yes/No/Menu): "},';
- echo '{"type": "callback", "content": "checkandsubmitpost"}]';
- break;
- case "checkandsubmitpost":
- echo '{"type": "clear"},';
- checkandsubmitpost:
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- if(!isset($_SESSION["newposttitle"]) || !isset($_SESSION["newpostbody"])){
- echo '{"type": "text", "content": "Error: no title/body entered"},';
- goto newtitle;
- }
- if(strlen(strip_tags(str_replace(' ', '', $_SESSION["newpostbody"]))) == 0 || strlen(strip_tags(str_replace(' ', '', $_SESSION["newposttitle"]))) == 0 || strlen($_SESSION["newpostbody"]) < 10){
- echo '{"type": "text", "content": "Error: no title/body entered"},';
- goto newtitle;
- }
- switch(strtolower($input[1])){
- case "no":
- goto newtitle;
- break;
- case "menu":
- goto mainmenu;
- break;
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $mysqli->query("INSERT INTO posts(body, title, author, category) VALUES('" . $mysqli->real_escape_string($_SESSION["newpostbody"]) . "', '" . $mysqli->real_escape_string($_SESSION["newposttitle"]) . "', '" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . $mysqli->real_escape_string($_SESSION["newpostcategory"]) . "');");
- if($mysqli->errno){
- echo '{"type": "text", "content": "There was an error with your post!"},';
- goto newtitle;
- }
- $result = $mysqli->query("SELECT id FROM posts WHERE author='" . $mysqli->real_escape_string($_SESSION["username"]) . "' ORDER BY id DESC;");
- if($mysqli->errno){
- echo '{"type": "text", "content": "There was an error with your post!"},';
- goto newtitle;
- }
- $row = $result->fetch_assoc();
- $mysqli->query("INSERT INTO readposts(id, user) values(" . $mysqli->real_escape_string($row["id"]) . ", '" . $mysqli->real_escape_string($_SESSION["username"]) . "');");
- if($mysqli->errno){
- echo '{"type": "text", "content": "There was an error with your post!"},';
- goto newtitle;
- }
- $_SESSION["newposttitle"] = "";
- $_SESSION["newpostbody"] = "";
- $input[1] = $row["id"];
- echo '{"type": "text", "content": "Message posted successfully"},';
- goto readmessage;
- case "replymessage":
- replymessage:
- echo '{"type": "clear"},';
- if(!isset($_SESSION["loggedin"])){
- goto startup;
- }
- if(!isset($_SESSION["replytopost"])){
- goto mainmenu;
- }
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT title, author, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";");
- if($result->num_rows == 0)
- goto mainmenu;
- $row = $result->fetch_assoc();
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode("Replying to: " . htmlspecialchars($row["author"])) . '},';
- echo '{"type": "text", "content": ' . json_encode("Subject: \"re: " . htmlspecialchars($row["title"])) . '},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "button", "content": "Submit", "background": "black", "border": "rgb(0,255,0)", "color": "rgb(0,255,0)", "highlightcolor": "black", "highlightbackground": "rgb(0,255,0)", "highlightborder": "rgba(0,0,0,0)"},';
- echo '{"type": "input", "modifier": "returnallowed"},';
- echo '{"type": "callback", "content": "checkreply"}]';
- break;
- case "checkreply":
- echo '{"type": "clear"},';
- checkreply:
- $_SESSION["replybody"] = $input[1];
- if(strlen(strip_tags(str_replace(' ', '', $_SESSION["replybody"]))) == 0){
- goto replymessage;
- }
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode("Author: " . htmlspecialchars($_SESSION["username"])) . '},';
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $result = $mysqli->query("SELECT title, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";");
- $row = $result->fetch_assoc();
- echo '{"type": "text", "content": ' . json_encode("Title: \"re: " . htmlspecialchars($row["title"])) . '},';
- echo '{"type": "text", "content": "';
- displayBanner("=", "", $consoleWidth);
- echo '"},';
- echo '{"type": "text", "content": ' . json_encode(htmlspecialchars($input[1])) . '},';
- echo '{"type": "input", "content": "Is this okay? (Yes/No/Menu): "},';
- echo '{"type": "callback", "content": "postmessage"}]';
- break;
- case "postmessage":
- echo '{"type": "clear"},';
- postmessage:
- if(!isset($_SESSION["loggedin"]))
- goto mainmenu;
- if(!isset($_SESSION["replytopost"])){
- echo '{"type": "text", "content": "Error: no post to reply to"},';
- goto mainmenu;
- }
- if(strlen(strip_tags(str_replace(' ', '', $_SESSION["replybody"]))) == 0){
- goto replymessage;
- }
- switch(strtolower($input[1])){
- case "yes":
- $mysqli = new mysqli("127.0.0.1", USERNAME_GOES_HERE, PASSWORD_GOES_HERE, DB_GOES_HERE);
- $row = $mysqli->query("SELECT title, author, category FROM posts WHERE id=" . $mysqli->real_escape_string($_SESSION["replytopost"]) . ";")->fetch_assoc();
- $query = "INSERT INTO posts(author, title, body, reply, reply_to, category) values('" . $mysqli->real_escape_string($_SESSION["username"]) . "', '" . $mysqli->real_escape_string($row["title"]) . "', '" . $mysqli->real_escape_string($_SESSION["replybody"]) . "', 1, '" . $row["author"] . "', '" . $row["category"] . "');";
- $mysqli->query($query);
- if($mysqli->errno)
- die('{"type": "text", "content": "ERROR! QUERY FAILED!<br> <br> ' . $query . '"}]');
- $row = $mysqli->query("SELECT id FROM posts WHERE author='" . $mysqli->real_escape_string($_SESSION["username"]) . "' order by id DESC;")->fetch_assoc();
- $input[1] = $row["id"];
- goto readmessage;
- break;
- case "no":
- goto replymessage;
- break;
- case "menu":
- goto mainmenu;
- break;
- default:
- break;
- }
- break;
- }
- function checkPasswordCorrectness($password){
- $correct = 0;
- if(strlen($password) >= 8)
- $correct = $correct | 1;
- if(preg_match("/[A-Z]/", $password))
- $correct = $correct | 2;
- return $correct;
- }
- function displayBanner($banner, $bannerText, $width){
- for($i = 0; $i < floor(($width - strlen($bannerText)) / 2); $i++)
- echo $banner;
- echo $bannerText;
- for($i = 0; $i < ceil(($width - strlen($bannerText)) / 2); $i++)
- echo $banner;
- }
- function getInput($inputString){
- return explode(':', $inputString, 2);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement