This commit is contained in:
Savetheinternet 2011-01-21 13:14:11 +11:00
parent 8edccdb2aa
commit ec34fa8076
2 changed files with 66 additions and 1 deletions

View File

@ -84,6 +84,8 @@
define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true);
define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true);
define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true);
define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true);
define('ERROR_INVALIDPASSWORD', 'Wrong password…', true);
define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true);

View File

@ -20,7 +20,70 @@
$_POST = strip_array($_POST);
}
if(isset($_POST['post'])) {
if(isset($_POST['delete'])) {
// Delete
if( !isset($_POST['board']) ||
!isset($_POST['password'])
)
error(ERROR_BOT);
$password = $_POST['password'];
if(empty($password))
error(ERROR_INVALIDPASSWORD);
$delete = Array();
foreach($_POST as $post => $value) {
if(preg_match('/^delete_(\d+)$/', $post, $m)) {
$delete[] = (int)$m[1];
}
}
sql_open();
// Check if banned
checkBan();
if(BLOCK_TOR && isTor())
error(ERROR_TOR);
// Check if board exists
if(!openBoard($_POST['board']))
error(ERROR_NOBOARD);
if(empty($delete))
error(ERROR_NODELETE);
foreach($delete as &$id) {
$query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($post = $query->fetch()) {
if(!empty($password) && $post['password'] != $password)
error(ERROR_INVALIDPASSWORD);
if(isset($_POST['file'])) {
// Delete just the file
deleteFile($id);
} else {
// Delete entire post
deletePost($id);
}
}
}
buildIndex();
sql_close();
$is_mod = isset($_POST['mod']) && $_POST['mod'];
$root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT;
header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP);
} elseif(isset($_POST['post'])) {
if( !isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['subject']) ||