diff options
Diffstat (limited to 'status/post.php')
| -rw-r--r-- | status/post.php | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/status/post.php b/status/post.php new file mode 100644 index 0000000..064d86f --- /dev/null +++ b/status/post.php @@ -0,0 +1,84 @@ +<?php +include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/time.php'; + +function str_safe(string $s, int|null $max_length, bool $remove_new_lines = true): string +{ + $output = $s; + + if ($remove_new_lines) { + $output = str_replace(PHP_EOL, "", $output); + } + + $output = htmlspecialchars($output); + $output = strip_tags($output); + + if ($max_length) { + $output = substr($output, 0, $max_length); + } + + $output = trim($output); + + return $output; +} + +$db = new PDO("sqlite:{$_SERVER['DOCUMENT_ROOT']}/database.db"); + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $title = str_safe($_POST['title'], 500, true) ?: null; + $contents = str_safe($_POST['contents'], null, false) ?: null; + + $db->prepare('INSERT INTO statuses(title, contents) VALUES (?, ?)') + ->execute([$title, $contents]); + + $id = $db->lastInsertId(); + + header("Location: /status/?id=$id"); + exit; +} + +if (isset($_GET['id']) && !empty(trim($_GET['id']))) { + $stmt = $db->prepare('SELECT * FROM statuses WHERE id = ?'); + $stmt->execute([$_GET['id']]); + + $status = $stmt->fetch(PDO::FETCH_ASSOC) ?: null; +} else { + $stmt = $db->query('SELECT id, title, posted_at FROM statuses ORDER BY posted_at DESC'); + $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC); +} +?> +<!DOCTYPE html> +<html> + +<head> + <title>new status - ilt.su</title> + <meta name="description" content="my statuses."> + <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> + <link rel="stylesheet" href="/static/style.css"> + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> + <meta name="robots" content="noindex, nofollow"> +</head> + +<body> + <main> + <p><a href="/">ilt.su</a> - <a href="/status/">statuses</a></p> + <h1>post a new status</h1> + <form action="/status/post.php" method="post"> + <table> + <tr> + <th>title:</th> + <td><input type="text" name="title" required></td> + </tr> + <tr> + <th>contents:</th> + <td><textarea name="contents" placeholder="Can be empty"></textarea></td> + </tr> + <tr> + <th></th> + <td><button type="submit">post</button></td> + </tr> + </table> + </form> + </main> +</body> + +</html>
\ No newline at end of file |