status/post.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/time.php';

function str_safe(string $s, int|null $max_length, bool $remove_new_lines = true): string
{
    $output = $s;

    if ($remove_new_lines) {
        $output = str_replace(PHP_EOL, "", $output);
    }

    $output = htmlspecialchars($output);
    $output = strip_tags($output);

    if ($max_length) {
        $output = substr($output, 0, $max_length);
    }

    $output = trim($output);

    return $output;
}

$db = new PDO("sqlite:{$_SERVER['DOCUMENT_ROOT']}/database.db");

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $title = str_safe($_POST['title'], 500, true) ?: null;
    $contents = str_safe($_POST['contents'], null, false) ?: null;

    $db->prepare('INSERT INTO statuses(title, contents) VALUES (?, ?)')
        ->execute([$title, $contents]);

    $id = $db->lastInsertId();

    header("Location: /status/?id=$id");
    exit;
}

if (isset($_GET['id']) && !empty(trim($_GET['id']))) {
    $stmt = $db->prepare('SELECT * FROM statuses WHERE id = ?');
    $stmt->execute([$_GET['id']]);

    $status = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
} else {
    $stmt = $db->query('SELECT id, title, posted_at FROM statuses ORDER BY posted_at DESC');
    $statuses = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
?>
<!DOCTYPE html>
<html>

<head>
    <title>new status - ilt.su</title>
    <meta name="description" content="my statuses.">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <link rel="stylesheet" href="/static/style.css">
    <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
    <meta name="robots" content="noindex, nofollow">
</head>

<body>
    <main>
        <p><a href="/">ilt.su</a> - <a href="/status/">statuses</a></p>
        <h1>post a new status</h1>
        <form action="/status/post.php" method="post">
            <table>
                <tr>
                    <th>title:</th>
                    <td><input type="text" name="title" required></td>
                </tr>
                <tr>
                    <th>contents:</th>
                    <td><textarea name="contents" placeholder="Can be empty"></textarea></td>
                </tr>
                <tr>
                    <th></th>
                    <td><button type="submit">post</button></td>
                </tr>
            </table>
        </form>
    </main>
</body>

</html>