Actualiser index.php
This commit is contained in:
parent
fcb30cd19f
commit
5694d261e5
46
index.php
46
index.php
@ -125,6 +125,7 @@ if (isset($_POST['createPost'])) {
|
||||
$message = 'Vous devez être connecté pour poster';
|
||||
} else {
|
||||
$userId = $_SESSION['user_id'];
|
||||
$userIp = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
// Rate limiting : 1 post par minute
|
||||
if ($rateLimit->isBlocked($userId, 'post', 1, 60)) {
|
||||
@ -140,16 +141,16 @@ if (isset($_POST['createPost'])) {
|
||||
// Insérer le post
|
||||
$stmt = $pdo->prepare(
|
||||
"INSERT INTO `{$env['TABLE_MESSAGES']}`
|
||||
(id_utilisateur, contenu, date_creation)
|
||||
VALUES (?, ?, NOW())"
|
||||
(id_utilisateur, contenu, ip_address, date_creation)
|
||||
VALUES (?, ?, ?, NOW())"
|
||||
);
|
||||
$stmt->execute([$userId, $content]);
|
||||
$stmt->execute([$userId, $content, $userIp]);
|
||||
$postId = $pdo->lastInsertId();
|
||||
|
||||
// Gérer les fichiers
|
||||
if (!empty($_FILES['postImage']['tmp_name'])) {
|
||||
$file = $_FILES['postImage'];
|
||||
$validationResult = $fileValidator->validate($file, 2 * 1024 * 1024);
|
||||
$validationResult = $fileValidator->validate($file, 100 * 1024 * 1024);
|
||||
|
||||
if ($validationResult['valid']) {
|
||||
// Vérifier la sécurité du fichier
|
||||
@ -235,8 +236,11 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
||||
.container { max-width: 800px; margin: 0 auto; }
|
||||
.header { background: white; padding: 30px; border-radius: 10px; box-shadow: 0 5px 20px rgba(0,0,0,0.1); text-align: center; margin-bottom: 30px; }
|
||||
.header h1 { color: #333; margin-bottom: 10px; }
|
||||
.header p { color: #666; }
|
||||
.flag-box { background: #fff3cd; border-left: 4px solid #ffc107; padding: 15px; margin-bottom: 20px; border-radius: 5px; }
|
||||
.header p { color: #666; margin-bottom: 10px; }
|
||||
.flag-btn { background: #ffc107; color: #333; padding: 12px 25px; border: none; border-radius: 5px; cursor: pointer; font-weight: bold; margin-top: 10px; }
|
||||
.flag-btn:hover { background: #ffb300; }
|
||||
.flag-box { background: #fff3cd; border-left: 4px solid #ffc107; padding: 15px; margin-bottom: 20px; border-radius: 5px; display: none; }
|
||||
.flag-box.show { display: block; }
|
||||
.flag-box strong { color: #856404; }
|
||||
.auth-section { background: white; padding: 25px; border-radius: 10px; box-shadow: 0 5px 20px rgba(0,0,0,0.1); margin-bottom: 30px; }
|
||||
.auth-section h2 { color: #333; margin-bottom: 15px; font-size: 18px; }
|
||||
@ -264,11 +268,19 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<h1>🏁 FLAG : <?php echo $flag ? htmlspecialchars($flag, ENT_QUOTES, 'UTF-8') : ''; ?></h1>
|
||||
<p>🚀 Forum Équipe J</p>
|
||||
<h1>🚀 Forum Équipe J</h1>
|
||||
<p>Espace de discussion sécurisé</p>
|
||||
<?php if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin'): ?>
|
||||
<button class="flag-btn" onclick="toggleFlag()">📌 Afficher le Flag</button>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<?php if ($flag): ?>
|
||||
<div class="flag-box" id="flag">
|
||||
<strong>🏁 FLAG : <?php echo htmlspecialchars($flag, ENT_QUOTES, 'UTF-8'); ?></strong>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($message): ?>
|
||||
<div class="message <?php echo (strpos($message, 'réussie') !== false || strpos($message, 'succès') !== false) ? 'success' : 'error'; ?>">
|
||||
<?php echo htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); ?>
|
||||
@ -292,7 +304,7 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
||||
<textarea name="postContent" required></textarea>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>Image (PNG ou JPEG, min 2Mo):</label>
|
||||
<label>Image (PNG ou JPEG, max 100Mo):</label>
|
||||
<input type="file" name="postImage" accept="image/png,image/jpeg">
|
||||
</div>
|
||||
<button type="submit" name="createPost" class="btn">📤 Publier</button>
|
||||
@ -341,7 +353,7 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
||||
<div class="post">
|
||||
<div class="post-header">
|
||||
<span class="post-author">👤 <?php echo htmlspecialchars($post['pseudo'], ENT_QUOTES, 'UTF-8'); ?></span>
|
||||
<span class="post-date"><?php echo htmlspecialchars($post['date_creation'], ENT_QUOTES, 'UTF-8'); ?></span>
|
||||
<span class="post-date"><?php echo htmlspecialchars($post['date_creation'], ENT_QUOTES, 'UTF-8'); ?> - IP: <?php echo htmlspecialchars($post['ip_address'] ?? 'N/A', ENT_QUOTES, 'UTF-8'); ?></span>
|
||||
</div>
|
||||
<div class="post-content">
|
||||
<?php echo nl2br(htmlspecialchars($post['contenu'], ENT_QUOTES, 'UTF-8')); ?>
|
||||
@ -354,5 +366,19 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
||||
<?php endforeach; ?>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
function toggleFlag() {
|
||||
const flagBox = document.getElementById('flag');
|
||||
flagBox.classList.toggle('show');
|
||||
|
||||
const btn = document.querySelector('.flag-btn');
|
||||
if (flagBox.classList.contains('show')) {
|
||||
btn.textContent = '📌 Masquer le Flag';
|
||||
} else {
|
||||
btn.textContent = '📌 Afficher le Flag';
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue
Block a user