diff --git a/inc/config.php b/inc/config.php index 1fe6efaa..0cdd2934 100644 --- a/inc/config.php +++ b/inc/config.php @@ -84,6 +84,8 @@ define('ERROR_YOUAREMUTED', 'You are muted! Expires in %d seconds.', true); define('ERROR_TOR', 'Hmm… That looks like a Tor exit node.', true); define('ERROR_TOOMANYLINKS', 'Too many links; flood detected.', true); + define('ERROR_NODELETE', 'You didn\'t select anything to delete.', true); + define('ERROR_INVALIDPASSWORD', 'Wrong password…', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); diff --git a/post.php b/post.php index 306c050b..ec21d66f 100644 --- a/post.php +++ b/post.php @@ -20,7 +20,70 @@ $_POST = strip_array($_POST); } - if(isset($_POST['post'])) { + if(isset($_POST['delete'])) { + // Delete + + if( !isset($_POST['board']) || + !isset($_POST['password']) + ) + error(ERROR_BOT); + + $password = $_POST['password']; + + if(empty($password)) + error(ERROR_INVALIDPASSWORD); + + $delete = Array(); + foreach($_POST as $post => $value) { + if(preg_match('/^delete_(\d+)$/', $post, $m)) { + $delete[] = (int)$m[1]; + } + } + + sql_open(); + + // Check if banned + checkBan(); + + if(BLOCK_TOR && isTor()) + error(ERROR_TOR); + + // Check if board exists + if(!openBoard($_POST['board'])) + error(ERROR_NOBOARD); + + if(empty($delete)) + error(ERROR_NODELETE); + + foreach($delete as &$id) { + $query = prepare(sprintf("SELECT `password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query->bindValue(':id', $id, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($post = $query->fetch()) { + if(!empty($password) && $post['password'] != $password) + error(ERROR_INVALIDPASSWORD); + + if(isset($_POST['file'])) { + // Delete just the file + deleteFile($id); + } else { + // Delete entire post + deletePost($id); + } + } + } + + buildIndex(); + + sql_close(); + + $is_mod = isset($_POST['mod']) && $_POST['mod']; + $root = $is_mod ? ROOT . FILE_MOD . '?/' : ROOT; + + header('Location: ' . $root . $board['dir'] . FILE_INDEX, true, REDIRECT_HTTP); + + } elseif(isset($_POST['post'])) { if( !isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['subject']) ||