website/resources/appeal/submit.php
2022-10-27 20:34:35 +03:00

104 lines
4.0 KiB
PHP
Executable File

<!DOCTYPE html>
<html>
<link href="/style.css" rel="stylesheet">
<head>
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="manifest" href="/site.webmanifest">
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="theme-color" content="#ffffff">
<div class="header">
<a href="/"><img id="logo" src="/logo.png"></a>
</div>
</head>
<body>
<meta charset="UTF-8">
<ul>
<li><a href="/">Home</a></li>
<li><a href="/chat">Chat</a></li>
<li><a href="/rules">Rules</a></li>
<li><a href="https://store.limework.net" style="color:lightgreen;">&#128722; Store</a></li>
<li><div class="dropdown">
<button class="dropbtn">𝄘</button>
<div class="dropdown-content">
<a href="https://git.limework.net" style="color:lightgreen;">&#127959; Gitea</a>
<a href="https://video.govindas.net" style="color:lightgreen;">&#128250; PeerTube</a>
<a href="https://creative.limework.net" style="color:lightgreen;">&#128506; Creative Map</a>
</div>
</div>
</li>
</ul>
<div class='content'>
<?php
$banid=htmlspecialchars($_POST['banid']);
$banreason=htmlspecialchars($_POST['banreason']);
$whyunban=htmlspecialchars($_POST['whyunban']);
$error=false;
if (strlen($banid) > 16) {
echo "<p style='color:red;'>Error: Ban ID cannot be longer than 16 characters</p><br>";
$error=true;
} if (strlen($banid) < 16) {
echo "<p style='color:red;'>Error: Ban ID cannot be shorter than 16 characters</p><br>";
$error=true;
} if (preg_match("#[^][A-Za-z0-9]#", $banid)) {
echo "<p style='color:red;'>Error: Ban ID contains invalid characters</p><br>";
$error=true;
} if (strlen($banreason) > 100) {
echo "<p style='color:red;'>Error: Ban reason cannot be longer than 100 characters</p><br>";
$error=true;
} if (strlen($whyunban) > 2000) {
echo "<p style='color:red;'>Error: Why do you think you should be unbanned cannot be longer than 2000 characters</p><br>";
$error=true;
} if (!$error) {
ini_set('display_errors',1);
error_reporting(E_ALL | E_STRICT);
// webbanappeal has read-only access to bans table, nothing else. It can only be accessed in localhost. Publishing password to git is fine.
$con = mysqli_connect("localhost","webbanappeal","UpUOZhRf5WLAy920wbDqyAKLySHl677juGgL","friends");
if (!$con) {
echo "<p style='color:red;'>Failed to connect to database: " . mysqli_connect_error();
echo "</p>";
$error=true;
} else {
echo "<p>SUCCESS</p>";
}
$sanitized_banid = mysqli_real_escape_string($con, $banid);
if ($result = mysqli_query($con, "SELECT `banid` FROM `bans` WHERE `banid` = '$sanitized_banid'")) {
if (mysqli_num_rows($result) == 0) {
echo "<p style='color:red;'>Error: There is no ban with the specified ban ID. Did you enter it correctly?</p><br>";
$error=true;
} else {
// Free result set
mysqli_free_result($result);
}
}
mysqli_close($con);
}
//must not be else if, as error variable may be set above
if ($error) {
echo "<form action='/appeal'><input type='submit' value='Go back' /></form>";
} else {
echo "<p><i>Opening your ban appeal...</i></p>";
$newcontent = file_get_contents("/var/www/html/template/index.html");
$newcontent=str_replace("Replace this line", "<h1>Ban Appeal</h1><p><b>Ban ID</b><br> $banid</p><p><b>Ban Reason</b><br> $banreason</p><p><b>Why do you think you should be unbanned?</b><br> $whyunban</p><br><h2>Staff Reply</h2><p><i>None yet.</i></p>", $newcontent);
if (!file_exists("/var/www/html/appeal/view/$banid.html")) {
$handle = fopen("/var/www/html/appeal/view/$banid.html","w+");
fwrite($handle,$newcontent);
fclose($handle);
}
echo "<meta http-equiv='Refresh' content='0; url=https://limework.net/appeal/view/$banid' />";
}
?>
</div>
<div class="footer">
<p>© Govindas Limework 2015-present <a href="/privacy-policy"><span style="float:right;color:lightgreen;">Privacy Policy</span></a></p>
</div>
</body>
</html>