61 lines
2 KiB
PHP
61 lines
2 KiB
PHP
<?php
|
|
// modules/comments.php
|
|
// Shared MentalNet comment system module
|
|
|
|
// Configuration defaults
|
|
$COMMENT_DB_PATH = __DIR__ . '/../' . basename(getcwd()) . '/comments.db';
|
|
$COMMENT_MAX_LENGTH = 250;
|
|
$ADMIN_IP_PREFIXES = ['192.168.86.1', '192.168.86.']; // adjust as needed
|
|
|
|
// Initialize database
|
|
$db = new PDO('sqlite:' . $COMMENT_DB_PATH);
|
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
$db->exec("CREATE TABLE IF NOT EXISTS comments (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
name TEXT NOT NULL,
|
|
comment TEXT NOT NULL,
|
|
ip TEXT NOT NULL,
|
|
date TEXT NOT NULL
|
|
)");
|
|
|
|
$error = '';
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
$is_admin = false;
|
|
foreach ($ADMIN_IP_PREFIXES as $prefix) {
|
|
if (str_starts_with($ip, $prefix)) { $is_admin = true; break; }
|
|
}
|
|
|
|
// Handle deletions
|
|
if (isset($_GET['delete']) && $is_admin) {
|
|
$del_id = intval($_GET['delete']);
|
|
$stmt = $db->prepare("DELETE FROM comments WHERE id = ?");
|
|
$stmt->execute([$del_id]);
|
|
header("Location: " . strtok($_SERVER["REQUEST_URI"], '?'));
|
|
exit;
|
|
}
|
|
|
|
// Handle new comments
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$name = trim($_POST['name']);
|
|
$comment = trim($_POST['comment']);
|
|
|
|
if (strlen($comment) > $COMMENT_MAX_LENGTH) {
|
|
$error = "Whoa there, sysadmin — keep it under $COMMENT_MAX_LENGTH characters!";
|
|
} elseif ($name && $comment) {
|
|
$check = $db->prepare("SELECT COUNT(*) FROM comments WHERE ip = ? OR name = ?");
|
|
$check->execute([$ip, $name]);
|
|
if ($check->fetchColumn() > 0) {
|
|
$error = "One post per person — let other engineers join the thread.";
|
|
} else {
|
|
$stmt = $db->prepare("INSERT INTO comments (name, comment, ip, date) VALUES (?, ?, ?, datetime('now','localtime'))");
|
|
$stmt->execute([$name, $comment, $ip]);
|
|
header("Location: " . $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Fetch existing comments
|
|
$comments = $db->query("SELECT * FROM comments ORDER BY id DESC")->fetchAll(PDO::FETCH_ASSOC);
|
|
?>
|
|
|