-
Notifications
You must be signed in to change notification settings - Fork 2
/
send-message.php
44 lines (38 loc) · 1.32 KB
/
send-message.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?php
include ('./classes/DB.php');
include ('./classes/Login.php');
session_start();
$cstrong=true;
$token = bin2hex(openssl_random_pseudo_bytes(64,$cstrong));
if(!isset($_SESSION['token'])){
$_SESSION['token']=$token;
}
if (Login::isLoggedIn()) {
$userid = Login::isLoggedIn();
} else {
die('Not logged in');
}
if(isset($_POST['send'])){
if(isset($_POST['nocsrf'])!=$_SESSION['token']){
die("INVALID! Token!");
}
if(!isset($_POST['nocsrf'])){
die("INVALID Token!");
}
if(DB::query("SELECT id FROM users WHERE id=:userid",array(':userid'=>htmlspecialchars($_GET['receiver'])))){
DB::query("INSERT INTO messages(body,receiver,sender) VALUES(:body, :receiver, :sender)",array(':body'=>$_POST['body'],':receiver'=>htmlspecialchars($_GET['receiver']),':sender'=>$userid));
echo "SENT";
}else{
die ("Wrong receiver");
}
session_destroy();
}
?>
<form action="send-message.php?receiver=<?php echo htmlspecialchars($_GET['receiver']); ?>" method="post" enctype="multipart/form-data">
<label>SEND MESSAGE</label>
<br>
<textarea name="body" rows="8" cols="55"></textarea>
<br>
<input type="hidden" value="<?php echo $token; ?>" name="nocsrf">
<input type="submit" name="send" value="Send Message">
</form>