corrade-http-templates – Blame information for rev 51
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | eva | 1 | <?php |
2 | |||
3 | ########################################################################### |
||
4 | ## Copyright (C) Wizardry and Steamworks 2016 - License: GNU GPLv3 ## |
||
5 | ########################################################################### |
||
6 | ## A small script that will delete a conversation from the configured ## |
||
7 | ## conversation directory. ## |
||
8 | ########################################################################### |
||
9 | |||
10 | ########################################################################### |
||
11 | ## CONFIGURATION ## |
||
12 | ########################################################################### |
||
13 | |||
14 | require_once('config.php'); |
||
15 | require_once('functions.php'); |
||
16 | |||
17 | ########################################################################### |
||
18 | ## INTERNALS ## |
||
19 | ########################################################################### |
||
51 | office | 20 | |
21 | # CRSF. |
||
22 | session_start(); |
||
23 | if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
||
24 | http_response_code(403); |
||
25 | die('Forbidden.'); |
||
26 | } |
||
27 | |||
1 | eva | 28 | # Bail if "firstname" or "lastname" are blank. |
29 | if(!isset($_POST['firstname']) || |
||
30 | !isset($_POST['lastname'])) return; |
||
31 | |||
32 | #### |
||
33 | # I. Get the path to the configured chat directory. |
||
34 | $chatPath = realpath($CHAT_DIRECTORY); |
||
35 | |||
36 | #### |
||
37 | # II. Get the user path. |
||
38 | $userPath = join( |
||
39 | DIRECTORY_SEPARATOR, |
||
40 | array( |
||
41 | $CHAT_DIRECTORY, |
||
42 | ucfirst( |
||
43 | strtolower( |
||
44 | $_POST['firstname'] |
||
45 | ) |
||
46 | ) .' '. |
||
47 | ucfirst( |
||
48 | strtolower( |
||
49 | $_POST['lastname'] |
||
50 | ) |
||
51 | ).'.log' |
||
52 | ) |
||
53 | ); |
||
54 | |||
55 | #### |
||
56 | # III. Check that the file will be placed within the chat directory. |
||
57 | $pathPart = pathinfo($userPath); |
||
58 | if(realpath($pathPart['dirname']) != $chatPath) |
||
59 | die; |
||
60 | |||
61 | #### |
||
62 | # IV. Remove the conversation. |
||
63 | unlink($userPath); |
||
64 | |||
65 | ?> |