-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathiframe.php
More file actions
84 lines (74 loc) · 2.74 KB
/
iframe.php
File metadata and controls
84 lines (74 loc) · 2.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
session_start();
header ("X-Frame-Options: ALLOWALL");
require_once "config/db.php";
error_reporting (E_ALL);
ini_set ("display_errors", 1);
if (!isset($_SESSION["csrf_token"])) $_SESSION["csrf_token"] = bin2hex(random_bytes(32));
$site_code = $_GET["code"] ?? null;
if (empty($site_code)) die("No site code provided");
$post_id = $_GET["postId"] ?? null;
$theme = $_GET["theme"] ?? "light";
$custom_css = "";
if (strpos($theme, "custom_") === 0) {
$themeId = substr($theme,7);
$stmt = $conn->prepare("select css from themes where id = ?");
$stmt->bind_param("i", $themeId);
$stmt->execute();
$result = $stmt->get_result();
if ($themeData = $result->fetch_assoc()) $custom_css = $themeData["css"];
}
?>
<!DOCTYPE html>
<html>
<head>
<base href="http://localhost">
<link rel="stylesheet" href="/static/iframe.css">
<?php if ($theme === 'dark'): ?>
<style>
body { background: #1a1a1a; color: #fff; }
.comment { border-color: #333; }
input, textarea { background: #333; color: #fff; border-color: #444; }
button { background-color: #444; color: #fff; }
.comment h4 { color: #fff; }
</style>
<?php endif; ?>
<?php if ($custom_css): ?>
<style><?php echo $custom_css; ?></style>
<?php endif; ?>
</head>
<body>
<div class="comment-form">
<form id="commentForm">
<input type="hidden" name="site_code" value="<?php echo htmlspecialchars($site_code); ?>">
<input type="hidden" name="post_id" value="<?php echo htmlspecialchars($post_id); ?>">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="text" name="name" placeholder="Your name" required>
<textarea name="content" placeholder="Write your comment..." required></textarea>
<button type="submit">Post Comment</button>
</form>
</div>
<div id="comments">
<?php
$stmt = $conn->prepare("select * from comments where site_code = ? and post_id = ? order by created_at desc");
if (!$stmt) die("Prepare failed: " . $conn->error);
$stmt->bind_param("ss", $site_code, $post_id);
$success = $stmt->execute();
if (!$success) die("Execute failed: ". $stmt->error);
$result = $stmt->get_result();
if (!$result) die("Error loading comments: " . $stmt->error);
while ($comment = $result->fetch_assoc()) {
echo '<div class="comment">';
echo '<h4>' . htmlspecialchars($comment['author_name']) . '</h4>';
echo '<p>' . htmlspecialchars($comment['content']) . '</p>';
echo '<div class="vote-btns">';
echo '<button onclick="vote(' . $comment['id'] . ', 1)">↑</button>';
echo '<span id="vote-count-' . $comment['id'] . '">' . ($comment['upvotes'] ?? 0) . '</span>';
echo '<button onclick="vote(' . $comment['id'] . ', -1)">↓ ' . '</button>';
echo '</div></div>';
}
?>
</div>
<script src="static/iframe.js"></script>
</body>
</html>