-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-project.php
152 lines (137 loc) · 5.38 KB
/
create-project.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
require_once 'utils/.guard.php';
require_once 'utils/.mysql.php';
session_start();
guard_redirect(isset($_SESSION['user_id']), 'login.php');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Referer check
guard_die(isset($_SERVER['HTTP_REFERER']), 'Referer not found.');
$referer = parse_url($_SERVER['HTTP_REFERER']);
guard_die($referer['host'] === getenv('HOSTNAME'), 'Invalid referer.');
// Token check
guard_die(
isset($_POST['csrf-token']) && $_POST['csrf-token'] === $_SESSION['token'],
'CSRF token missing or invalid.'
);
// Param check
guard_die(
isset($_POST['title']) && isset($_POST['desc']) && isset($_POST['image']),
'Parameter(s) missing.'
);
$project_id = add_project($_POST['title'], $_POST['desc'], $_POST['image'], $_SESSION['user_id']);
header("Location: project.php?id=$project_id");
}
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Contact Us - TeamUp</title>
<link rel="stylesheet" href="index.css">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@400;700;900" rel="stylesheet">
<script src="https://unpkg.com/vue@next"></script>
</head>
<body>
<header>
<div class="wrapper">
<?php include 'partials/nav.php'; ?>
<div class="heading">
<h1>
Create a project ...
</h1>
</div>
</div>
</header>
<main>
<div class="wrapper">
<div class="cols">
<div class="left col" id="vue-app">
<form action="" method="post" @submit.prevent="handleSubmit">
<div class="errors row" v-if="errors.length !== 0">
<ul>
<li v-for="error in errors">{{ error }}</li>
</ul>
</div>
<div class="wide row">
<input type="text" name="title" id="title" placeholder="Title" v-model="title">
</div>
<div class="wide row">
<textarea name="desc" id="desc" placeholder="Project description" v-model="desc"></textarea>
</div>
<div class="wide row">
<input type="url" name="image" id="image" placeholder="Image URL" @input="handleInput" v-model="imgUrl">
</div>
<input type="hidden" name="csrf-token" id="csrf-token" value="<?php echo $_SESSION['token']; ?>">
<div class="row btns">
<input type="submit" value="Submit" class="btn primary">
</div>
</form>
</div>
</div>
</div>
</main>
<?php include 'partials/footer.php'; ?>
<script>
function debounce(fn, delay = 1000) {
let timer
return function() {
let that = this
let args = arguments
clearTimeout(timer)
timer = setTimeout(() => {
fn.apply(that, args)
}, delay);
}
}
const app = Vue.createApp({
data() {
return {
title: '',
desc: '',
imgUrl: '',
errors: [],
acceptMimeTypes: ['image/jpeg', 'image/png', 'image/svg+xml', 'image/webp']
}
},
methods: {
async handleSubmit(event) {
this.errors = []
this.guard(this.title.length > 5 && this.title.length <= 100, 'Title must be 5-100 letters long')
this.guard(this.desc.length > 20 && this.desc.length <= 1000, 'Description must be 20-1000 letters long')
try {
this.guardThrow(/https?:\/\/\w[\w.]*\w(:\d{1,5})?.*$/g.test(this.imgUrl), 'Image URL invalid.')
const res = await fetch(this.imgUrl)
const contentType = res.headers.get('Content-Type')
this.guardThrow(this.acceptMimeTypes.includes(contentType), 'Not an acceptable image format.')
} catch (err) {
this.errors.push(err.message)
}
if (this.errors.length === 0) event.target.submit()
},
handleInput: debounce(async function () {
this.errors = []
try {
this.guardThrow(/https?:\/\/\w[\w.]*\w(:\d{1,5})?.*$/g.test(this.imgUrl), 'Image URL invalid.')
const res = await fetch(this.imgUrl)
const contentType = res.headers.get('Content-Type')
this.guardThrow(this.acceptMimeTypes.includes(contentType), 'Not an acceptable image format.')
} catch (err) {
this.errors.push(err.message)
}
}, 1000),
guard(condition, message) {
if (!condition) this.errors.push(message)
},
guardThrow(condition, message) {
if (!condition) throw new Error(message)
}
}
}).mount('#vue-app')
</script>
</body>
</html>