commit 59dbe70e5c6752590b6455ec399232d23c584d13 Author: CTF Admin Date: Sat Jan 10 13:37:25 2026 +0000 Initial production version diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..05e9e4b --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +# Fichiers sensibles +config.php +.env +config.local.php +*.save +# Données runtime +data/ +uploads/ +*.log + +# OS / IDE +.DS_Store +.vscode/ + +secrets.* diff --git a/README.md b/README.md new file mode 100644 index 0000000..68e8561 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# DevWeb + diff --git a/flag.php b/flag.php new file mode 100644 index 0000000..b839bcd --- /dev/null +++ b/flag.php @@ -0,0 +1,43 @@ + + + + + + + Flag + + + +
+ + +
+

Flag DevWeb

+ + +
Accès refusé (admin requis).
+ +
+ +
+
+ + diff --git a/index.php b/index.php new file mode 100644 index 0000000..995712c --- /dev/null +++ b/index.php @@ -0,0 +1,174 @@ + MAX_UPLOAD_BYTES) { + $err = "Image trop grosse (max ".MAX_UPLOAD_BYTES." bytes)."; + } else { + $finfo = new finfo(FILEINFO_MIME_TYPE); + $mime = $finfo->file($_FILES['image']['tmp_name']); + $allowed = [ + 'image/png' => 'png', + 'image/jpeg' => 'jpg', + ]; + if (!isset($allowed[$mime])) { + $err = "Format interdit. Autorisé: PNG/JPEG."; + } else { + $ext = $allowed[$mime]; + $name = bin2hex(random_bytes(8)) . '.' . $ext; + $dest = __DIR__ . '/uploads/' . $name; + if (!move_uploaded_file($_FILES['image']['tmp_name'], $dest)) { + $err = "Impossible de sauvegarder l'image."; + } else { + $imagePath = '/uploads/' . $name; + } + } + } + } + + if (!$err) { + $posts = load_posts($postsFile); + $posts[] = [ + 'time' => date('c'), + 'ip' => $ip, + 'text' => $text, + 'img' => $imagePath + ]; + // plus récents en haut => on affichera en reverse + save_posts($postsFile, $posts); + $_SESSION[$lastKey] = $now; + $msg = "Post publié."; + } + } + } + } +} + +$posts = load_posts($postsFile); +$posts = array_reverse($posts); // plus récents en haut +?> + + + + + + DevWeb Forum + + + + +
+ +
+
+ + Mini-forum +
+ +
+ Accueil + Login + Flag + + Logout + +
+
+ +
+

Mini-forum

+ + +
+ + + +
+ + +
+ + +
+ + +
Les posts récents apparaissent en premier.
+
+ +
+ + +
Taille max côté serveur : MB.
+
+ + +
+
+ +

Posts

+ +
+ +
+
+ 📅 + 🌐 IP +
+ + +
+ + + + Upload + +
+ +
+ +
CTF • dev.h.ctf.arrobe.fr
+ +
+ + + diff --git a/login.php b/login.php new file mode 100644 index 0000000..9ea59e9 --- /dev/null +++ b/login.php @@ -0,0 +1,60 @@ + + + + + + + Login + + + +
+
+
🔐 Connexion admin
+

Login

+ + +
+ + +
+ + + + + + + +
+ +
← Retour accueil
+
+
+ + diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..d98601e --- /dev/null +++ b/logout.php @@ -0,0 +1,7 @@ + + Order Deny,Allow + Deny from all + diff --git a/upload/695fed507639f.png b/upload/695fed507639f.png new file mode 100755 index 0000000..f96006b Binary files /dev/null and b/upload/695fed507639f.png differ