diff --git a/public/index.php b/public/index.php
index dad8448..891f829 100644
--- a/public/index.php
+++ b/public/index.php
@@ -168,7 +168,7 @@ function showchar()
if ($userrow["magiclist"] == "") $userrow["magiclist"] = "None";
$array = ["content" => parsetemplate(gettemplate("showchar"), $userrow), "title" => "Character Information"];
- echo parsetemplate("\n" . gettemplate("minimal"), $array);
+ echo render('minimal', $array);
}
function onlinechar($id)
@@ -204,31 +204,39 @@ function onlinechar($id)
function showmap()
{
- $array = ["content" => "![\"Map\"](\"/img/map.gif\")
", "title" => "Map"];
- echo parsetemplate("\n" . gettemplate("minimal"), $array);
+ global $userrow;
+
+ $pos = sprintf(
+ '',
+ round(258 + $userrow['longitude'] * (500 / 500) - 3),
+ round(258 - $userrow['latitude'] * (500 / 500) - 3)
+ );
+
+ echo render('minimal', [
+ 'content' => '
'.$pos,
+ 'title' => 'Map'
+ ]);
}
+/**
+ * Either render the latest 40 chats to the babblebox, or add a chat to it and redirect. This is used
+ * within an iframe.
+ */
function babblebox()
{
global $userrow;
- if (isset($_POST["babble"])) {
- $safecontent = makesafe($_POST["babble"]);
+ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ $safecontent = make_safe($_POST["babble"]);
if (!empty($safecontent)) {
- db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);', [$userrow['username'], $safecontent]);
+ db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);',
+ [$userrow['username'], $safecontent]);
}
redirect('/babblebox');
}
- $babblebox['content'] = '';
$query = db()->query('SELECT * FROM babble ORDER BY id DESC LIMIT 40;');
- while ($babblerow = $query->fetchArray(SQLITE3_ASSOC)) {
- $new = "[{$babblerow["author"]}] {$babblerow["babble"]}
\n";
- $babblebox["content"] = $new . $babblebox["content"];
- }
- $babblebox["content"] .= '';
-
- echo parsetemplate("\n" . gettemplate("babblebox"), $babblebox);
+ echo render('babblebox', ['messages' => $query]);
}
/**
diff --git a/src/lib.php b/src/lib.php
index c94785f..e9219fd 100644
--- a/src/lib.php
+++ b/src/lib.php
@@ -24,6 +24,26 @@ function redirect(string $location): void
exit;
}
+/**
+ * Return the path to a view file.
+ */
+function template(string $name): string
+{
+ return "../templates/$name.php";
+}
+
+/**
+ * Render a view with the given data. Looks for `$path_to_base_view` through `template()`. Can be used redundantly
+ * within the template.
+ */
+function render(string $path_to_base_view, array $data = []): string|false
+{
+ ob_start();
+ extract($data);
+ require template($path_to_base_view);
+ return ob_get_clean();
+}
+
function gettemplate($templatename) { // SQL query for the template.
$filename = __DIR__ . "/../templates/" . $templatename . ".php";
@@ -66,8 +86,12 @@ function is_email($email) { // Thanks to "mail(at)philipp-louis.de" from php.net
}
-function makesafe($d) {
- return htmlentities($d);
+/**
+ * Use htmlentities with UTF-8 encoding to ensure we're only outputting healthy, safe and effective HTML.
+ */
+function make_safe(string $content): string
+{
+ return htmlentities($content, ENT_QUOTES, 'UTF-8');
}
/**
@@ -559,3 +583,4 @@ function guest_only(): void
{
if (checkcookies()) redirect('/login');
}
+
diff --git a/templates/babblebox.php b/templates/babblebox.php
index 8c2387b..d584d98 100644
--- a/templates/babblebox.php
+++ b/templates/babblebox.php
@@ -1,10 +1,9 @@
-
Babblebox
-
- {{content}}
+
+
+ fetchArray(SQLITE3_ASSOC)):
+ $has_chats = true;
+ ?>
+ []
+
+
+
-HTML;
diff --git a/templates/minimal.php b/templates/minimal.php
index 52312a4..56f4d5a 100644
--- a/templates/minimal.php
+++ b/templates/minimal.php
@@ -1,68 +1,67 @@
-
-{{title}}
-
+ <?= $title ?>
+
-
-{{content}}
-
+
+
+
+
+
-THEVERYENDOFYOU;
-?>