oof :/

board.php

@@ -25,16 +25,19 @@
 	<link href="/static/default.css" type="text/css" rel="stylesheet"/>
 	<title>Multiplayer Paint</title>
 	<script src="/static/page.js"></script>
+	<script data-ad-client="ca-pub-4649162581902265" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
 </head>
 <body>
+<div id="fb-root"></div>
+<script async defer crossorigin="anonymous" src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v5.0"></script>
 <div id="wrapper">
 	<div id="header">
 		<div id="logo">
-			<h1><?php 
-
-	echo $_SERVER['SERVER_NAME'];
+			<h1><a href="/"><?php
+	
+echo htmlentities($_SERVER['HTTP_HOST']);
 
-			?></h1>
+?></a></h1>
 			<p><?php
 
 #	if ($_SERVER['REQUEST_URI'] == '/')
@@ -100,43 +103,31 @@
 	<div id="three-column">
 		<div id="tbox1">
 			<ul class="style1">
-				<li>Copyright &copy; 2012-13 Eli Cohen.</li>
-				<li>A <a href="http://neoturbine.net">Neoturbine</a> website.</li>
+				<li>Copyright &copy; 2012-2020 Eli Cohen.</li>
 				<li>CSS by <a href="http://freecsstemplates.org/">FCT</a>.</li>
 			</ul>
 		</div>
 		<div id="tbox2">
 			<h2>What is this?</h2>
-			<p>This site is for drawing stuff.  It uses AJAX and HTML5 to provide a multiplayer drawing stuff experience.</p>
+			<p>It's a multiplayer website of wiki-style paint. Choose a whiteboard name to begin, and invite your friends.</p>
 		</div>
 		<div id="tbox3">
-			<h2>Remember...</h2>
-			<p>People can draw over what you draw.  Stuff can also be erased by right-clicking strokes made recently, until the page is refreshed.</p>
-		</div>
-	</div>
-<?php /* <iframe src="https://www.facebook.com/plugins/like.php?href=http://<?php
-
+			<h2>Social Media</h2>
+<div><a href="https://twitter.com/share?ref_src=twsrc%5Etfw" class="twitter-share-button" data-show-count="false">Tweet</a><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></div>
+<br/>
+<div><a data-pin-do="buttonBookmark" href="https://www.pinterest.com/pin/create/button/"></a></div>
+<br/>
+<div class="fb-like" data-href="https://<?php
 echo htmlentities($_SERVER['HTTP_HOST']);
 echo htmlentities($_SERVER['REQUEST_URI']);
-
-?>"
-	scrolling="no" frameborder="0"
-	style="border:none; width:300px; height:2em;"></iframe> */ ?>
+?>" data-width="" data-layout="standard" data-action="like" data-size="small" data-share="true"></div>
+		</div>
+	</div>
 <div id="footer">
 <p>
-<script type="text/javascript"><!--
-google_ad_client = "ca-pub-4649162581902265";
-/* mysite */
-google_ad_slot = "2771843899";
-google_ad_width = 728;
-google_ad_height = 90;
-//-->
-</script>
-<script type="text/javascript"
-src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
-</script>
 </p>
 	</div>
 </div>
+<script async defer src="//assets.pinterest.com/js/pinit.js"></script>
 </body>
 </html>

static/board.js

@@ -56,7 +56,7 @@ function connect() {
 							n.setAttributeNS(null, "fill", "none");
 							n.setAttributeNS(null, "stroke-width", p[4]);
 							n.setAttributeNS(null, "d", p[0]);
-							n.oncontextmenu=erase;
+							//n.oncontextmenu=erase;
 							document.getElementById("saved").appendChild(n);
 						} else if ((p[3] == "1") && (e != null)) {
 							document.getElementById("saved").removeChild(e);
@@ -80,7 +80,7 @@ function startmove(X, Y) {
 		p.setAttributeNS(null, "fill", "none");
 		p.setAttributeNS(null, "stroke-width", size);
 		p.setAttributeNS(null, "d", "M " + X + " " + Y);
-		p.oncontextmenu=erase;
+		//p.oncontextmenu=erase;
 		document.getElementById("unsaved").appendChild(p);
 	} else {
 		var d = p.getAttributeNS(null, "d");
@@ -140,16 +140,19 @@ function touchstart(evt) {
 	evt.preventDefault();
 	e = getCoors(evt);
 	startmove(e.clientX, e.clientY);
+	return false;
 }
 
 function touchmove(evt) {
 	evt.preventDefault();
 	e = getCoors(evt);
 	move(e.clientX, e.clientY);
+	return false;
 }
 
 function touchend(evt) {
 	endmove();
+	return false;
 }
 
 function setup(evt) {
@@ -190,8 +193,12 @@ function save() {
 	xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
 	xhr.onreadystatechange = function() {
 		if ((xhr.readyState == 4) && (xhr.status == 200)) {
-			if (xhr.responseText.length > 0)
-				alert(xhr.responseText);
+			if(xhr.responseText != '1') {
+				//alert(xhr.responseText);
+				var evt = {};
+				evt.target = path;
+				erase(evt);
+			}
 		}
 	}; 
 	xhr.send(out);

static/default.css

@@ -1,23 +1,15 @@
 html, body {
 	height: 100%;
 }
-
-body {
-	margin: 0px;
-	padding: 0px;
-	font-family: Arial, Helvetica, sans-serif;
-	font-size: 12px;
-	color: #545454;
-	background: rgb(30,87,153); /* Old browsers */
-	background: -moz-linear-gradient(left, rgba(30,87,153,1) 0%, rgba(125,185,232,1) 3%, rgba(30,87,153,1) 100%); /* FF3.6+ */
-	background: -webkit-gradient(linear, left top, right top, color-stop(0%,rgba(30,87,153,1)), color-stop(3%,rgba(125,185,232,1)), color-stop(100%,rgba(30,87,153,1))); /* Chrome,Safari4+ */
-	background: -webkit-linear-gradient(left, rgba(30,87,153,1) 0%,rgba(125,185,232,1) 3%,rgba(30,87,153,1) 100%); /* Chrome10+,Safari5.1+ */
-	background: -o-linear-gradient(left, rgba(30,87,153,1) 0%,rgba(125,185,232,1) 3%,rgba(30,87,153,1) 100%); /* Opera 11.10+ */
-	background: -ms-linear-gradient(left, rgba(30,87,153,1) 0%,rgba(125,185,232,1) 3%,rgba(30,87,153,1) 100%); /* IE10+ */
-	background: linear-gradient(to right, rgba(30,87,153,1) 0%,rgba(125,185,232,1) 3%,rgba(30,87,153,1) 100%); /* W3C */
-	filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1e5799', endColorstr='#1e5799',GradientType=1 ); /* IE6-9 */
-}
-
+
+body {
+	margin: 0px;
+	padding: 0px;
+	font-family: Arial, Helvetica, sans-serif;
+	font-size: 12px;
+	color: #545454;
+}
+
 h1, h2, h3 {
 	margin: 0;
 	padding: 0;
@@ -121,7 +113,7 @@ hr {
 	text-decoration: none;
 	font-size: 1.5em;
 	font-weight: 300;
-	color: #FFFFFF;
+	color: #444444;
 }
 
 #logo p

static/erase.php

@@ -19,48 +19,6 @@
 	*/
 
 	header('Content-type: text/plain');
-
-	if (!isset($_POST['json']) || !isset($_POST['url']))
-		die ("post, haste!");
-
-	require '../login.php';
-
-	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, 'whiteboard');
-	if ($my_mysql == NULL)
-		die (mysqli_error($my_mysql));
-
-	$url = mysqli_real_escape_string($my_mysql, strtolower($_POST['url']));
-
-	$hash = substr(base_convert(md5($url), 16, 10), 0, 8);
-
-	$json = json_decode($_POST['json'], true);
-	if ($json == NULL)
-		die('invalid json');
-
-	$paths = $json['paths'];
-
-	$rows = mysqli_query($my_mysql, 'select time from paths where id=' .
-		htmlentities(mysqli_real_escape_string($my_mysql, $paths[0][0])) .
-		' and url=\'' . $url . '\';') or
-			die(mysqli_error($my_mysql));
-
-	if (mysqli_num_rows ($rows) == 0) {
-		echo '1';
-		exit (0);
-	}
-
-	$row = mysqli_fetch_row ($rows);
-
-	if ($row[0] > (time()-300)) {
-		mysqli_query($my_mysql, 'update paths set time=' . time() .
-		    ',erased=true where url=\'' . $url .
-		    '\' and id=' .
-		    htmlentities(mysqli_real_escape_string($my_mysql,
-		    $paths[0][0])) . ';') or
-			die(mysqli_error($my_mysql));
-		echo '1';
-	} else {
-		echo '0';
-	}
-
+	echo '1';
+	exit(0);
 ?>

static/export.php

@@ -22,39 +22,31 @@
 	if (!isset ($_GET['url']))
 		exit(0);
 
-	header ('Content-type: image/png');
-
 	require '../login.php';
 
-	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, 'whiteboard');
+	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, $my_db, $my_port, $my_socket);
 	if ($my_mysql == NULL)
 		die (mysqli_error($my_mysql));
 
 	$url = mysqli_real_escape_string($my_mysql, strtolower($_GET['url']));
 	$hash = substr(base_convert(md5($url), 16, 10), 0, 8);
-	$ftime = filemtime('./tmp/' . $hash . '.png') + 7;
-	$time = time();
 
-	if (file_exists('./tmp/' . $hash . '.png') && ($time < $ftime)) {
-		echo file_get_contents('./tmp/' . $hash . '.png');
-		exit (0);
-	}
+	while(file_exists("/tmp/" . $hash . ".lock")) usleep(1000000);
+	touch ("/tmp/" . $hash . ".lock");
 
-	$results = mysqli_query($my_mysql, 'select * from paths where hash=\'' . $hash . '\' and erased=false order by time');
-	if ($results == NULL)
-		die (mysqli_error ($my_mysql));
+	header ('Content-type: image/png');
+	header ('Content-Disposition: inline; filename="' . preg_replace("%/%", "_", $url) . '.png"');
+
+	$results = mysqli_query($my_mysql, 'select * from paths where hash=\'' . $hash . '\' order by time');
 
 	function callback($buffer) {
 		global $hash;
 
-		unlink ("./tmp/" . $hash . '.png');
-
-		file_put_contents("./tmp/" . $hash . '.svg', $buffer);
-		system ('/usr/bin/rsvg-convert ./tmp/' . $hash . '.svg > ./tmp/' . $hash . '.png');
+		chdir('/');
+		file_put_contents('/tmp/' . $hash . '.svg', $buffer);
+		system ('/usr/local/bin/convert /tmp/' . $hash . '.svg /tmp/' . $hash . '.png');
 
-		unlink ('./tmp/' . $hash . '.svg');
-
-		return file_get_contents('./tmp/' . $hash . '.png');
+		return file_get_contents('/tmp/' . $hash . '.png');
 	}
 
 	ob_start("callback");
@@ -63,11 +55,26 @@ function callback($buffer) {
 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="960" height="480">
 <rect x="0" y="0" width="960" height="480" fill="white" stroke="white"/>
 <?php
+	if (file_exists('/tmp/' . $hash . '.2.png')) {
+?><image x="0" y="0" width="960px" height="480px" href="file:///tmp/<?php
 
-	$rows = mysqli_num_rows($results);
-	while ($row = mysqli_fetch_row($results))
-		print '<path d="' . $row[2] . '" stroke="' . $row[3] . '" stroke-width="' . $row[7] . '" fill="none"/>' . "\n";
+	echo $hash;
+
+?>.2.png"></image>
+<?php
+	}
+
+	if ($results != NULL) {
+		while ($row = mysqli_fetch_row($results)) {
+			print '<path d="' . $row[2] . '" stroke="' . $row[3] . '" stroke-width="' . $row[7] . '" fill="none"/>' . "\n";
+			$results2 = mysqli_query($my_mysql, 'delete from paths where hash=\'' . $hash . '\' and id=\'' . $row[1] . '\'');
+			if ($results2 == NULL)
+				die (mysqli_error ($my_mysql));
+		}
+	}
 ?>
 </svg><?php
 	ob_end_flush();
+	copy ('/tmp/' . $hash . '.png', '/tmp/' . $hash . '.2.png');
+	unlink("/tmp/" . $hash . '.lock');
 ?>

static/out.php

@@ -25,9 +25,9 @@
 
 	require '../login.php';
 
-	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, 'whiteboard');
+	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, $my_db, $my_port, $my_socket);
 	if ($my_mysql == NULL)
-		die (mysql_error($my_mysql));
+		die (mysqli_error($my_mysql));
 
 	$last = mysqli_real_escape_string($my_mysql, $_POST['last']);
 	$url = mysqli_real_escape_string($my_mysql, strtolower($_POST['url']));
@@ -38,7 +38,7 @@
 //	if ($last == 0)
 //		exit(0);
 
-	$results = mysqli_query($my_mysql, 'select d,id,color,erased,size from paths where (time>=' . $last . ' and hash=\'' . $hash  . '\' and erased=false) or (time>=' . ($last-240) . ' and erased=true);');
+	$results = mysqli_query($my_mysql, 'select d,id,color,erased,size from paths where (time>=' . $last . ' and hash=\'' . $hash  . '\') or (time>=' . ($last-240) . ');');
 	if ($results == NULL)
 		die (mysqli_error ($my_mysql));
 

static/save.php

@@ -20,19 +20,23 @@
 
 	header('Content-type: text/plain');
 
+	$ret = 0;
+
 	if (!isset($_POST['json']) || !isset($_POST['url']))
 		die ("post, haste!");
 
 	require '../login.php';
 
-	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, 'whiteboard');
+	$my_mysql = mysqli_connect($my_host, $my_user, $my_pass, $my_db, $my_port, $my_socket);
 	if ($my_mysql == NULL)
 		die (mysqli_error($my_mysql));
 
 	$url = mysqli_real_escape_string($my_mysql, strtolower($_POST['url']));
 
-	if (($url == '/') && ($CAN_EDIT_MAIN == FALSE))
+	if (($url == '/') && ($CAN_EDIT_MAIN == FALSE)) {
+		echo $ret;
 		exit (0);
+	}
 
 	$hash = substr(base_convert(md5($url), 16, 10), 0, 8);
 
@@ -43,13 +47,25 @@
 	$paths = $json['paths'];
 
 	for ($i = 0; $i < count($paths); $i++) {
-		if (!preg_match('/ L /', $paths[$i][1]))
-			continue;
+		if (!preg_match('/^M [0-9\.]+ [0-9\.]+/', $paths[$i][1]))
+			die('2');
+		if (preg_match('/[^ML\-0-9\.\ ]/', $paths[$i][1]))
+			die('3');
+		if (preg_match('/L[^ ]/', $paths[$i][1]))
+			die('4');
+		if (preg_match('/[^ ]L/', $paths[$i][1]))
+			die('5');
+		if (preg_match('/[^ \-0-9\.]0-9/', $paths[$i][1]))
+			die('6');
+		if (!preg_match('/^[0-9]+$/', $paths[$i][3]))
+			die('7');
+		if ($paths[$i][3] < 4 || $paths[$i][3] > 16)
+			die('8');
+		if (!preg_match('/^(black|brown|red|orange|yellow|green|blue|purple|gray|white)$/', $paths[$i][2]))
+			die('9');
 
 		mysqli_query($my_mysql, 'replace into paths values (\'' . $url
-		    . '\', \'' .
-		    htmlentities(mysqli_real_escape_string($my_mysql,
-		    $paths[$i][0])) . '\', \'' .
+		    . '\', \'' . rand() . '\', \'' .
 		    htmlentities(mysqli_real_escape_string($my_mysql,
 		    $paths[$i][1])) . '\', \'' .
 		    htmlentities(mysqli_real_escape_string($my_mysql,
@@ -58,5 +74,8 @@
 		    htmlentities(mysqli_real_escape_string($my_mysql,
 		    $paths[$i][3])) . '\')') or
 			die(mysqli_error($my_mysql));
+		$ret = 1;
 	}
+
+	echo $ret;
 ?>