From a089e6c8a28693603ba51f0adbf8b8767d6cdff6 Mon Sep 17 00:00:00 2001
From: gitea-admin <gitea-admin@noreply.git.i.ctf.arrobe.fr>
Date: Mon, 5 Jan 2026 19:52:41 +0000
Subject: [PATCH] Ajouter login.php

---
 login.php | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 login.php

diff --git a/login.php b/login.php
new file mode 100644
index 0000000..a7454f5
--- /dev/null
+++ b/login.php
@@ -0,0 +1,35 @@
+<?php
+session_start();
+require 'db.php';
+
+$ip = $_SERVER['REMOTE_ADDR'];
+
+/* Rate limit: 1 post / minute */
+$stmt = $pdo->prepare("SELECT created_at FROM posts WHERE ip=? ORDER BY created_at DESC LIMIT 1");
+$stmt->execute([$ip]);
+$last = $stmt->fetch();
+
+if ($last && strtotime($last['created_at']) > time() - 60) {
+    die("Rate limit exceeded (1 post/minute)");
+}
+
+$imageName = null;
+
+if (!empty($_FILES['image']['name'])) {
+    if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
+        die("Image too large");
+    }
+
+    $ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
+    if (!in_array($ext, ['png', 'jpeg', 'jpg'])) {
+        die("Invalid file type");
+    }
+
+    $imageName = uniqid() . '.' . $ext;
+    move_uploaded_file($_FILES['image']['tmp_name'], "uploads/$imageName");
+}
+
+$stmt = $pdo->prepare("INSERT INTO posts (message, image, ip) VALUES (?, ?, ?)");
+$stmt->execute([$_POST['message'], $imageName, $ip]);
+
+header("Location: index.php");