DevWEB/index.php

<?php
session_start();
require 'db.php';

$posts = $pdo->query("SELECT * FROM posts ORDER BY created_at DESC")->fetchAll();
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="style.css">
</head>
<body>

<nav>
<a href="index.php">Forum</a>
<?php if (!isset($_SESSION['admin'])): ?>
<a href="login.php">Login</a>
<?php else: ?>
<a href="flag.php">Flag</a>
<a href="logout.php">Logout</a>
<?php endif; ?>
</nav>

<h2>Post a comment</h2>

<form action="upload.php" method="POST" enctype="multipart/form-data">
<textarea name="message" required></textarea><br>
<input type="file" name="image" accept=".png,.jpeg,.jpg"><br>
<button type="submit">Post</button>
</form>

<hr>

<h2>Posts</h2>

<?php foreach ($posts as $p): ?>
<div>
<b>IP:</b> <?= htmlspecialchars($p['ip']) ?><br>
<?= nl2br(htmlspecialchars($p['message'])) ?><br>
<?php if ($p['image']): ?>
<img src="uploads/<?= htmlspecialchars($p['image']) ?>" width="200">
<?php endif; ?>
<hr>
</div>
<?php endforeach; ?>

</body>
</html>