A simple system for creating multiple-choice questions for an audience to answer on their phones. Responses are tallied and displayed in real-time. https://openquestion.netsyms.com

required.php 2.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. <?php
  2. /**
  3. * This file contains global settings and utility functions.
  4. */
  5. ob_start(); // allow sending headers after content
  6. // Unicode, solves almost all stupid encoding problems
  7. header('Content-Type: text/html; charset=utf-8');
  8. // l33t $ecurity h4x
  9. header('X-Content-Type-Options: nosniff');
  10. header('X-XSS-Protection: 1; mode=block');
  11. header('X-Powered-By: PHP'); // no versions makes it harder to find vulns
  12. header('X-Frame-Options: "DENY"');
  13. header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
  14. $SECURE_NONCE = base64_encode(random_bytes(8));
  15. session_start(); // stick some cookies in it
  16. header("Content-Security-Policy: "
  17. . "default-src 'self';"
  18. . "object-src 'none'; "
  19. . "img-src * data:; "
  20. . "media-src 'self'; "
  21. . "frame-src 'none'; "
  22. . "font-src 'self'; "
  23. . "connect-src *; "
  24. . "style-src 'self' 'nonce-$SECURE_NONCE'; "
  25. . "script-src 'self' 'nonce-$SECURE_NONCE'");
  26. //
  27. // Composer
  28. require __DIR__ . '/vendor/autoload.php';
  29. // Settings file
  30. require __DIR__ . '/settings.php';
  31. if (!DEBUG) {
  32. error_reporting(0);
  33. } else {
  34. error_reporting(E_ALL);
  35. ini_set('display_errors', 'On');
  36. }
  37. /**
  38. * Kill off the running process and spit out an error message
  39. * @param string $error error message
  40. */
  41. function sendError($error) {
  42. global $SECURE_NONCE;
  43. die("<!DOCTYPE html>"
  44. . "<meta charset=\"UTF-8\">"
  45. . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
  46. . "<title>Error</title>"
  47. . "<style nonce=\"" . $SECURE_NONCE . "\">"
  48. . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
  49. . "h2 {font-family: sans-serif; font-size: 16px;} "
  50. . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
  51. . "i {font-size: 12px;}"
  52. . "</style>"
  53. . "<h1>A fatal application error has occurred.</h1>"
  54. . "<i>(This isn't your fault.)</i>"
  55. . "<h2>Details:</h2>"
  56. . "<p>" . htmlspecialchars($error) . "</p>");
  57. }
  58. // Database settings
  59. // Also inits database and stuff
  60. use Medoo\Medoo;
  61. $database;
  62. try {
  63. $database = new Medoo([
  64. 'database_type' => DB_TYPE,
  65. 'database_name' => DB_NAME,
  66. 'server' => DB_SERVER,
  67. 'username' => DB_USER,
  68. 'password' => DB_PASS,
  69. 'charset' => DB_CHARSET
  70. ]);
  71. } catch (Exception $ex) {
  72. //header('HTTP/1.1 500 Internal Server Error');
  73. sendError("Database error. Try again later. $ex");
  74. }
  75. $VARS;
  76. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  77. $VARS = $_POST;
  78. define("GET", false);
  79. } else {
  80. $VARS = $_GET;
  81. define("GET", true);
  82. }