ponepaste/index.php

<?php
/*
 * Paste <https://github.com/jordansamuel/PASTE>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License in GPL.txt for more details.
 */

$directory = 'install';

if (file_exists($directory)) {
    header("Location: install");
    exit();
}

// Required functions
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/captcha.php');
require_once('includes/functions.php');
require_once('includes/Tag.class.php');

function verifyCaptcha() : string|bool {
    global $captcha_config;
    global $lang;
    global $current_user;

    if ($captcha_config['enabled'] && !$current_user) {
        $scode = strtolower(htmlentities(Trim($_POST['scode'])));
        $cap_code = strtolower($_SESSION['captcha']['code']);
        if ($cap_code !== $scode) {
            return $lang['image_wrong']; // Wrong captcha.
        }
    }

    return true;
}

/**
 * Calculate the expiry of a paste based on user input.
 *
 * @param string $expiry Expiry time.
 *                       SELF means to expire upon one view. +10M, +1H, +1D, +1W, +2W, +1M all do the obvious.
 *                       Anything unhandled means to expire never.
 * @return string|null Expiry time, or NULL if expires never.
 */
function calculatePasteExpiry(string $expiry) {
    // used to use mktime
    if ($expiry === 'self') {
        return 'SELF'; // What does this do?
    }

    $valid_expiries = ['10M', '1H', '1D', '1W', '2W', '1M'];

    return in_array($expiry, $valid_expiries)
        ? (new DateTime())->add(new DateInterval("P{$expiry}"))->format('U')
        : null;
}

function validatePasteFields() : string|null {
    global $lang;

    if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
        return $lang['empty_paste'];
    } elseif (!isset($_POST['title'])) { /* No paste title POSTed */
        return $lang['error'];
    } elseif (empty($_POST["tag_input"])) { /* No tags provided */
        return $lang['notags'];
    } elseif (strlen($_POST["title"]) > 70) { /* Paste title too long */
        return $lang['titlelen'];
    } elseif (mb_strlen($_POST["paste_data"], '8bit') > PP_PASTE_LIMIT_BYTES) { /* Paste size too big */
        return $lang['large_paste'];
    }

    return null;
}

// UTF-8
header('Content-Type: text/html; charset=utf-8');

// Current date & user IP
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];

// Sitemap
$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1');
if ($row = $site_sitemap_rows->fetch()) {
    $priority = $row['priority'];
    $changefreq = $row['changefreq'];
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    if ($captcha_config['enabled']) {
        $_SESSION['captcha'] = captcha($captcha_config['colour'], $captcha_config['mode'], $captcha_config['multiple'], $captcha_config['allowed']);
    }
}

updatePageViews($conn);

// POST Handler
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $error = validatePasteFields();

    if ($error !== null) {
        goto OutPut;
    }

    $captchaResponse = verifyCaptcha();

    if ($captchaResponse !== true) {
        $error = $captchaResponse;
        goto OutPut;
    }

    $editing = isset($_POST['edit']);

    $p_title = trim(htmlspecialchars($_POST['title']));

    if (empty($p_title)) {
        $p_title = 'Untitled';
    }

    $p_content = htmlspecialchars($_POST['paste_data']);
    $p_visible = trim(htmlspecialchars($_POST['visibility']));
    $p_code = trim(htmlspecialchars($_POST['format']));
    $p_expiry = trim(htmlspecialchars($_POST['paste_expire_date']));
    $p_password = $_POST['pass'];
    $tag_input = $_POST['tag_input'];

    if (empty($p_password)) {
        $p_password = null;
    } else {
        $p_password = password_hash($p_password, PASSWORD_DEFAULT);
    }

    $p_encrypt = $_POST['encrypted'];
    if ($p_encrypt == "" || $p_encrypt == null) {
       $p_encrypt = "0";
        } else {
        // Encrypt option
        $p_encrypt = "1";
        $p_content = openssl_encrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);
   }

    // Set expiry time
    $expires = calculatePasteExpiry($p_expiry);

    // Edit existing paste or create new?
    if ($editing) {
        if ($current_user &&
            $current_user->user_id === (int)$conn->querySelectOne('SELECT user_id FROM pastes WHERE id = ?', [$_POST['paste_id']])['user_id']) {
            $paste_id = intval($_POST['paste_id']);

            $conn->query(
                "UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?, ip = ?, updated_at = NOW()
                    WHERE id = ?",
                [$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $ip, $paste_id]
            );

            Tag::replacePasteTags($conn, $paste_id, Tag::parseTagInput($tag_input));
        } else {
            $error = $lang['loginwarning']; //"You must be logged in to do that."
        }
    } else {
        $paste_owner = $current_user ? $current_user->user_id : 1; /* 1 is the guest user's user ID */

        $paste_id = $conn->queryInsert(
            "INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, user_id, created_at, ip, views) VALUES 
                                (?,     ?,       ?,       ?,    ?,      ?,        ?,       ?,       NOW(),      ?,  0)",
            [$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $paste_owner, $ip]
        );

        Tag::replacePasteTags($conn, $paste_id, Tag::parseTagInput($tag_input));

        if ($p_visible == '0') {
            addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);
        }
    }

    // Redirect to paste on successful entry, or on successful edit redirect back to edited paste
    if (isset($paste_id)) {
        header('Location: ' . urlForPaste($paste_id));
        die();
    }
}

OutPut:
// Theme
require_once('theme/' . $default_theme . '/header.php');
require_once('theme/' . $default_theme . '/main.php');
require_once('theme/' . $default_theme . '/footer.php');
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`<?php`
			`/*`
			`* Paste <https://github.com/jordansamuel/PASTE>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 3`
			`* of the License, or (at your option) any later version.`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`*`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License in GPL.txt for more details.`
			`*/`

			`$directory = 'install';`

			`if (file_exists($directory)) {`
			`header("Location: install");`
			`exit();`
			`}`

			`// Required functions`
More cleanup 2021-07-10 17:54:43 -04:00			`define('IN_PONEPASTE', 1);`
			`require_once('includes/common.php');`
ajax_pastes.php actually works now 2021-07-11 12:18:57 -04:00			`require_once('includes/captcha.php');`
			`require_once('includes/functions.php');`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`require_once('includes/Tag.class.php');`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
Format 2021-08-13 16:43:38 -04:00			`function verifyCaptcha() : string\|bool {`
Some admin page fixes. 2021-08-09 04:21:39 -04:00			`global $captcha_config;`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`global $lang;`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00			`global $current_user;`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00
Some admin page fixes. 2021-08-09 04:21:39 -04:00			`if ($captcha_config['enabled'] && !$current_user) {`
Format 2021-08-13 16:43:38 -04:00			`$scode = strtolower(htmlentities(Trim($_POST['scode'])));`
			`$cap_code = strtolower($_SESSION['captcha']['code']);`
			`if ($cap_code !== $scode) {`
			`return $lang['image_wrong']; // Wrong captcha.`
			`}`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`}`

			`return true;`
			`}`

			`/**`
			`* Calculate the expiry of a paste based on user input.`
			`*`
			`* @param string $expiry Expiry time.`
			`* SELF means to expire upon one view. +10M, +1H, +1D, +1W, +2W, +1M all do the obvious.`
			`* Anything unhandled means to expire never.`
			`* @return string\|null Expiry time, or NULL if expires never.`
			`*/`
			`function calculatePasteExpiry(string $expiry) {`
			`// used to use mktime`
			`if ($expiry === 'self') {`
			`return 'SELF'; // What does this do?`
			`}`

			`$valid_expiries = ['10M', '1H', '1D', '1W', '2W', '1M'];`

			`return in_array($expiry, $valid_expiries)`
			`? (new DateTime())->add(new DateInterval("P{$expiry}"))->format('U')`
			`: null;`
			`}`

Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`function validatePasteFields() : string\|null {`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`global $lang;`

			`if (empty($_POST["paste_data"]) \|\| trim($_POST['paste_data'] === '')) { /* Empty paste input */`
			`return $lang['empty_paste'];`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`} elseif (!isset($_POST['title'])) { /* No paste title POSTed */`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`return $lang['error'];`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`} elseif (empty($_POST["tag_input"])) { /* No tags provided */`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`return $lang['notags'];`
			`} elseif (strlen($_POST["title"]) > 70) { /* Paste title too long */`
			`return $lang['titlelen'];`
Change some variables to constants in config. 2021-07-26 17:41:54 -04:00			`} elseif (mb_strlen($_POST["paste_data"], '8bit') > PP_PASTE_LIMIT_BYTES) { /* Paste size too big */`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`return $lang['large_paste'];`
More cleanup 2021-07-10 17:54:43 -04:00			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`return null;`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`

More cleanup 2021-07-10 17:54:43 -04:00			`// UTF-8`
			`header('Content-Type: text/html; charset=utf-8');`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// Current date & user IP`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$date = date('jS F Y');`
			`$ip = $_SERVER['REMOTE_ADDR'];`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// Sitemap`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1');`
			`if ($row = $site_sitemap_rows->fetch()) {`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$priority = $row['priority'];`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$changefreq = $row['changefreq'];`
			`}`

Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`if ($_SERVER['REQUEST_METHOD'] !== 'POST') {`
Some admin page fixes. 2021-08-09 04:21:39 -04:00			`if ($captcha_config['enabled']) {`
			`$_SESSION['captcha'] = captcha($captcha_config['colour'], $captcha_config['mode'], $captcha_config['multiple'], $captcha_config['allowed']);`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`
			`}`

More cleanup 2021-07-10 17:54:43 -04:00			`updatePageViews($conn);`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// POST Handler`
Fix CAPTCHA 2021-07-14 18:02:39 -04:00			`if ($_SERVER['REQUEST_METHOD'] === 'POST') {`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$error = validatePasteFields();`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`if ($error !== null) {`
			`goto OutPut;`
			`}`

			`$captchaResponse = verifyCaptcha();`

			`if ($captchaResponse !== true) {`
			`$error = $captchaResponse;`
			`goto OutPut;`
			`}`

			`$editing = isset($_POST['edit']);`

Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`$p_title = trim(htmlspecialchars($_POST['title']));`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00
			`if (empty($p_title)) {`
			`$p_title = 'Untitled';`
			`}`

Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$p_content = htmlspecialchars($_POST['paste_data']);`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`$p_visible = trim(htmlspecialchars($_POST['visibility']));`
			`$p_code = trim(htmlspecialchars($_POST['format']));`
			`$p_expiry = trim(htmlspecialchars($_POST['paste_expire_date']));`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$p_password = $_POST['pass'];`
made encryption work again. I did something. 2021-08-19 19:44:03 +01:00			`$tag_input = $_POST['tag_input'];`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00
			`if (empty($p_password)) {`
			`$p_password = null;`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`} else {`
			`$p_password = password_hash($p_password, PASSWORD_DEFAULT);`
			`}`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00
made encryption work again. I did something. 2021-08-19 19:44:03 +01:00			`$p_encrypt = $_POST['encrypted'];`
			`if ($p_encrypt == "" \|\| $p_encrypt == null) {`
			`$p_encrypt = "0";`
			`} else {`
			`// Encrypt option`
			`$p_encrypt = "1";`
More misc code cleanup. 2021-08-17 13:26:26 -04:00			`$p_content = openssl_encrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);`
made encryption work again. I did something. 2021-08-19 19:44:03 +01:00			`}`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00
			`// Set expiry time`
			`$expires = calculatePasteExpiry($p_expiry);`

			`// Edit existing paste or create new?`
			`if ($editing) {`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`if ($current_user &&`
Format 2021-08-13 16:43:38 -04:00			`$current_user->user_id === (int)$conn->querySelectOne('SELECT user_id FROM pastes WHERE id = ?', [$_POST['paste_id']])['user_id']) {`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$paste_id = intval($_POST['paste_id']);`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00
			`$conn->query(`
			`"UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?, ip = ?, updated_at = NOW()`
			`WHERE id = ?",`
			`[$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $ip, $paste_id]`
More cleanup 2021-07-10 17:54:43 -04:00			`);`

Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`Tag::replacePasteTags($conn, $paste_id, Tag::parseTagInput($tag_input));`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`} else {`
Updated Lang Error now displays message from en.php 2021-07-12 23:33:54 +01:00			`$error = $lang['loginwarning']; //"You must be logged in to do that."`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`} else {`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`$paste_owner = $current_user ? $current_user->user_id : 1; /* 1 is the guest user's user ID */`

			`$paste_id = $conn->queryInsert(`
			`"INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, user_id, created_at, ip, views) VALUES`
			`(?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, 0)",`
			`[$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $paste_owner, $ip]`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`);`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00
			`Tag::replacePasteTags($conn, $paste_id, Tag::parseTagInput($tag_input));`

Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`if ($p_visible == '0') {`
			`addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);`
			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00
			`// Redirect to paste on successful entry, or on successful edit redirect back to edited paste`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`if (isset($paste_id)) {`
			`header('Location: ' . urlForPaste($paste_id));`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`die();`
			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`

			`OutPut:`
			`// Theme`
			`require_once('theme/' . $default_theme . '/header.php');`
			`require_once('theme/' . $default_theme . '/main.php');`
			`require_once('theme/' . $default_theme . '/footer.php');`