ponepaste/includes/common.php

<?php
if (!defined('IN_PONEPASTE')) {
    die('This file may not be accessed directly.');
}
require_once(__DIR__ . '/../vendor/autoload.php');
require_once(__DIR__ . '/config.php');
require_once(__DIR__ . '/functions.php');
require_once(__DIR__ . '/DatabaseHandle.class.php');
require_once(__DIR__ . '/User.class.php');
require_once(__DIR__ . '/ViewBag.class.php');

/* View functions */
function urlForPage($page = '') : string {
    if (!PP_MOD_REWRITE) {
        $page .= '.php';
    }

    return (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/' . $page;
}


function urlForPaste($paste_id) : string {
    if (PP_MOD_REWRITE) {
        return "/${paste_id}";
    }

    return "/paste.php?id=${paste_id}";
}

function urlForMember(string $member_name) : string {
    if (PP_MOD_REWRITE) {
        return '/user/' . urlencode($member_name);
    }

    return '/user.php?name=' . urlencode($member_name);
}

function optionsForSelect(array $displays, array $values, string $currentSelection = null) : string {
    $size = count($displays);

    if (count($values) !== $size) {
        throw new Exception('Option names and option values must be the same count');
    }

    $html = '';

    for ($i = 0; $i < $size; $i++) {
        $html .= '<option value="' . pp_html_escape($values[$i]) . '"';

        if ($currentSelection === $values[$i]) {
            $html .= ' selected="selected"';
        }

        $html .= '>' . pp_html_escape($displays[$i]) . '</option>';
    }

    return $html;
}

/* Database functions */
function getSiteInfo() : array {
    return require(__DIR__ . '/../config/site.php');
}

function getSiteAds(DatabaseHandle $conn) : array|bool {
    return $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();
}

function getSiteTotalPastes(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT COUNT(*) FROM pastes')->fetch(PDO::FETCH_NUM)[0]);
}

function getSiteTotalviews(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT tpage FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);
}

function getSiteTotal_unique_views(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);
}

/**
 * Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
 *
 * @param string $unescaped String to escape
 * @return string HTML-escaped string
 */
function pp_html_escape(string $unescaped) : string {
    return htmlspecialchars($unescaped, ENT_QUOTES, 'UTF-8', false);
}

function updatePageViews(DatabaseHandle $conn) : void {
    $ip = $_SERVER['REMOTE_ADDR'];
    $date = date('jS F Y');
    $data_ip = file_get_contents('tmp/temp.tdata');

    $last_page_view = $conn->query('SELECT * FROM page_view ORDER BY id DESC LIMIT 1')->fetch();
    $last_date = $last_page_view['date'];

    if ($last_date == $date) {
        $last_tpage = intval($last_page_view['tpage']) + 1;

        if (str_contains($data_ip, $ip)) {
            // IP already exists, Update view count
            $statement = $conn->prepare("UPDATE page_view SET tpage = ? WHERE id = ?");
            $statement->execute([$last_tpage, $last_page_view['id']]);
        } else {
            $last_tvisit = intval($last_page_view['tvisit']) + 1;

            // Update both tpage and tvisit.
            $statement = $conn->prepare("UPDATE page_view SET tpage = ?,tvisit = ? WHERE id = ?");
            $statement->execute([$last_tpage, $last_tvisit, $last_page_view['id']]);
            file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);
        }
    } else {
        // Delete the file and clear data_ip
        unlink("tmp/temp.tdata");

        // New date is created
        $statement = $conn->prepare("INSERT INTO page_view (date, tpage, tvisit) VALUES (?, '1', '1')");
        $statement->execute([$date]);

        // Update the IP
        file_put_contents('tmp/temp.tdata', $ip);
    }
}

session_start();

$conn = new DatabaseHandle("mysql:host=$db_host;dbname=$db_schema;charset=utf8mb4", $db_user, $db_pass);

// Setup site info
$site_info = getSiteInfo();
$global_site_info = $site_info['site_info'];
$row = $site_info['site_info'];
$title = Trim($row['title']);
$baseurl = Trim($row['baseurl']);
$site_name = Trim($row['site_name']);
$email = Trim($row['email']);
$ga = Trim($row['google_analytics']);
$additional_scripts = Trim($row['additional_scripts']);


// Setup theme
$default_theme = 'bulma';

// Site permissions
$site_permissions = $site_info['permissions'];

$site_is_private = false;
$site_disable_guests = false;

if ($site_permissions) {
    $site_is_private = (bool) $site_permissions['private'];
    $site_disable_guests = (bool) $site_permissions['disable_guest'];
}

// CAPTCHA configuration
$captcha_config = $site_info['captcha'];
$captcha_enabled = (bool) $captcha_config['enabled'];

// Check if IP is banned
$ip = $_SERVER['REMOTE_ADDR'];
if ($conn->query('SELECT 1 FROM ban_user WHERE ip = ?', [$ip])->fetch()) {
    die('You have been banned.');
}

$site_ads = getSiteAds($conn);
$total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn);

$current_user = User::current($conn);

/* Security headers */
header('X-Frame-Options: SAMEORIGIN');
header('X-Content-Type-Options: nosniff');

//ob_start();
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`<?php`
			`if (!defined('IN_PONEPASTE')) {`
More cleanup 2021-07-10 17:54:43 -04:00			`die('This file may not be accessed directly.');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`}`
Add Composer, highlight.php, bunch of restructuring of paste.php 2021-08-20 15:53:06 -04:00			`require_once(__DIR__ . '/../vendor/autoload.php');`
Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`require_once(__DIR__ . '/config.php');`
			`require_once(__DIR__ . '/functions.php');`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00			`require_once(__DIR__ . '/DatabaseHandle.class.php');`
			`require_once(__DIR__ . '/User.class.php');`
New page template system kinda. 2021-08-22 21:45:26 -04:00			`require_once(__DIR__ . '/ViewBag.class.php');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`/* View functions */`
Make markup more valid 2021-08-26 05:58:37 -04:00			`function urlForPage($page = '') : string {`
			`if (!PP_MOD_REWRITE) {`
			`$page .= '.php';`
			`}`

			`return (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/' . $page;`
			`}`



Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`function urlForPaste($paste_id) : string {`
Change some variables to constants in config. 2021-07-26 17:41:54 -04:00			`if (PP_MOD_REWRITE) {`
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`return "/${paste_id}";`
			`}`

			`return "/paste.php?id=${paste_id}";`
			`}`

			`function urlForMember(string $member_name) : string {`
Change some variables to constants in config. 2021-07-26 17:41:54 -04:00			`if (PP_MOD_REWRITE) {`
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`return '/user/' . urlencode($member_name);`
			`}`

			`return '/user.php?name=' . urlencode($member_name);`
			`}`
Code format. 2021-07-26 17:42:43 -04:00
Rebuild JS 2021-08-25 20:22:17 -04:00			`function optionsForSelect(array $displays, array $values, string $currentSelection = null) : string {`
			`$size = count($displays);`

			`if (count($values) !== $size) {`
			`throw new Exception('Option names and option values must be the same count');`
			`}`

			`$html = '';`

			`for ($i = 0; $i < $size; $i++) {`
			`$html .= '<option value="' . pp_html_escape($values[$i]) . '"';`

			`if ($currentSelection === $values[$i]) {`
			`$html .= ' selected="selected"';`
			`}`

			`$html .= '>' . pp_html_escape($displays[$i]) . '</option>';`
			`}`

			`return $html;`
			`}`

Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`/* Database functions */`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`function getSiteInfo() : array {`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`return require(__DIR__ . '/../config/site.php');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`}`

Un break code 2021-07-20 12:15:41 -04:00			`function getSiteAds(DatabaseHandle $conn) : array\|bool {`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`return $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();`
			`}`
Make paste page kind of work. Barely. Definitely not done yet. 2021-07-11 11:54:37 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotalPastes(DatabaseHandle $conn) : int {`
Make paste page kind of work. Barely. Definitely not done yet. 2021-07-11 11:54:37 -04:00			`return intval($conn->query('SELECT COUNT(*) FROM pastes')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotalviews(DatabaseHandle $conn) : int {`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`return intval($conn->query('SELECT tpage FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotal_unique_views(DatabaseHandle $conn) : int {`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00
Various fixes 2021-07-16 09:53:34 -04:00			`/**`
			* Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
			`*`
			`* @param string $unescaped String to escape`
			`* @return string HTML-escaped string`
			`*/`
			`function pp_html_escape(string $unescaped) : string {`
Add Composer, highlight.php, bunch of restructuring of paste.php 2021-08-20 15:53:06 -04:00			`return htmlspecialchars($unescaped, ENT_QUOTES, 'UTF-8', false);`
Various fixes 2021-07-16 09:53:34 -04:00			`}`

Un break code 2021-07-20 12:15:41 -04:00			`function updatePageViews(DatabaseHandle $conn) : void {`
More cleanup 2021-07-10 17:54:43 -04:00			`$ip = $_SERVER['REMOTE_ADDR'];`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$date = date('jS F Y');`
More cleanup 2021-07-10 17:54:43 -04:00			`$data_ip = file_get_contents('tmp/temp.tdata');`

			`$last_page_view = $conn->query('SELECT * FROM page_view ORDER BY id DESC LIMIT 1')->fetch();`
			`$last_date = $last_page_view['date'];`

			`if ($last_date == $date) {`
Small bit of code cleanup. 2021-07-17 18:29:36 -04:00			`$last_tpage = intval($last_page_view['tpage']) + 1;`
More cleanup 2021-07-10 17:54:43 -04:00
Small bit of code cleanup. 2021-07-17 18:29:36 -04:00			`if (str_contains($data_ip, $ip)) {`
More cleanup 2021-07-10 17:54:43 -04:00			`// IP already exists, Update view count`
			`$statement = $conn->prepare("UPDATE page_view SET tpage = ? WHERE id = ?");`
			`$statement->execute([$last_tpage, $last_page_view['id']]);`
			`} else {`
			`$last_tvisit = intval($last_page_view['tvisit']) + 1;`

			`// Update both tpage and tvisit.`
			`$statement = $conn->prepare("UPDATE page_view SET tpage = ?,tvisit = ? WHERE id = ?");`
			`$statement->execute([$last_tpage, $last_tvisit, $last_page_view['id']]);`
			`file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);`
			`}`
			`} else {`
			`// Delete the file and clear data_ip`
			`unlink("tmp/temp.tdata");`

			`// New date is created`
			`$statement = $conn->prepare("INSERT INTO page_view (date, tpage, tvisit) VALUES (?, '1', '1')");`
			`$statement->execute([$date]);`

			`// Update the IP`
			`file_put_contents('tmp/temp.tdata', $ip);`
			`}`
			`}`

ajax_pastes.php actually works now 2021-07-11 12:18:57 -04:00			`session_start();`

Change MySQL connection charset 2021-08-18 16:32:19 -04:00			`$conn = new DatabaseHandle("mysql:host=$db_host;dbname=$db_schema;charset=utf8mb4", $db_user, $db_pass);`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`// Setup site info`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$site_info = getSiteInfo();`
New page template system kinda. 2021-08-22 21:45:26 -04:00			`$global_site_info = $site_info['site_info'];`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$row = $site_info['site_info'];`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$title = Trim($row['title']);`
			`$baseurl = Trim($row['baseurl']);`
			`$site_name = Trim($row['site_name']);`
			`$email = Trim($row['email']);`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$ga = Trim($row['google_analytics']);`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$additional_scripts = Trim($row['additional_scripts']);`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00

Get rid of lang files 2021-08-26 05:35:21 -04:00			`// Setup theme`
			`$default_theme = 'bulma';`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
More small cleanup 2021-08-22 21:57:14 -04:00			`// Site permissions`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$site_permissions = $site_info['permissions'];`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00
code 2021-08-25 02:08:30 -04:00			`$site_is_private = false;`
			`$site_disable_guests = false;`

More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`if ($site_permissions) {`
fix siteprivate, delete unused templates 2021-08-22 21:54:46 -04:00			`$site_is_private = (bool) $site_permissions['private'];`
Experimental tag input bullshit 2021-08-23 02:49:54 -04:00			`$site_disable_guests = (bool) $site_permissions['disable_guest'];`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`}`

Some admin page fixes. 2021-08-09 04:21:39 -04:00			`// CAPTCHA configuration`
			`$captcha_config = $site_info['captcha'];`
More small cleanup 2021-08-22 21:57:14 -04:00			`$captcha_enabled = (bool) $captcha_config['enabled'];`
Some admin page fixes. 2021-08-09 04:21:39 -04:00
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`// Check if IP is banned`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$ip = $_SERVER['REMOTE_ADDR'];`
Move some functions around 2021-08-17 13:19:10 -04:00			`if ($conn->query('SELECT 1 FROM ban_user WHERE ip = ?', [$ip])->fetch()) {`
Get rid of lang files 2021-08-26 05:35:21 -04:00			`die('You have been banned.');`
Move some functions around 2021-08-17 13:19:10 -04:00			`}`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`$site_ads = getSiteAds($conn);`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`$total_pastes = getSiteTotalPastes($conn);`
			`$total_page_views = getSiteTotalviews($conn);`
Various fixes 2021-07-16 09:53:34 -04:00			`$total_unique_views = getSiteTotal_unique_views($conn);`

Un break code 2021-07-20 12:15:41 -04:00			`$current_user = User::current($conn);`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00
Fix small reflected XSS 2021-08-20 16:17:13 -04:00			`/* Security headers */`
			`header('X-Frame-Options: SAMEORIGIN');`
			`header('X-Content-Type-Options: nosniff');`
New page template system kinda. 2021-08-22 21:45:26 -04:00
			`//ob_start();`