ponepaste/index.php


<?php
/*
 * Paste <https://github.com/jordansamuel/PASTE>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License in GPL.txt for more details.
 */
 
session_start();

$directory = 'install';

if (file_exists($directory)) {
    header("Location: install");
    exit();
}

// Required functions
require_once('includes/captcha.php');
require_once('includes/functions.php');
define('IN_PONEPASTE', 1);
require_once('includes/common.php');

// PHP <5.5 compatibility
require_once('includes/password.php');

function calculatePasteExpiry($p_expiry) {
    switch ($p_expiry) {
        case '10M':
            $expires = mktime(date("H"), date("i") + "10", date("s"), date("n"), date("j"), date("Y"));
            break;
        case '1H':
            $expires = mktime(date("H") + "1", date("i"), date("s"), date("n"), date("j"), date("Y"));
        case '1D':
            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "1", date("Y"));
            break;
        case '1W':
            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "7", date("Y"));
            break;
        case '2W':
            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "14", date("Y"));
            break;
        case '1M':
            $expires = mktime(date("H"), date("i"), date("s"), date("n") + "1", date("j"), date("Y"));
            break;
        case 'self':
            $expires = "SELF";
            break;
        default:
            $expires = "NULL";
            break;
    }

    return $expires;
}

// UTF-8
header('Content-Type: text/html; charset=utf-8');

// Current date & user IP
$date    = date('jS F Y');
$ip      = $_SERVER['REMOTE_ADDR'];

// Ads
$site_ads_rows = $conn->query('SELECT * FROM ads WHERE id="1"');
while ($row = $site_ads_rows->fetch()) {
    $text_ads = Trim($row['text_ads']);
    $ads_1    = Trim($row['ads_1']);
    $ads_2    = Trim($row['ads_2']);
}

// Sitemap
$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options WHERE id="1"');
while ($row = $site_sitemap_rows->fetch()) {
    $priority   = $row['priority'];
    $changefreq = $row['changefreq'];
}

// Captcha
$site_captcha_rows = $conn->query("SELECT * FROM captcha where id='1'");
while ($row = $site_captcha_rows->fetch()) {
    $color   = Trim($row['color']);
    $mode    = Trim($row['mode']);
    $mul     = Trim($row['mul']);
    $allowed = Trim($row['allowed']);
    $cap_e   = Trim($row['cap_e']);
    $recaptcha_sitekey   = Trim($row['recaptcha_sitekey']);
    $recaptcha_secretkey   = Trim($row['recaptcha_secretkey']);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} else {
    if ($cap_e == "on") {
        if ($mode == "reCAPTCHA") {
            $_SESSION['captcha_mode'] = "recaptcha";
            $_SESSION['captcha'] = $recaptcha_sitekey;
        } else {
            $_SESSION['captcha_mode'] = "internal";
            $_SESSION['captcha'] = captcha($color, $mode, $mul, $allowed);
        }
    } else {
        $_SESSION['captcha_mode'] = "none";
    }        
}


if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} else {
    if ($disableguest == "on") {
        $noguests = "on";
	}
	if ($siteprivate =="on") {
		$privatesite = "on";
    }
	if (isset($_SESSION['username'])) {
		$noguests = "off";
	}
}

updatePageViews($conn);

// POST Handler
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	// Check if fields are empty
	if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) {
		$error = $lang['empty_paste'];
		goto OutPut;
		exit;
	}

    if (empty($_POST["tags"])) {
		$error = $lang['notags'];
		goto OutPut;
		exit;
	}

    if  (strlen($_POST["title"]) > 70) {
        $error = $lang['titlelen'];
		goto OutPut;
		exit;
    }	


	// Set our limits
	if (mb_strlen($_POST["paste_data"], '8bit') >  1024 * 1024 * $pastelimit) {
		$error = $lang['large_paste'];
		goto OutPut;
		exit;
	}
			
    // Check POST data status
    if (isset($_POST['title']) && isset($_POST['paste_data'])) {
        if ($cap_e == "on" && !isset($_SESSION['username'])) {
            if ($mode == "reCAPTCHA") {
                $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);
                $response = json_decode($response, true);
                if ( $response["success"] == false ) {
                    // reCAPTCHA Errors
                    switch( $response["error-codes"][0] ) {
                        case "missing-input-response":
                            $error = $lang['missing-input-response']; 
                            break;
                        case "missing-input-secret":
                            $error = $lang['missing-input-secret'];
                            break;
                        case "invalid-input-response":
                            $error = $lang['missing-input-response'];
                            break;
                        case "invalid-input-secret":
                            $error = $lang['invalid-input-secret'];
                            break;
                    }
                    goto OutPut;
                }
            } else {
                $scode    = strtolower(htmlentities(Trim($_POST['scode'])));
                $cap_code = strtolower($_SESSION['captcha']['code']);
                if ($cap_code == $scode) {
                } else {
                    $error = $lang['image_wrong']; // Wrong captcha.
                    goto OutPut;
                }
            }
        }

        $p_title    = Trim(htmlspecialchars($_POST['title']));
			if (strlen($p_title)==0) $p_title='Untitled';
        $p_content  = htmlspecialchars($_POST['paste_data']);
        $p_visible  = Trim(htmlspecialchars($_POST['visibility']));
        $p_code     = Trim(htmlspecialchars($_POST['format']));
        $p_expiry   = Trim(htmlspecialchars($_POST['paste_expire_date']));
		$p_tagsys  = Trim(htmlspecialchars($_POST['tags']));
        $p_tagsys =  rtrim($p_tagsys, ',');
        $p_password = $_POST['pass'];
        if ($p_password == "" || $p_password == null) {
            $p_password = "NONE";
        } else {
            $p_password = password_hash($p_password, PASSWORD_DEFAULT);
        }
        $p_encrypt = Trim(htmlspecialchars($_POST['encrypted']));
        
        if (empty($p_encrypt)) {
            $p_encrypt = "0";
        } else {
            // Encrypt option
            $p_encrypt = "1";
            $p_content = encrypt($p_content);
        }
        
        if (isset($_SESSION['token'])) {
            $p_member = Trim($_SESSION['username']);
        } else {
            $p_member = "Guest";
        }
        // Set expiry time
        $expires = calculatePasteExpiry($p_expiry);

        $p_date    = date('jS F Y h:i:s A');
        $date      = date('jS F Y');
        $now_time  = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
        $timeedit  = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));

        // Edit existing paste or create new?
        if ( isset($_POST['edit'] ) ) {
            if (isset($_SESSION['username'])) {
            $edit_paste_id = $_POST['paste_id'];
            $statement = $conn->prepare(
                "UPDATE pastes SET title = ?,content = ?,visible = ?,code=?,expiry=?,password=?,encrypt=?,member=?,ip=?,tagsys=?,now_time=? ,timeedit=? WHERE id = '?'"
            );

            $statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$ip,$p_tagsys,$now_time,$timeedit,$edit_paste_id]);
        }}
        else {
             $statement = $conn->prepare("INSERT INTO pastes (title,content,visible,code,expiry,password,encrypt,member,date,ip,now_time,views,s_date,tagsys) VALUES 
            (?,?,?,?,?,?,?,?,?,?,?,'0',?,?)");
            $statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]); 
            
        }
            $paste_id = $conn->query('SELECT MAX(id) FROM pastes')->fetch(PDO::FETCH_NUM)[0];
            $success = $paste_id;

            if ($p_visible == '0') {
                addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);
            }
        

    } else {
        $error = $lang['error']; // "Something went wrong";
    }
	
	// Redirect to paste on successful entry, or on successful edit redirect back to edited paste
	if ( isset( $success ) ) {
		if ( $mod_rewrite == '1' ) {
            if ( isset( $_POST['edit'] ) ) {
                $paste_url = "$edit_paste_id";
            } else {
                $paste_url = "$success"; 
            }
        } else {
            if ( $_POST['edit'] ) {
                $paste_url = "paste.php?id=$edit_paste_id";
            } else {
                $paste_url = "paste.php?id=$success";
            }
        }
		header("Location: ".$paste_url."");
	}

}

OutPut:
// Theme
require_once('theme/' . $default_theme . '/header.php');
require_once('theme/' . $default_theme . '/main.php');
require_once('theme/' . $default_theme . '/footer.php');
?>
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`<?php`
			`/*`
			`* Paste <https://github.com/jordansamuel/PASTE>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 3`
			`* of the License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License in GPL.txt for more details.`
			`*/`

			`session_start();`

			`$directory = 'install';`

			`if (file_exists($directory)) {`
			`header("Location: install");`
			`exit();`
			`}`

			`// Required functions`
			`require_once('includes/captcha.php');`
			`require_once('includes/functions.php');`
More cleanup 2021-07-10 17:54:43 -04:00			`define('IN_PONEPASTE', 1);`
			`require_once('includes/common.php');`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// PHP <5.5 compatibility`
			`require_once('includes/password.php');`

More cleanup 2021-07-10 17:54:43 -04:00			`function calculatePasteExpiry($p_expiry) {`
			`switch ($p_expiry) {`
			`case '10M':`
			`$expires = mktime(date("H"), date("i") + "10", date("s"), date("n"), date("j"), date("Y"));`
			`break;`
			`case '1H':`
			`$expires = mktime(date("H") + "1", date("i"), date("s"), date("n"), date("j"), date("Y"));`
			`case '1D':`
			`$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "1", date("Y"));`
			`break;`
			`case '1W':`
			`$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "7", date("Y"));`
			`break;`
			`case '2W':`
			`$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "14", date("Y"));`
			`break;`
			`case '1M':`
			`$expires = mktime(date("H"), date("i"), date("s"), date("n") + "1", date("j"), date("Y"));`
			`break;`
			`case 'self':`
			`$expires = "SELF";`
			`break;`
			`default:`
			`$expires = "NULL";`
			`break;`
			`}`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
More cleanup 2021-07-10 17:54:43 -04:00			`return $expires;`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}`

More cleanup 2021-07-10 17:54:43 -04:00			`// UTF-8`
			`header('Content-Type: text/html; charset=utf-8');`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// Current date & user IP`
			`$date = date('jS F Y');`
			`$ip = $_SERVER['REMOTE_ADDR'];`

			`// Ads`
			`$site_ads_rows = $conn->query('SELECT * FROM ads WHERE id="1"');`
			`while ($row = $site_ads_rows->fetch()) {`
			`$text_ads = Trim($row['text_ads']);`
			`$ads_1 = Trim($row['ads_1']);`
			`$ads_2 = Trim($row['ads_2']);`
			`}`

			`// Sitemap`
			`$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options WHERE id="1"');`
			`while ($row = $site_sitemap_rows->fetch()) {`
			`$priority = $row['priority'];`
			`$changefreq = $row['changefreq'];`
			`}`

			`// Captcha`
			`$site_captcha_rows = $conn->query("SELECT * FROM captcha where id='1'");`
			`while ($row = $site_captcha_rows->fetch()) {`
			`$color = Trim($row['color']);`
			`$mode = Trim($row['mode']);`
			`$mul = Trim($row['mul']);`
			`$allowed = Trim($row['allowed']);`
			`$cap_e = Trim($row['cap_e']);`
			`$recaptcha_sitekey = Trim($row['recaptcha_sitekey']);`
			`$recaptcha_secretkey = Trim($row['recaptcha_secretkey']);`
			`}`
			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`} else {`
			`if ($cap_e == "on") {`
			`if ($mode == "reCAPTCHA") {`
			`$_SESSION['captcha_mode'] = "recaptcha";`
			`$_SESSION['captcha'] = $recaptcha_sitekey;`
			`} else {`
			`$_SESSION['captcha_mode'] = "internal";`
			`$_SESSION['captcha'] = captcha($color, $mode, $mul, $allowed);`
			`}`
			`} else {`
			`$_SESSION['captcha_mode'] = "none";`
			`}`
			`}`


			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`} else {`
			`if ($disableguest == "on") {`
			`$noguests = "on";`
			`}`
			`if ($siteprivate =="on") {`
			`$privatesite = "on";`
			`}`
			`if (isset($_SESSION['username'])) {`
			`$noguests = "off";`
			`}`
			`}`

More cleanup 2021-07-10 17:54:43 -04:00			`updatePageViews($conn);`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// POST Handler`
			`if ($_SERVER['REQUEST_METHOD'] == 'POST') {`
			`// Check if fields are empty`
More cleanup 2021-07-10 17:54:43 -04:00			`if (empty($_POST["paste_data"]) \|\| trim($_POST['paste_data'] === '')) {`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$error = $lang['empty_paste'];`
			`goto OutPut;`
			`exit;`
			`}`
More cleanup 2021-07-10 17:54:43 -04:00
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`if (empty($_POST["tags"])) {`
			`$error = $lang['notags'];`
			`goto OutPut;`
			`exit;`
			`}`
More cleanup 2021-07-10 17:54:43 -04:00
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`if (strlen($_POST["title"]) > 70) {`
			`$error = $lang['titlelen'];`
			`goto OutPut;`
			`exit;`
			`}`
More cleanup 2021-07-10 17:54:43 -04:00
Initial commit Initial commit 2021-07-10 19:18:17 +01:00
			`// Set our limits`
			`if (mb_strlen($_POST["paste_data"], '8bit') > 1024 * 1024 * $pastelimit) {`
			`$error = $lang['large_paste'];`
			`goto OutPut;`
			`exit;`
			`}`

			`// Check POST data status`
More cleanup 2021-07-10 17:54:43 -04:00			`if (isset($_POST['title']) && isset($_POST['paste_data'])) {`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`if ($cap_e == "on" && !isset($_SESSION['username'])) {`
			`if ($mode == "reCAPTCHA") {`
			`$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);`
			`$response = json_decode($response, true);`
			`if ( $response["success"] == false ) {`
			`// reCAPTCHA Errors`
			`switch( $response["error-codes"][0] ) {`
			`case "missing-input-response":`
			`$error = $lang['missing-input-response'];`
			`break;`
			`case "missing-input-secret":`
			`$error = $lang['missing-input-secret'];`
			`break;`
			`case "invalid-input-response":`
			`$error = $lang['missing-input-response'];`
			`break;`
			`case "invalid-input-secret":`
			`$error = $lang['invalid-input-secret'];`
			`break;`
			`}`
			`goto OutPut;`
			`}`
			`} else {`
			`$scode = strtolower(htmlentities(Trim($_POST['scode'])));`
			`$cap_code = strtolower($_SESSION['captcha']['code']);`
			`if ($cap_code == $scode) {`
			`} else {`
			`$error = $lang['image_wrong']; // Wrong captcha.`
			`goto OutPut;`
			`}`
			`}`
			`}`

			`$p_title = Trim(htmlspecialchars($_POST['title']));`
			`if (strlen($p_title)==0) $p_title='Untitled';`
			`$p_content = htmlspecialchars($_POST['paste_data']);`
			`$p_visible = Trim(htmlspecialchars($_POST['visibility']));`
			`$p_code = Trim(htmlspecialchars($_POST['format']));`
			`$p_expiry = Trim(htmlspecialchars($_POST['paste_expire_date']));`
			`$p_tagsys = Trim(htmlspecialchars($_POST['tags']));`
			`$p_tagsys = rtrim($p_tagsys, ',');`
			`$p_password = $_POST['pass'];`
			`if ($p_password == "" \|\| $p_password == null) {`
			`$p_password = "NONE";`
			`} else {`
			`$p_password = password_hash($p_password, PASSWORD_DEFAULT);`
			`}`
			`$p_encrypt = Trim(htmlspecialchars($_POST['encrypted']));`

More cleanup 2021-07-10 17:54:43 -04:00			`if (empty($p_encrypt)) {`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$p_encrypt = "0";`
			`} else {`
			`// Encrypt option`
			`$p_encrypt = "1";`
			`$p_content = encrypt($p_content);`
			`}`

			`if (isset($_SESSION['token'])) {`
			`$p_member = Trim($_SESSION['username']);`
			`} else {`
			`$p_member = "Guest";`
			`}`
			`// Set expiry time`
More cleanup 2021-07-10 17:54:43 -04:00			`$expires = calculatePasteExpiry($p_expiry);`

Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$p_date = date('jS F Y h:i:s A');`
			`$date = date('jS F Y');`
			`$now_time = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));`
			`$timeedit = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));`
More cleanup 2021-07-10 17:54:43 -04:00
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`// Edit existing paste or create new?`
			`if ( isset($_POST['edit'] ) ) {`
			`if (isset($_SESSION['username'])) {`
			`$edit_paste_id = $_POST['paste_id'];`
More cleanup 2021-07-10 17:54:43 -04:00			`$statement = $conn->prepare(`
			`"UPDATE pastes SET title = ?,content = ?,visible = ?,code=?,expiry=?,password=?,encrypt=?,member=?,ip=?,tagsys=?,now_time=? ,timeedit=? WHERE id = '?'"`
			`);`

			`$statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$ip,$p_tagsys,$now_time,$timeedit,$edit_paste_id]);`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`}}`
			`else {`
			`$statement = $conn->prepare("INSERT INTO pastes (title,content,visible,code,expiry,password,encrypt,member,date,ip,now_time,views,s_date,tagsys) VALUES`
? I could not resist making that the commit message; this changes what appear to be some find and replace failures to be valid syntax. 2021-07-10 15:42:04 -04:00			`(?,?,?,?,?,?,?,?,?,?,?,'0',?,?)");`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]);`

			`}`
More cleanup 2021-07-10 17:54:43 -04:00			`$paste_id = $conn->query('SELECT MAX(id) FROM pastes')->fetch(PDO::FETCH_NUM)[0];`
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`$success = $paste_id;`
More cleanup 2021-07-10 17:54:43 -04:00
Initial commit Initial commit 2021-07-10 19:18:17 +01:00			`if ($p_visible == '0') {`
			`addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);`
			`}`


			`} else {`
			`$error = $lang['error']; // "Something went wrong";`
			`}`

			`// Redirect to paste on successful entry, or on successful edit redirect back to edited paste`
			`if ( isset( $success ) ) {`
			`if ( $mod_rewrite == '1' ) {`
			`if ( isset( $_POST['edit'] ) ) {`
			`$paste_url = "$edit_paste_id";`
			`} else {`
			`$paste_url = "$success";`
			`}`
			`} else {`
			`if ( $_POST['edit'] ) {`
			`$paste_url = "paste.php?id=$edit_paste_id";`
			`} else {`
			`$paste_url = "paste.php?id=$success";`
			`}`
			`}`
			`header("Location: ".$paste_url."");`
			`}`

			`}`

			`OutPut:`
			`// Theme`
			`require_once('theme/' . $default_theme . '/header.php');`
			`require_once('theme/' . $default_theme . '/main.php');`
			`require_once('theme/' . $default_theme . '/footer.php');`
			`?>`