ponepaste/includes/common.php

<?php
if (!defined('IN_PONEPASTE')) {
    die('This file may not be accessed directly.');
}

require_once(__DIR__ . '/config.php');
require_once(__DIR__ . '/functions.php');
require_once(__DIR__ . '/DatabaseHandle.class.php');
require_once(__DIR__ . '/User.class.php');

/* View functions */
function urlForPaste($paste_id) : string {
    if (PP_MOD_REWRITE) {
        return "/${paste_id}";
    }

    return "/paste.php?id=${paste_id}";
}

function urlForMember(string $member_name) : string {
    if (PP_MOD_REWRITE) {
        return '/user/' . urlencode($member_name);
    }

    return '/user.php?name=' . urlencode($member_name);
}

/* Database functions */
function getSiteInfo() : array {
    return require(__DIR__ . '/../config/site.php');
}

function getSiteAds(DatabaseHandle $conn) : array|bool {
    return $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();
}

function getSiteTotalPastes(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT COUNT(*) FROM pastes')->fetch(PDO::FETCH_NUM)[0]);
}

function getSiteTotalviews(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT tpage FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);
}

function getSiteTotal_unique_views(DatabaseHandle $conn) : int {
    return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);
}

/**
 * Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
 *
 * @param string $unescaped String to escape
 * @return string HTML-escaped string
 */
function pp_html_escape(string $unescaped) : string {
    return htmlentities($unescaped, ENT_QUOTES, 'UTF-8', false);
}

function updatePageViews(DatabaseHandle $conn) : void {
    $ip = $_SERVER['REMOTE_ADDR'];
    $date = date('jS F Y');
    $data_ip = file_get_contents('tmp/temp.tdata');

    $last_page_view = $conn->query('SELECT * FROM page_view ORDER BY id DESC LIMIT 1')->fetch();
    $last_date = $last_page_view['date'];

    if ($last_date == $date) {
        $last_tpage = intval($last_page_view['tpage']) + 1;

        if (str_contains($data_ip, $ip)) {
            // IP already exists, Update view count
            $statement = $conn->prepare("UPDATE page_view SET tpage = ? WHERE id = ?");
            $statement->execute([$last_tpage, $last_page_view['id']]);
        } else {
            $last_tvisit = intval($last_page_view['tvisit']) + 1;

            // Update both tpage and tvisit.
            $statement = $conn->prepare("UPDATE page_view SET tpage = ?,tvisit = ? WHERE id = ?");
            $statement->execute([$last_tpage, $last_tvisit, $last_page_view['id']]);
            file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);
        }
    } else {
        // Delete the file and clear data_ip
        unlink("tmp/temp.tdata");

        // New date is created
        $statement = $conn->prepare("INSERT INTO page_view (date, tpage, tvisit) VALUES (?, '1', '1')");
        $statement->execute([$date]);

        // Update the IP
        file_put_contents('tmp/temp.tdata', $ip);
    }
}

session_start();

$conn = new DatabaseHandle("mysql:host=$db_host;dbname=$db_schema;charset=utf8", $db_user, $db_pass);

// Setup site info
$site_info = getSiteInfo();
$row = $site_info['site_info'];
$title = Trim($row['title']);
$des = Trim($row['description']);
$baseurl = Trim($row['baseurl']);
$keyword = Trim($row['keywords']);
$site_name = Trim($row['site_name']);
$email = Trim($row['email']);
$ga = Trim($row['google_analytics']);
$additional_scripts = Trim($row['additional_scripts']);


// Setup theme and language
$lang_and_theme = $site_info['interface'];
$default_lang = $lang_and_theme['language'];
$default_theme = $lang_and_theme['theme'];

// site permissions
$site_permissions = $site_info['permissions'];

if ($site_permissions) {
    $siteprivate = $site_permissions['private'];
    $disableguest = $site_permissions['disable_guest'];
} else {
    $siteprivate = 'off';
    $disableguest = 'off';
}

$privatesite = $siteprivate;
$noguests = $disableguest;

// CAPTCHA configuration
$captcha_config = $site_info['captcha'];
$captcha_enabled = (bool) $captcha_config['enabled'];

// Prevent a potential LFI (you never know :p)
$lang_file = "${default_lang}.php";
if (in_array($lang_file, scandir(__DIR__ . '/../langs/'))) {
    require_once(__DIR__ . "/../langs/${lang_file}");
}

// Check if IP is banned
$ip = $_SERVER['REMOTE_ADDR'];
if (is_banned($conn, $ip)) die($lang['banned']); // "You have been banned from ".$site_name;

$site_ads = getSiteAds($conn);
$total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn);

$current_user = User::current($conn);

if ($current_user) {
    $noguests = "off";
}
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`<?php`
			`if (!defined('IN_PONEPASTE')) {`
More cleanup 2021-07-10 17:54:43 -04:00			`die('This file may not be accessed directly.');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`}`

Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`require_once(__DIR__ . '/config.php');`
			`require_once(__DIR__ . '/functions.php');`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00			`require_once(__DIR__ . '/DatabaseHandle.class.php');`
			`require_once(__DIR__ . '/User.class.php');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`/* View functions */`
			`function urlForPaste($paste_id) : string {`
Change some variables to constants in config. 2021-07-26 17:41:54 -04:00			`if (PP_MOD_REWRITE) {`
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`return "/${paste_id}";`
			`}`

			`return "/paste.php?id=${paste_id}";`
			`}`

			`function urlForMember(string $member_name) : string {`
Change some variables to constants in config. 2021-07-26 17:41:54 -04:00			`if (PP_MOD_REWRITE) {`
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`return '/user/' . urlencode($member_name);`
			`}`

			`return '/user.php?name=' . urlencode($member_name);`
			`}`
Code format. 2021-07-26 17:42:43 -04:00
Database improvements and make most of the site work to match 2021-07-13 13:32:28 -04:00			`/* Database functions */`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`function getSiteInfo() : array {`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`return require(__DIR__ . '/../config/site.php');`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`}`

Un break code 2021-07-20 12:15:41 -04:00			`function getSiteAds(DatabaseHandle $conn) : array\|bool {`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`return $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();`
			`}`
Make paste page kind of work. Barely. Definitely not done yet. 2021-07-11 11:54:37 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotalPastes(DatabaseHandle $conn) : int {`
Make paste page kind of work. Barely. Definitely not done yet. 2021-07-11 11:54:37 -04:00			`return intval($conn->query('SELECT COUNT(*) FROM pastes')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotalviews(DatabaseHandle $conn) : int {`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`return intval($conn->query('SELECT tpage FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00
Un break code 2021-07-20 12:15:41 -04:00			`function getSiteTotal_unique_views(DatabaseHandle $conn) : int {`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);`
			`}`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00
Various fixes 2021-07-16 09:53:34 -04:00			`/**`
			* Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
			`*`
			`* @param string $unescaped String to escape`
			`* @return string HTML-escaped string`
			`*/`
			`function pp_html_escape(string $unescaped) : string {`
			`return htmlentities($unescaped, ENT_QUOTES, 'UTF-8', false);`
			`}`

Un break code 2021-07-20 12:15:41 -04:00			`function updatePageViews(DatabaseHandle $conn) : void {`
More cleanup 2021-07-10 17:54:43 -04:00			`$ip = $_SERVER['REMOTE_ADDR'];`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$date = date('jS F Y');`
More cleanup 2021-07-10 17:54:43 -04:00			`$data_ip = file_get_contents('tmp/temp.tdata');`

			`$last_page_view = $conn->query('SELECT * FROM page_view ORDER BY id DESC LIMIT 1')->fetch();`
			`$last_date = $last_page_view['date'];`

			`if ($last_date == $date) {`
Small bit of code cleanup. 2021-07-17 18:29:36 -04:00			`$last_tpage = intval($last_page_view['tpage']) + 1;`
More cleanup 2021-07-10 17:54:43 -04:00
Small bit of code cleanup. 2021-07-17 18:29:36 -04:00			`if (str_contains($data_ip, $ip)) {`
More cleanup 2021-07-10 17:54:43 -04:00			`// IP already exists, Update view count`
			`$statement = $conn->prepare("UPDATE page_view SET tpage = ? WHERE id = ?");`
			`$statement->execute([$last_tpage, $last_page_view['id']]);`
			`} else {`
			`$last_tvisit = intval($last_page_view['tvisit']) + 1;`

			`// Update both tpage and tvisit.`
			`$statement = $conn->prepare("UPDATE page_view SET tpage = ?,tvisit = ? WHERE id = ?");`
			`$statement->execute([$last_tpage, $last_tvisit, $last_page_view['id']]);`
			`file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);`
			`}`
			`} else {`
			`// Delete the file and clear data_ip`
			`unlink("tmp/temp.tdata");`

			`// New date is created`
			`$statement = $conn->prepare("INSERT INTO page_view (date, tpage, tvisit) VALUES (?, '1', '1')");`
			`$statement->execute([$date]);`

			`// Update the IP`
			`file_put_contents('tmp/temp.tdata', $ip);`
			`}`
			`}`

ajax_pastes.php actually works now 2021-07-11 12:18:57 -04:00			`session_start();`

Un break code 2021-07-20 12:15:41 -04:00			`$conn = new DatabaseHandle("mysql:host=$db_host;dbname=$db_schema;charset=utf8", $db_user, $db_pass);`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`// Setup site info`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$site_info = getSiteInfo();`
			`$row = $site_info['site_info'];`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$title = Trim($row['title']);`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$des = Trim($row['description']);`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$baseurl = Trim($row['baseurl']);`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$keyword = Trim($row['keywords']);`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$site_name = Trim($row['site_name']);`
			`$email = Trim($row['email']);`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$ga = Trim($row['google_analytics']);`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$additional_scripts = Trim($row['additional_scripts']);`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00

			`// Setup theme and language`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$lang_and_theme = $site_info['interface'];`
			`$default_lang = $lang_and_theme['language'];`
			`$default_theme = $lang_and_theme['theme'];`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`// site permissions`
Move some configuration from database to a file. 2021-07-12 12:53:39 -04:00			`$site_permissions = $site_info['permissions'];`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00
			`if ($site_permissions) {`
Fix lang 2021-07-13 08:57:07 -04:00			`$siteprivate = $site_permissions['private'];`
			`$disableguest = $site_permissions['disable_guest'];`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`} else {`
			`$siteprivate = 'off';`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$disableguest = 'off';`
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`}`

			`$privatesite = $siteprivate;`
Clean up index.php a bunch 2021-07-12 08:23:14 -04:00			`$noguests = $disableguest;`

Some admin page fixes. 2021-08-09 04:21:39 -04:00			`// CAPTCHA configuration`
			`$captcha_config = $site_info['captcha'];`
			`$captcha_enabled = (bool) $captcha_config['enabled'];`

Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`// Prevent a potential LFI (you never know :p)`
Fix lang 2021-07-13 08:57:07 -04:00			`$lang_file = "${default_lang}.php";`
Lots of new tagging stuff. 2021-08-05 08:18:32 -04:00			`if (in_array($lang_file, scandir(__DIR__ . '/../langs/'))) {`
			`require_once(__DIR__ . "/../langs/${lang_file}");`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00			`}`

			`// Check if IP is banned`
Run formatter on all PHP code; should not change behaviour in any way 2021-07-12 09:03:02 -04:00			`$ip = $_SERVER['REMOTE_ADDR'];`
			`if (is_banned($conn, $ip)) die($lang['banned']); // "You have been banned from ".$site_name;`
Clean up archive.php a little. 2021-07-10 17:36:15 -04:00
More cleanup, mostly surrounding ads 2021-07-10 18:21:03 -04:00			`$site_ads = getSiteAds($conn);`
code clean up Removed unneeded code. 2021-07-12 11:49:17 +01:00			`$total_pastes = getSiteTotalPastes($conn);`
			`$total_page_views = getSiteTotalviews($conn);`
Various fixes 2021-07-16 09:53:34 -04:00			`$total_unique_views = getSiteTotal_unique_views($conn);`

Un break code 2021-07-20 12:15:41 -04:00			`$current_user = User::current($conn);`
Introduce User and DatabaseHandle class 2021-07-17 18:17:29 -04:00
			`if ($current_user) {`
			`$noguests = "off";`
			`}`