From 0c5c01c424680fa4ad8f595758de98e4748d40bf Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Tue, 17 Aug 2021 13:26:26 -0400
Subject: [PATCH] More misc code cleanup.

---
 includes/config.php    |  3 ++-
 includes/functions.php | 51 +-----------------------------------------
 index.php              | 10 +++------
 login.php              |  2 +-
 paste.php              | 19 +++++++++++-----
 5 files changed, 21 insertions(+), 64 deletions(-)

diff --git a/includes/config.php b/includes/config.php
index 12ba6b1..ed66d85 100644
--- a/includes/config.php
+++ b/includes/config.php
@@ -42,7 +42,8 @@ if (gethostname() === 'thunderlane') {
 
 // Secret key for paste encryption
 //$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
-$sec_key = '';
+const PP_ENCRYPTION_ALGO = 'AES-256-CBC';
+const PP_ENCRYPTION_KEY = '';
 
 
 // Available GeSHi formats
diff --git a/includes/functions.php b/includes/functions.php
index c88bc9f..f7f471e 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -118,16 +118,6 @@ function linkify($value, $protocols = array('http', 'mail'), array $attributes =
     }, $value);
 }
 
-
-function getRecentreport($conn, $count) {
-    $query = $conn->prepare("SELECT id, m_report, p_report, rep_reason, t_report FROM user_reports
-    ORDER BY id DESC
-    LIMIT 0 , ?");
-    $query->execute([$count]);
-    return $query->fetchAll();
-}
-
-
 function getUserRecom(DatabaseHandle $conn, int $user_id) : array {
     $query = $conn->prepare(
         "SELECT pastes.id AS id, users.username AS member, title, visible
@@ -140,10 +130,6 @@ function getUserRecom(DatabaseHandle $conn, int $user_id) : array {
     return $query->fetchAll();
 }
 
-
-
-
-
 function formatBytes($size, $precision = 2) {
     $base = log($size, 1024);
     $suffixes = array('B', 'KB', 'MB', 'GB', 'TB');
@@ -151,20 +137,6 @@ function formatBytes($size, $precision = 2) {
     return round(pow(1024, $base - floor($base)), $precision) . ' ' . $suffixes[floor($base)];
 }
 
-function encrypt(string $value) : string {
-    global $sec_key;
-
-    return openssl_encrypt($value, "AES-256-CBC", $sec_key);
-}
-
-function decrypt(string $value) : string {
-    global $sec_key;
-
-    return openssl_decrypt($value, "AES-256-CBC", $sec_key);
-}
-
-
-
 function getRecentadmin($conn, $count = 5) {
     $query = $conn->prepare(
         'SELECT pastes.id AS id, pastes.ip AS ip, title, created_at, views, users.username AS member
@@ -176,8 +148,6 @@ function getRecentadmin($conn, $count = 5) {
     return $query->fetchAll();
 }
 
-
-
 function getUserPastes(DatabaseHandle $conn, int $user_id) : array {
     return $conn->query(
         "SELECT id, title, visible, code, created_at, views FROM pastes
@@ -194,10 +164,6 @@ function getTotalPastes(DatabaseHandle $conn, int $user_id) : int {
     return intval($query->fetch(PDO::FETCH_NUM)[0]);
 }
 
-function isValidUsername(string $str) : bool {
-    return !preg_match('/[^A-Za-z0-9._\\-$]/', $str);
-}
-
 function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string {
     $delta = $greater->diff($lesser, true);
 
@@ -266,21 +232,6 @@ function doDownload($paste_id, $p_title, $p_member, $p_conntent, $p_code) {
     return $stats;
 }
 
-function rawView($paste_id, $p_title, $p_conntent, $p_code) {
-    $stats = false;
-    if ($p_code) {
-        // Raw
-        header('content-type: text/plain');
-        echo $p_conntent;
-        $stats = true;
-    } else {
-        // 404
-        header('HTTP/1.1 404 Not Found');
-    }
-    return $stats;
-}
-
-
 function embedView($paste_id, $p_title, $p_conntent, $p_code, $title, $baseurl, $ges_style, $lang) {
     $stats = false;
     if ($p_conntent) {
@@ -332,7 +283,7 @@ function embedView($paste_id, $p_title, $p_conntent, $p_code, $title, $baseurl,
             }";
         $output .= "</style>";
         $output .= "$ges_style"; // Dynamic GeSHI Style
-        $output .= $p_conntent; // Paste conntent
+        $output .= $p_conntent; // Paste content
         $output .= "<div class='paste_embed_footer'>";
         $output .= "<a href='https://ponepaste.org/$paste_id'>$p_title</a> " . $lang['embed-hosted-by'] . " <a href='https://ponepaste.org'>$title</a> | <a href='https://ponepaste.org/raw/$paste_id'>" . strtolower($lang['view-raw']) . "</a>";
         $output .= "</div>";
diff --git a/index.php b/index.php
index c32bf6b..c7a95bc 100644
--- a/index.php
+++ b/index.php
@@ -139,16 +139,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $p_password = password_hash($p_password, PASSWORD_DEFAULT);
     }
 
-    $p_encrypt = trim(htmlspecialchars($_POST['encrypted']));
+    $p_encrypt = $_POST['encrypted'] === '1';
 
     $tag_input = $_POST['tag_input'];
 
-    if (empty($p_encrypt)) {
-        $p_encrypt = "0";
-    } else {
-        // Encrypt option
-        $p_encrypt = "1";
-        $p_content = encrypt($p_content);
+    if ($p_encrypt) {
+        $p_content = openssl_encrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);
     }
 
     // Set expiry time
diff --git a/login.php b/login.php
index 6c1807b..9730987 100644
--- a/login.php
+++ b/login.php
@@ -122,7 +122,7 @@ if (isset($_POST['forgot'])) {
         $error = $lang['missingfields']; // "All fields must be filled out";
     } elseif (strlen($username) > $chara_max) {
         $error = $lang['maxnamelimit']; // "Username already taken.";
-    } elseif (!isValidUsername($username)) {
+    } elseif (preg_match('/[^A-Za-z0-9._\\-$]/', $str)) {
         $error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
     } else {
         if ($conn->querySelectOne('SELECT 1 FROM users WHERE username = ?', [$username])) {
diff --git a/paste.php b/paste.php
index 049f769..d7d8931 100644
--- a/paste.php
+++ b/paste.php
@@ -28,6 +28,15 @@ require_once('includes/Parsedown/Parsedown.php');
 require_once('includes/Parsedown/ParsedownExtra.php');
 require_once('includes/Parsedown/SecureParsedown.php');
 
+function rawView($content, $p_code) {
+    if ($p_code) {
+        header('Content-Type: text/plain');
+        echo $content;
+    } else {
+        header('HTTP/1.1 404 Not Found');
+    }
+}
+
 $paste_id = intval(trim($_REQUEST['id']));
 
 updatePageViews($conn);
@@ -70,7 +79,7 @@ if (!$row) {
     $p_visible = $row['visible'];
     $p_expiry = Trim($row['expiry']);
     $p_password = $row['password'];
-    $p_encrypt = $row['encrypt'];
+    $p_encrypt = (bool) $row['encrypt'];
 
 
     $is_private = $row['visible'] === '2';
@@ -92,8 +101,8 @@ if (!$row) {
         }
     }
 
-    if (!empty($p_encrypt)) {
-        $p_content = decrypt($p_content);
+    if ($p_encrypt) {
+        $p_content = openssl_decrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);
     }
 
     $op_content = Trim(htmlspecialchars_decode($p_content));
@@ -120,12 +129,12 @@ if (!$row) {
     // Raw view
     if (isset($_GET['raw'])) {
         if ($p_password == "NONE" || $p_password === null) {
-            rawView($paste_id, $paste_title, $op_content, $paste_code);
+            rawView($op_content, $paste_code);
             exit();
         } else {
             if (isset($_GET['password'])) {
                 if (pp_password_verify($_GET['password'], $p_password)) {
-                    rawView($paste_id, $paste_title, $op_content, $paste_code);
+                    rawView($op_content, $paste_code);
                     exit();
                 } else {
                     $error = $lang['wrongpassword']; // 'Wrong password';