Clean up index.php a bunch

2025-03-12 22:50:07 +01:00 · 2021-07-12 08:23:14 -04:00 · 2021-07-12 08:23:14 -04:00 · 2ce6eba811
commit 2ce6eba811
parent 485d0e1da3
4 changed files with 165 additions and 171 deletions
--- a/includes/common.php
+++ b/includes/common.php
@ -111,11 +111,18 @@ $site_permissions = getSitePermissions($conn);
 if ($site_permissions) {
    $siteprivate = $site_permissions['siteprivate'];
    $disableguest = $site_permissions['disableguest'];
 } else {
    $siteprivate = 'off';
    $disableguest = 'off';
 }
 $privatesite = $siteprivate;
 $noguests = $disableguest;
 if (isset($_SESSION['username'])) {
    $noguests = "off";
 }
 // Prevent a potential LFI (you never know :p)
--- a/index.php
+++ b/index.php
@ -28,34 +28,75 @@ require_once('includes/captcha.php');
 require_once('includes/functions.php');
 require_once('includes/password.php');
-function calculatePasteExpiry($p_expiry) {
+function verifyCaptcha() : string | bool {
-    switch ($p_expiry) {
+    global $cap_e;
-        case '10M':
+    global $mode;
-            $expires = mktime(date("H"), date("i") + "10", date("s"), date("n"), date("j"), date("Y"));
+    global $recaptcha_secretkey;
-            break;
+    global $lang;
-        case '1H':
+
-            $expires = mktime(date("H") + "1", date("i"), date("s"), date("n"), date("j"), date("Y"));
+    if ($cap_e == "on" && !isset($_SESSION['username'])) {
-        case '1D':
+        if ($mode == "reCAPTCHA") {
-            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "1", date("Y"));
+            $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);
-            break;
+            $response = json_decode($response, true);
-        case '1W':
+            if ($response["success"] == false) {
-            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "7", date("Y"));
+                // reCAPTCHA Errors
-            break;
+                return match ($response["error-codes"][0]) {
-        case '2W':
+                    "missing-input-response" => $lang['missing-input-response'],
-            $expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "14", date("Y"));
+                    "missing-input-secret" => $lang['missing-input-secret'],
-            break;
+                    "invalid-input-secret" => $lang['invalid-input-secret'],
-        case '1M':
+                    default => $lang['error']
-            $expires = mktime(date("H"), date("i"), date("s"), date("n") + "1", date("j"), date("Y"));
+                };
-            break;
+            }
-        case 'self':
+        } else {
-            $expires = "SELF";
+            $scode    = strtolower(htmlentities(Trim($_POST['scode'])));
-            break;
+            $cap_code = strtolower($_SESSION['captcha']['code']);
-        default:
+            if ($cap_code !== $scode) {
-            $expires = "NULL";
+                return $lang['image_wrong']; // Wrong captcha.
-            break;
+            }
        }
    }
-    return $expires;
+    return true;
 }
 /**
 * Calculate the expiry of a paste based on user input.
 *
 * @param string $expiry Expiry time.
 *                       SELF means to expire upon one view. +10M, +1H, +1D, +1W, +2W, +1M all do the obvious.
 *                       Anything unhandled means to expire never.
 * @return string|null Expiry time, or NULL if expires never.
 */
 function calculatePasteExpiry(string $expiry) {
    // used to use mktime
    if ($expiry === 'self') {
        return 'SELF'; // What does this do?
    }
    $valid_expiries = ['10M', '1H', '1D', '1W', '2W', '1M'];
    return in_array($expiry, $valid_expiries)
        ? (new DateTime())->add(new DateInterval("P{$expiry}"))->format('U')
        : null;
 }
 function validatePasteFields() : string | null {
    global $lang;
    global $pastelimit;
    if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
        return $lang['empty_paste'];
    } elseif(!isset($_POST['title'])) { /* No paste title POSTed */
        return $lang['error'];
    } elseif (empty($_POST["tags"])) { /* No tags provided */
        return $lang['notags'];
    } elseif (strlen($_POST["title"]) > 70) { /* Paste title too long */
        return $lang['titlelen'];
    } elseif (mb_strlen($_POST["paste_data"], '8bit') >  1024 * 1024 * $pastelimit) { /* Paste size too big */
        return $lang['large_paste'];
    }
    return null;
 }
 // UTF-8
@ -66,15 +107,15 @@ $date    = date('jS F Y');
 $ip      = $_SERVER['REMOTE_ADDR'];
 // Sitemap
-$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options WHERE id="1"');
+$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1');
-while ($row = $site_sitemap_rows->fetch()) {
+if ($row = $site_sitemap_rows->fetch()) {
    $priority   = $row['priority'];
    $changefreq = $row['changefreq'];
 }
 // Captcha
-$site_captcha_rows = $conn->query("SELECT * FROM captcha where id='1'");
+$site_captcha_rows = $conn->query("SELECT * FROM captcha LIMIT 1");
-while ($row = $site_captcha_rows->fetch()) {
+if ($row = $site_captcha_rows->fetch()) {
    $color   = Trim($row['color']);
    $mode    = Trim($row['mode']);
    $mul     = Trim($row['mul']);
@ -83,8 +124,8 @@ while ($row = $site_captcha_rows->fetch()) {
    $recaptcha_sitekey   = Trim($row['recaptcha_sitekey']);
    $recaptcha_secretkey   = Trim($row['recaptcha_secretkey']);
 }
-if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+
-} else {
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    if ($cap_e == "on") {
        if ($mode == "reCAPTCHA") {
            $_SESSION['captcha_mode'] = "recaptcha";
@ -98,88 +139,31 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    }
 }
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 } else {
    if ($disableguest == "on") {
        $noguests = "on";
 	}
 	if ($siteprivate =="on") {
 		$privatesite = "on";
    }
 	if (isset($_SESSION['username'])) {
 		$noguests = "off";
 	}
 }
 updatePageViews($conn);
 // POST Handler
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-	// Check if fields are empty
+    $error = validatePasteFields();
-	if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) {
+
-		$error = $lang['empty_paste'];
+    if ($error !== null) {
        goto OutPut;
 		exit;
    }
-    if (empty($_POST["tags"])) {
+    $captchaResponse = verifyCaptcha();
-		$error = $lang['notags'];
+
    if ($captchaResponse !== true) {
        $error = $captchaResponse;
        goto OutPut;
 		exit;
    }
-    if  (strlen($_POST["title"]) > 70) {
+    $editing = isset($_POST['edit']);
        $error = $lang['titlelen'];
 		goto OutPut;
 		exit;
    }	
 	// Set our limits
 	if (mb_strlen($_POST["paste_data"], '8bit') >  1024 * 1024 * $pastelimit) {
 		$error = $lang['large_paste'];
 		goto OutPut;
 		exit;
 	}
    // Check POST data status
    if (isset($_POST['title']) && isset($_POST['paste_data'])) {
        if ($cap_e == "on" && !isset($_SESSION['username'])) {
            if ($mode == "reCAPTCHA") {
                $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);
                $response = json_decode($response, true);
                if ( $response["success"] == false ) {
                    // reCAPTCHA Errors
                    switch( $response["error-codes"][0] ) {
                        case "missing-input-response":
                            $error = $lang['missing-input-response']; 
                            break;
                        case "missing-input-secret":
                            $error = $lang['missing-input-secret'];
                            break;
                        case "invalid-input-response":
                            $error = $lang['missing-input-response'];
                            break;
                        case "invalid-input-secret":
                            $error = $lang['invalid-input-secret'];
                            break;
                    }
                    goto OutPut;
                }
            } else {
                $scode    = strtolower(htmlentities(Trim($_POST['scode'])));
                $cap_code = strtolower($_SESSION['captcha']['code']);
                if ($cap_code == $scode) {
                } else {
                    $error = $lang['image_wrong']; // Wrong captcha.
                    goto OutPut;
                }
            }
        }
    $p_title    = Trim(htmlspecialchars($_POST['title']));
-			if (strlen($p_title)==0) $p_title='Untitled';
+
    if (empty($p_title)) {
        $p_title = 'Untitled';
    }
    $p_content  = htmlspecialchars($_POST['paste_data']);
    $p_visible  = Trim(htmlspecialchars($_POST['visibility']));
    $p_code     = Trim(htmlspecialchars($_POST['format']));
@ -207,6 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    } else {
        $p_member = "Guest";
    }
    // Set expiry time
    $expires = calculatePasteExpiry($p_expiry);
@ -216,49 +201,52 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $timeedit  = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
    // Edit existing paste or create new?
-        if ( isset($_POST['edit'] ) ) {
+    if ($editing) {
        if (isset($_SESSION['username'])) {
-            $edit_paste_id = $_POST['paste_id'];
+            $paste_id = intval($_POST['paste_id']);
            $statement = $conn->prepare(
-                "UPDATE pastes SET title = ?,content = ?,visible = ?,code=?,expiry=?,password=?,encrypt=?,member=?,ip=?,tagsys=?,now_time=? ,timeedit=? WHERE id = '?'"
+                "UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?, member = ?, ip = ?, tagsys = ?, now_time = ?, timeedit = ?
                    WHERE id = ?"
            );
-            $statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$ip,$p_tagsys,$now_time,$timeedit,$edit_paste_id]);
+            $statement->execute([
-        }}
+                $p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $p_member, $ip, $p_tagsys, $now_time, $timeedit, $edit_paste_id
-        else {
+            ]);
             $statement = $conn->prepare("INSERT INTO pastes (title,content,visible,code,expiry,password,encrypt,member,date,ip,now_time,views,s_date,tagsys) VALUES 
            (?,?,?,?,?,?,?,?,?,?,?,'0',?,?)");
            $statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]); 
        }
            $paste_id = $conn->query('SELECT MAX(id) FROM pastes')->fetch(PDO::FETCH_NUM)[0];
            $success = $paste_id;
-
+        } else {
            $error = 'You must be logged in to do that.'; // TODO: Lang?
        }
    } else {
        $statement = $conn->prepare(
            "INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, member, date, ip, now_time, views, s_date, tagsys) VALUES 
                                (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '0', ?, ?)"
        );
        $statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]);
        $paste_id = intval($conn->lastInsertId()); /* returns the last inserted ID as per the query above */
        if ($p_visible == '0') {
            addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);
        }
-        
+        $success = $paste_id;
    } else {
        $error = $lang['error']; // "Something went wrong";
    }
    // Redirect to paste on successful entry, or on successful edit redirect back to edited paste
-	if ( isset( $success ) ) {
+    if (isset($success)) {
-		if ( $mod_rewrite == '1' ) {
+        if ($mod_rewrite == '1') {
-            if ( isset( $_POST['edit'] ) ) {
+            if ($editing) {
                $paste_url = "$edit_paste_id";
            } else {
                $paste_url = "$success";
            }
        } else {
-            if ( $_POST['edit'] ) {
+            if ($editing) {
                $paste_url = "paste.php?id=$edit_paste_id";
            } else {
                $paste_url = "paste.php?id=$success";
            }
        }
-		header("Location: ".$paste_url."");
+
        header("Location: ${paste_url}");
        die();
    }
 }
--- a/login.php
+++ b/login.php
@ -150,7 +150,6 @@ if (isset($_GET['forgot'])) {
        } else {
            $error = $lang['email_not']; //"Email not found";
        }
    }
 }
--- a/theme/bulma/main.php
+++ b/theme/bulma/main.php
@ -332,7 +332,7 @@
                                <!-- $text_ads -->
                                <?php
                                    // don't display ads for logged in users.
-                                    if (isset($site_ads) && !isset($_SESSION['username'])) {
+                                    if (!empty($site_ads) && !isset($_SESSION['username'])) {
                                        echo $site_ads['text_ads'];
                                    }
                                ?>