PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clean up index.php a bunch

Browse source
This commit is contained in:
Floorb 2021-07-12 08:23:14 -04:00
parent 485d0e1da3
commit 2ce6eba811
4 changed files with 165 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
includes/common.php
View file

@ -111,11 +111,18 @@ $site_permissions = getSitePermissions($conn);
if ($site_permissions) {
$siteprivate = $site_permissions['siteprivate'];
$disableguest = $site_permissions['disableguest'];
} else {
$siteprivate = 'off';
$disableguest = 'off';
}
$privatesite = $siteprivate;
$noguests = $disableguest;
if (isset($_SESSION['username'])) {
$noguests = "off";
}
// Prevent a potential LFI (you never know :p)

326
index.php
View file

@ -7,7 +7,7 @@
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ -28,34 +28,75 @@ require_once('includes/captcha.php');
require_once('includes/functions.php');
require_once('includes/password.php');
function calculatePasteExpiry($p_expiry) {
switch ($p_expiry) {
case '10M':
$expires = mktime(date("H"), date("i") + "10", date("s"), date("n"), date("j"), date("Y"));
break;
case '1H':
$expires = mktime(date("H") + "1", date("i"), date("s"), date("n"), date("j"), date("Y"));
case '1D':
$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "1", date("Y"));
break;
case '1W':
$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "7", date("Y"));
break;
case '2W':
$expires = mktime(date("H"), date("i"), date("s"), date("n"), date("j") + "14", date("Y"));
break;
case '1M':
$expires = mktime(date("H"), date("i"), date("s"), date("n") + "1", date("j"), date("Y"));
break;
case 'self':
$expires = "SELF";
break;
default:
$expires = "NULL";
break;
function verifyCaptcha() : string | bool {
global $cap_e;
global $mode;
global $recaptcha_secretkey;
global $lang;
if ($cap_e == "on" && !isset($_SESSION['username'])) {
if ($mode == "reCAPTCHA") {
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if ($response["success"] == false) {
// reCAPTCHA Errors
return match ($response["error-codes"][0]) {
"missing-input-response" => $lang['missing-input-response'],
"missing-input-secret" => $lang['missing-input-secret'],
"invalid-input-secret" => $lang['invalid-input-secret'],
default => $lang['error']
};
}
} else {
$scode = strtolower(htmlentities(Trim($_POST['scode'])));
$cap_code = strtolower($_SESSION['captcha']['code']);
if ($cap_code !== $scode) {
return $lang['image_wrong']; // Wrong captcha.
}
}
}
return $expires;
return true;
}
/**
* Calculate the expiry of a paste based on user input.
*
* @param string $expiry Expiry time.
* SELF means to expire upon one view. +10M, +1H, +1D, +1W, +2W, +1M all do the obvious.
* Anything unhandled means to expire never.
* @return string|null Expiry time, or NULL if expires never.
*/
function calculatePasteExpiry(string $expiry) {
// used to use mktime
if ($expiry === 'self') {
return 'SELF'; // What does this do?
}
$valid_expiries = ['10M', '1H', '1D', '1W', '2W', '1M'];
return in_array($expiry, $valid_expiries)
? (new DateTime())->add(new DateInterval("P{$expiry}"))->format('U')
: null;
}
function validatePasteFields() : string | null {
global $lang;
global $pastelimit;
if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
return $lang['empty_paste'];
} elseif(!isset($_POST['title'])) { /* No paste title POSTed */
return $lang['error'];
} elseif (empty($_POST["tags"])) { /* No tags provided */
return $lang['notags'];
} elseif (strlen($_POST["title"]) > 70) { /* Paste title too long */
return $lang['titlelen'];
} elseif (mb_strlen($_POST["paste_data"], '8bit') > 1024 * 1024 * $pastelimit) { /* Paste size too big */
return $lang['large_paste'];
}
return null;
}
// UTF-8
@ -66,15 +107,15 @@ $date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR'];
// Sitemap
$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options WHERE id="1"');
while ($row = $site_sitemap_rows->fetch()) {
$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1');
if ($row = $site_sitemap_rows->fetch()) {
$priority = $row['priority'];
$changefreq = $row['changefreq'];
}
// Captcha
$site_captcha_rows = $conn->query("SELECT * FROM captcha where id='1'");
while ($row = $site_captcha_rows->fetch()) {
$site_captcha_rows = $conn->query("SELECT * FROM captcha LIMIT 1");
if ($row = $site_captcha_rows->fetch()) {
$color = Trim($row['color']);
$mode = Trim($row['mode']);
$mul = Trim($row['mul']);
@ -83,8 +124,8 @@ while ($row = $site_captcha_rows->fetch()) {
$recaptcha_sitekey = Trim($row['recaptcha_sitekey']);
$recaptcha_secretkey = Trim($row['recaptcha_secretkey']);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} else {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
if ($cap_e == "on") {
if ($mode == "reCAPTCHA") {
$_SESSION['captcha_mode'] = "recaptcha";
@ -95,171 +136,118 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}
} else {
$_SESSION['captcha_mode'] = "none";
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} else {
if ($disableguest == "on") {
$noguests = "on";
}
if ($siteprivate =="on") {
$privatesite = "on";
}
if (isset($_SESSION['username'])) {
$noguests = "off";
}
}
updatePageViews($conn);
// POST Handler
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Check if fields are empty
if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) {
$error = $lang['empty_paste'];
goto OutPut;
exit;
}
$error = validatePasteFields();
if (empty($_POST["tags"])) {
$error = $lang['notags'];
goto OutPut;
exit;
}
if ($error !== null) {
goto OutPut;
}
if (strlen($_POST["title"]) > 70) {
$error = $lang['titlelen'];
goto OutPut;
exit;
}
$captchaResponse = verifyCaptcha();
if ($captchaResponse !== true) {
$error = $captchaResponse;
goto OutPut;
}
// Set our limits
if (mb_strlen($_POST["paste_data"], '8bit') > 1024 * 1024 * $pastelimit) {
$error = $lang['large_paste'];
goto OutPut;
exit;
}
// Check POST data status
if (isset($_POST['title']) && isset($_POST['paste_data'])) {
if ($cap_e == "on" && !isset($_SESSION['username'])) {
if ($mode == "reCAPTCHA") {
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secretkey."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if ( $response["success"] == false ) {
// reCAPTCHA Errors
switch( $response["error-codes"][0] ) {
case "missing-input-response":
$error = $lang['missing-input-response'];
break;
case "missing-input-secret":
$error = $lang['missing-input-secret'];
break;
case "invalid-input-response":
$error = $lang['missing-input-response'];
break;
case "invalid-input-secret":
$error = $lang['invalid-input-secret'];
break;
}
goto OutPut;
}
} else {
$scode = strtolower(htmlentities(Trim($_POST['scode'])));
$cap_code = strtolower($_SESSION['captcha']['code']);
if ($cap_code == $scode) {
} else {
$error = $lang['image_wrong']; // Wrong captcha.
goto OutPut;
}
}
}
$editing = isset($_POST['edit']);
$p_title = Trim(htmlspecialchars($_POST['title']));
if (strlen($p_title)==0) $p_title='Untitled';
$p_content = htmlspecialchars($_POST['paste_data']);
$p_visible = Trim(htmlspecialchars($_POST['visibility']));
$p_code = Trim(htmlspecialchars($_POST['format']));
$p_expiry = Trim(htmlspecialchars($_POST['paste_expire_date']));
$p_tagsys = Trim(htmlspecialchars($_POST['tags']));
$p_tagsys = rtrim($p_tagsys, ',');
$p_password = $_POST['pass'];
if ($p_password == "" || $p_password == null) {
$p_password = "NONE";
} else {
$p_password = password_hash($p_password, PASSWORD_DEFAULT);
}
$p_encrypt = Trim(htmlspecialchars($_POST['encrypted']));
if (empty($p_encrypt)) {
$p_encrypt = "0";
} else {
// Encrypt option
$p_encrypt = "1";
$p_content = encrypt($p_content);
}
if (isset($_SESSION['token'])) {
$p_member = Trim($_SESSION['username']);
} else {
$p_member = "Guest";
}
// Set expiry time
$expires = calculatePasteExpiry($p_expiry);
$p_title = Trim(htmlspecialchars($_POST['title']));
$p_date = date('jS F Y h:i:s A');
$date = date('jS F Y');
$now_time = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
$timeedit = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
if (empty($p_title)) {
$p_title = 'Untitled';
}
// Edit existing paste or create new?
if ( isset($_POST['edit'] ) ) {
if (isset($_SESSION['username'])) {
$edit_paste_id = $_POST['paste_id'];
$p_content = htmlspecialchars($_POST['paste_data']);
$p_visible = Trim(htmlspecialchars($_POST['visibility']));
$p_code = Trim(htmlspecialchars($_POST['format']));
$p_expiry = Trim(htmlspecialchars($_POST['paste_expire_date']));
$p_tagsys = Trim(htmlspecialchars($_POST['tags']));
$p_tagsys = rtrim($p_tagsys, ',');
$p_password = $_POST['pass'];
if ($p_password == "" || $p_password == null) {
$p_password = "NONE";
} else {
$p_password = password_hash($p_password, PASSWORD_DEFAULT);
}
$p_encrypt = Trim(htmlspecialchars($_POST['encrypted']));
if (empty($p_encrypt)) {
$p_encrypt = "0";
} else {
// Encrypt option
$p_encrypt = "1";
$p_content = encrypt($p_content);
}
if (isset($_SESSION['token'])) {
$p_member = Trim($_SESSION['username']);
} else {
$p_member = "Guest";
}
// Set expiry time
$expires = calculatePasteExpiry($p_expiry);
$p_date = date('jS F Y h:i:s A');
$date = date('jS F Y');
$now_time = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
$timeedit = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
// Edit existing paste or create new?
if ($editing) {
if (isset($_SESSION['username'])) {
$paste_id = intval($_POST['paste_id']);
$statement = $conn->prepare(
"UPDATE pastes SET title = ?,content = ?,visible = ?,code=?,expiry=?,password=?,encrypt=?,member=?,ip=?,tagsys=?,now_time=? ,timeedit=? WHERE id = '?'"
"UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?, member = ?, ip = ?, tagsys = ?, now_time = ?, timeedit = ?
WHERE id = ?"
);
$statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$ip,$p_tagsys,$now_time,$timeedit,$edit_paste_id]);
}}
else {
$statement = $conn->prepare("INSERT INTO pastes (title,content,visible,code,expiry,password,encrypt,member,date,ip,now_time,views,s_date,tagsys) VALUES
(?,?,?,?,?,?,?,?,?,?,?,'0',?,?)");
$statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]);
}
$paste_id = $conn->query('SELECT MAX(id) FROM pastes')->fetch(PDO::FETCH_NUM)[0];
$statement->execute([
$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $p_member, $ip, $p_tagsys, $now_time, $timeedit, $edit_paste_id
]);
$success = $paste_id;
if ($p_visible == '0') {
addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);
}
} else {
$error = 'You must be logged in to do that.'; // TODO: Lang?
}
} else {
$error = $lang['error']; // "Something went wrong";
$statement = $conn->prepare(
"INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, member, date, ip, now_time, views, s_date, tagsys) VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '0', ?, ?)"
);
$statement->execute([$p_title,$p_content,$p_visible,$p_code,$expires,$p_password,$p_encrypt,$p_member,$p_date,$ip,$now_time,$date,$p_tagsys]);
$paste_id = intval($conn->lastInsertId()); /* returns the last inserted ID as per the query above */
if ($p_visible == '0') {
addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite);
}
$success = $paste_id;
}
// Redirect to paste on successful entry, or on successful edit redirect back to edited paste
if ( isset( $success ) ) {
if ( $mod_rewrite == '1' ) {
if ( isset( $_POST['edit'] ) ) {
// Redirect to paste on successful entry, or on successful edit redirect back to edited paste
if (isset($success)) {
if ($mod_rewrite == '1') {
if ($editing) {
$paste_url = "$edit_paste_id";
} else {
$paste_url = "$success";
$paste_url = "$success";
}
} else {
if ( $_POST['edit'] ) {
if ($editing) {
$paste_url = "paste.php?id=$edit_paste_id";
} else {
$paste_url = "paste.php?id=$success";
}
}
header("Location: ".$paste_url."");
}
header("Location: ${paste_url}");
die();
}
}

1
login.php
View file

@ -150,7 +150,6 @@ if (isset($_GET['forgot'])) {
} else {
$error = $lang['email_not']; //"Email not found";
}
}
}

2
theme/bulma/main.php
View file

@ -332,7 +332,7 @@
<!-- $text_ads -->
<?php
// don't display ads for logged in users.
if (isset($site_ads) && !isset($_SESSION['username'])) {
if (!empty($site_ads) && !isset($_SESSION['username'])) {
echo $site_ads['text_ads'];
}
?>