Fix login/signup and user.php mostly

2025-03-12 06:30:07 +01:00 · 2021-07-15 18:06:24 -04:00 · 2021-07-15 18:06:24 -04:00 · 478692176e
commit 478692176e
parent a145ff3cc5
6 changed files with 57 additions and 48 deletions
--- a/includes/common.php
+++ b/includes/common.php
@ -53,7 +53,7 @@ function getCurrentUser(PDO $conn) : array | null {
    }

    $query = $conn->prepare('SELECT * FROM users WHERE username = ?');
-    $query->execute($_SESSION['username']);
+    $query->execute([$_SESSION['username']]);

    return $query->fetch();
 }
--- a/includes/functions.php
+++ b/includes/functions.php
@ -26,8 +26,11 @@ function timer() {
    }
 }

-function getUserFavs($conn, $username) {
-    $query = $conn->prepare("SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.now_time, pastes.tagsys FROM pins, pastes WHERE pins.f_paste = pastes.id AND pins.m_fav=?");
+function getUserFavs(PDO $conn, string $username) : array {
+    $query = $conn->prepare(
+        "SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
+            FROM pins, pastes
+            WHERE pins.f_paste = pastes.id AND pins.m_fav = ?");
    $query->execute([$username]);
    return $query->fetchAll();
 }
@ -40,9 +43,9 @@ $query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?"


 //Can't seem to get working.
-function checkFavorite($conn,$paste_id, $user_id) {
+function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
    $query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
-    $query->execute([$user_id,$paste_id]);
+    $query->execute([$username, $paste_id]);

    if ($query->fetch()) {
        return "<a  href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
@ -263,9 +266,13 @@ LIMIT 0 , ?");
 }


-function getUserPastes($conn, $username) {
-    $query = $conn->prepare("SELECT id, title, code, views, now_time, visible, date, tagsys, member FROM pastes where member=? ORDER by id DESC");
-    $query->execute([$username]);
+function getUserPastes(PDO $conn, $user_id) : array {
+    $query = $conn->prepare(
+        "SELECT id, title, code, views, created_at, visible, tagsys
+            FROM pastes
+            where user_id = ?
+            ORDER by id DESC");
+    $query->execute([$user_id]);
    return $query->fetchAll();
 }

--- a/login.php
+++ b/login.php
@ -147,6 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Login process
    if (isset($_POST['signin'])) {
        if (!empty($_POST['username']) && !empty($_POST['password'])) {
+            $username = trim($_POST['username']);
            $query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?");
            $query->execute([$username]);
            $row = $query->fetch();
@ -195,6 +196,7 @@ if (isset($_POST['signup'])) {
    } elseif (!isValidUsername($username)) {
        $error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
    } else {
+        $email = trim($_POST['email']);
        $query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
        $query->execute([$username]);
        if ($query->fetch()) {
--- a/theme/bulma/user_profile.php
+++ b/theme/bulma/user_profile.php
@ -172,13 +172,12 @@ $protocol = paste_protocol();
                        </tfoot>
                        <tbody>
                        <?php
-                        $res = getUserPastes($conn, $profile_username);
-                        foreach ($res as $index => $row) {
+                        foreach ($profile_pastes as $row) {
                            $title = Trim($row['title']);
                            $p_id = Trim($row['id']);
                            $p_code = Trim($row['code']);
-                            $p_date = strtotime(Trim($row['date']));
-                            $p_dateui = date("d F Y", $p_date);
+                            $p_date = new DateTime($row['created_at']);
+                            $p_dateui = $p_date->format("d F Y");
                            $p_views = Trim($row['views']);
                            $p_visible = Trim($row['visible']);
                            $p_tags = Trim($row['tagsys']);
@ -209,7 +208,7 @@ $protocol = paste_protocol();
                                                <td>
                                                    <a href="' . $protocol . $baseurl . '/' . $p_link . '" title="' . $title . '">' . ($title) . '</a>
                                                </td>    
-                                                <td data-sort="' . $p_date . '" class="td-center">
+                                                <td data-sort="' . $p_date->format('U') . '" class="td-center">
                                                <span>' . $p_dateui . '</span>
                                                </td>
                                                <td class="td-center">
--- a/theme/bulma/view.php
+++ b/theme/bulma/view.php
@ -180,7 +180,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                                <div class="panel-tools">
                                    <?php if (isset($_SESSION['token'])) {
                                        $f_username = $_SESSION['username'];
-                                        $fav_paste = checkFavorite($paste_id, $f_username, $con);
+                                        $fav_paste = checkFavorite($conn, $paste_id, $f_username);
                                    }
                                    ?>
                                    <a class="icon tool-icon" class="flip" onclick="openreport()"><i
@ -373,7 +373,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                                                <!-- Expiry -->
                                                <div class="select">
                                                    <select name="paste_expire_date">
-                                                        <? php// if (isset($_SESSION['token'])) {?>
+                                                        <?php// if (isset($_SESSION['token'])) {?>
                                                        <option value="N" selected="selected">Never</option>
                                                        <option value="self">View Once</option>
                                                        <option value="10M">10 Minutes</option>
@ -382,7 +382,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                                                        <option value="1W">1 Week</option>
                                                        <option value="2W">2 Weeks</option>
                                                        <option value="1M">1 Month</option>
-                                                        <? php// } else { ?>
+                                                        <?php// } else { ?>
                                                        <!--
                                                            <option value="1D" selected="selected">1 Day</option>
                                                            <option value="self">View Once</option>
@ -392,7 +392,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                                                            <option disabled >1 Month (Register)</option>
                                                            <option disabled >Never (Register)</option>
                                                            -->
-                                                        <? php// } ?>
+                                                        <?php// } ?>
                                                    </select>
                                                </div>
                                            </div>
--- a/user.php
+++ b/user.php
@ -6,7 +6,7 @@
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
- * 
+ *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
@ -25,16 +25,21 @@ $ip = $_SERVER['REMOTE_ADDR'];

 // If username defined in URL, then check if it's exists in database. If invalid, redirect to main site.
 $user_username = trim($_SESSION['username']);
-if (isset($_GET['user'])) {
-    $profile_username = trim($_GET['user']);

-    if (!existingUser($conn, $profile_username)) {
-        // Invalid username
-        header("Location: ../error.php");
-        die();
-    }
-} else {
-    // No access to user.php
+if (empty($_GET['user'])) {
+    // No username provided
+    header("Location: ../error.php");
+    die();
+}
+
+$profile_username = trim($_GET['user']);
+
+$query = $conn->prepare('SELECT id, date, badge FROM users WHERE username = ?');
+$query->execute([$profile_username]);
+$profile_info = $query->fetch();
+
+if (!$profile_info) {
+    // Invalid username
    header("Location: ../error.php");
    die();
 }
@ -43,9 +48,9 @@ $p_title = $profile_username . $lang['user_public_pastes']; // "Username's Publi

 // Favorite Counts
 $query = $conn->prepare(
-    'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.member = ?'
+    'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.user_id = ?'
 );
-$query->execute([$profile_username]);
+$query->execute([$profile_info['id']]);
 $total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]);


@ -56,41 +61,37 @@ $query->execute([$profile_username]);
 $total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]);

 // Badges
-$query = $conn->prepare('SELECT badge FROM users WHERE username = ?');
-$query->execute([$profile_username]);
-
-$profile_badge = match ($query->fetch()['badge']) {
+$profile_badge = match ($profile_info['badge']) {
    1 => '<img src = "/img/badges/donate.png" title="[Donated] Donated to Ponepaste" style="margin:5px">',
    2 => '<img src = "/img/badges/spoon.png" title="[TheWoodenSpoon] You had one job" style="margin:5px">',
    3 => '<img src = "/img/badges/abadge.png" title="[>AFuckingBadge] Won a PasteJam Competition" style="margin:5px">',
    default => '',
 };

-$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ?');
-$query->execute([$profile_username]);
+$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ?');
+$query->execute([$profile_info['id']]);
 $profile_total_pastes = intval($query->fetch(PDO::FETCH_NUM)[0]);


-$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 0');
-$query->execute([$profile_username]);
+$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 0');
+$query->execute([$profile_info['id']]);
 $profile_total_public = intval($query->fetch(PDO::FETCH_NUM)[0]);

-$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 1');
-$query->execute([$profile_username]);
+$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 1');
+$query->execute([$profile_info['id']]);
 $profile_total_unlisted = intval($query->fetch(PDO::FETCH_NUM)[0]);

-$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 2');
-$query->execute([$profile_username]);
+$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 2');
+$query->execute([$profile_info['id']]);
 $profile_total_private = intval($query->fetch(PDO::FETCH_NUM)[0]);

-$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE member = ?');
-$query->execute([$profile_username]);
+$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE user_id = ?');
+$query->execute([$profile_info['id']]);
 $profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);

+$profile_join_date = $profile_info['date'];

-$query = $conn->prepare('SELECT date FROM users WHERE username = ?');
-$query->execute([$profile_username]);
-$profile_join_date = $query->fetch()['date'];
+$profile_pastes = getUserPastes($conn, $profile_info['id']);


 updatePageViews($conn);
@ -99,11 +100,11 @@ if (isset($_GET['del'])) {
    if ($_SESSION['token']) { // Prevent unauthorized deletes
        $paste_id = intval(trim($_GET['id']));

-        $query = $conn->prepare('SELECT member FROM pastes WHERE id = ?');
+        $query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?');
        $query->execute([$paste_id]);
        $result = $query->fetch();

-        if (empty($result) || $result['member'] !== $user_username) {
+        if (empty($result) || $result['user_id'] !== $profile_info['id']) {
            $error = $lang['delete_error_invalid']; // Does not exist or not paste owner
        } else {
            $query = $conn->prepare('DELETE FROM pastes WHERE id = ?');