PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 22:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix login/signup and user.php mostly

Browse source
This commit is contained in:
Floorb 2021-07-15 18:06:24 -04:00
parent a145ff3cc5
commit 478692176e
6 changed files with 57 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/common.php
View file

@ -53,7 +53,7 @@ function getCurrentUser(PDO $conn) : array | null {
} }
$query = $conn->prepare('SELECT * FROM users WHERE username = ?'); $query = $conn->prepare('SELECT * FROM users WHERE username = ?');
$query->execute($_SESSION['username']); $query->execute([$_SESSION['username']]);
return $query->fetch(); return $query->fetch();
} }

21
includes/functions.php
View file

@ -26,8 +26,11 @@ function timer() {
} }
} }
function getUserFavs($conn, $username) { function getUserFavs(PDO $conn, string $username) : array {
$query = $conn->prepare("SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.now_time, pastes.tagsys FROM pins, pastes WHERE pins.f_paste = pastes.id AND pins.m_fav=?"); $query = $conn->prepare(
"SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
FROM pins, pastes
WHERE pins.f_paste = pastes.id AND pins.m_fav = ?");
$query->execute([$username]); $query->execute([$username]);
return $query->fetchAll(); return $query->fetchAll();
} }
@ -40,9 +43,9 @@ $query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?"
//Can't seem to get working. //Can't seem to get working.
function checkFavorite($conn,$paste_id, $user_id) { function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
$query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?"); $query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
$query->execute([$user_id,$paste_id]); $query->execute([$username, $paste_id]);
if ($query->fetch()) { if ($query->fetch()) {
return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>"; return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
@ -263,9 +266,13 @@ LIMIT 0 , ?");
} }
function getUserPastes($conn, $username) { function getUserPastes(PDO $conn, $user_id) : array {
$query = $conn->prepare("SELECT id, title, code, views, now_time, visible, date, tagsys, member FROM pastes where member=? ORDER by id DESC"); $query = $conn->prepare(
$query->execute([$username]); "SELECT id, title, code, views, created_at, visible, tagsys
FROM pastes
where user_id = ?
ORDER by id DESC");
$query->execute([$user_id]);
return $query->fetchAll(); return $query->fetchAll();
} }

2
login.php
View file

@ -147,6 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Login process // Login process
if (isset($_POST['signin'])) { if (isset($_POST['signin'])) {
if (!empty($_POST['username']) && !empty($_POST['password'])) { if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = trim($_POST['username']);
$query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?"); $query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?");
$query->execute([$username]); $query->execute([$username]);
$row = $query->fetch(); $row = $query->fetch();
@ -195,6 +196,7 @@ if (isset($_POST['signup'])) {
} elseif (!isValidUsername($username)) { } elseif (!isValidUsername($username)) {
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters."; $error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
} else { } else {
$email = trim($_POST['email']);
$query = $conn->prepare('SELECT 1 FROM users WHERE username = ?'); $query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
$query->execute([$username]); $query->execute([$username]);
if ($query->fetch()) { if ($query->fetch()) {

9
theme/bulma/user_profile.php
View file

@ -172,13 +172,12 @@ $protocol = paste_protocol();
</tfoot> </tfoot>
<tbody> <tbody>
<?php <?php
$res = getUserPastes($conn, $profile_username); foreach ($profile_pastes as $row) {
foreach ($res as $index => $row) {
$title = Trim($row['title']); $title = Trim($row['title']);
$p_id = Trim($row['id']); $p_id = Trim($row['id']);
$p_code = Trim($row['code']); $p_code = Trim($row['code']);
$p_date = strtotime(Trim($row['date'])); $p_date = new DateTime($row['created_at']);
$p_dateui = date("d F Y", $p_date); $p_dateui = $p_date->format("d F Y");
$p_views = Trim($row['views']); $p_views = Trim($row['views']);
$p_visible = Trim($row['visible']); $p_visible = Trim($row['visible']);
$p_tags = Trim($row['tagsys']); $p_tags = Trim($row['tagsys']);
@ -209,7 +208,7 @@ $protocol = paste_protocol();
<td> <td>
<a href="' . $protocol . $baseurl . '/' . $p_link . '" title="' . $title . '">' . ($title) . '</a> <a href="' . $protocol . $baseurl . '/' . $p_link . '" title="' . $title . '">' . ($title) . '</a>
</td> </td>
<td data-sort="' . $p_date . '" class="td-center"> <td data-sort="' . $p_date->format('U') . '" class="td-center">
<span>' . $p_dateui . '</span> <span>' . $p_dateui . '</span>
</td> </td>
<td class="td-center"> <td class="td-center">

2
theme/bulma/view.php
View file

@ -180,7 +180,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="panel-tools"> <div class="panel-tools">
<?php if (isset($_SESSION['token'])) { <?php if (isset($_SESSION['token'])) {
$f_username = $_SESSION['username']; $f_username = $_SESSION['username'];
$fav_paste = checkFavorite($paste_id, $f_username, $con); $fav_paste = checkFavorite($conn, $paste_id, $f_username);
} }
?> ?>
<a class="icon tool-icon" class="flip" onclick="openreport()"><i <a class="icon tool-icon" class="flip" onclick="openreport()"><i

55
user.php
View file

@ -25,16 +25,21 @@ $ip = $_SERVER['REMOTE_ADDR'];
// If username defined in URL, then check if it's exists in database. If invalid, redirect to main site. // If username defined in URL, then check if it's exists in database. If invalid, redirect to main site.
$user_username = trim($_SESSION['username']); $user_username = trim($_SESSION['username']);
if (isset($_GET['user'])) {
$profile_username = trim($_GET['user']);
if (!existingUser($conn, $profile_username)) { if (empty($_GET['user'])) {
// Invalid username // No username provided
header("Location: ../error.php"); header("Location: ../error.php");
die(); die();
} }
} else {
// No access to user.php $profile_username = trim($_GET['user']);
$query = $conn->prepare('SELECT id, date, badge FROM users WHERE username = ?');
$query->execute([$profile_username]);
$profile_info = $query->fetch();
if (!$profile_info) {
// Invalid username
header("Location: ../error.php"); header("Location: ../error.php");
die(); die();
} }
@ -43,9 +48,9 @@ $p_title = $profile_username . $lang['user_public_pastes']; // "Username's Publi
// Favorite Counts // Favorite Counts
$query = $conn->prepare( $query = $conn->prepare(
'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.member = ?' 'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.user_id = ?'
); );
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]); $total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
@ -56,41 +61,37 @@ $query->execute([$profile_username]);
$total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]); $total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
// Badges // Badges
$query = $conn->prepare('SELECT badge FROM users WHERE username = ?'); $profile_badge = match ($profile_info['badge']) {
$query->execute([$profile_username]);
$profile_badge = match ($query->fetch()['badge']) {
1 => '<img src = "/img/badges/donate.png" title="[Donated] Donated to Ponepaste" style="margin:5px">', 1 => '<img src = "/img/badges/donate.png" title="[Donated] Donated to Ponepaste" style="margin:5px">',
2 => '<img src = "/img/badges/spoon.png" title="[TheWoodenSpoon] You had one job" style="margin:5px">', 2 => '<img src = "/img/badges/spoon.png" title="[TheWoodenSpoon] You had one job" style="margin:5px">',
3 => '<img src = "/img/badges/abadge.png" title="[>AFuckingBadge] Won a PasteJam Competition" style="margin:5px">', 3 => '<img src = "/img/badges/abadge.png" title="[>AFuckingBadge] Won a PasteJam Competition" style="margin:5px">',
default => '', default => '',
}; };
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ?'); $query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ?');
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$profile_total_pastes = intval($query->fetch(PDO::FETCH_NUM)[0]); $profile_total_pastes = intval($query->fetch(PDO::FETCH_NUM)[0]);
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 0'); $query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 0');
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$profile_total_public = intval($query->fetch(PDO::FETCH_NUM)[0]); $profile_total_public = intval($query->fetch(PDO::FETCH_NUM)[0]);
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 1'); $query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 1');
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$profile_total_unlisted = intval($query->fetch(PDO::FETCH_NUM)[0]); $profile_total_unlisted = intval($query->fetch(PDO::FETCH_NUM)[0]);
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 2'); $query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 2');
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$profile_total_private = intval($query->fetch(PDO::FETCH_NUM)[0]); $profile_total_private = intval($query->fetch(PDO::FETCH_NUM)[0]);
$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE member = ?'); $query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE user_id = ?');
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]); $profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);
$profile_join_date = $profile_info['date'];
$query = $conn->prepare('SELECT date FROM users WHERE username = ?'); $profile_pastes = getUserPastes($conn, $profile_info['id']);
$query->execute([$profile_username]);
$profile_join_date = $query->fetch()['date'];
updatePageViews($conn); updatePageViews($conn);
@ -99,11 +100,11 @@ if (isset($_GET['del'])) {
if ($_SESSION['token']) { // Prevent unauthorized deletes if ($_SESSION['token']) { // Prevent unauthorized deletes
$paste_id = intval(trim($_GET['id'])); $paste_id = intval(trim($_GET['id']));
$query = $conn->prepare('SELECT member FROM pastes WHERE id = ?'); $query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?');
$query->execute([$paste_id]); $query->execute([$paste_id]);
$result = $query->fetch(); $result = $query->fetch();
if (empty($result) || $result['member'] !== $user_username) { if (empty($result) || $result['user_id'] !== $profile_info['id']) {
$error = $lang['delete_error_invalid']; // Does not exist or not paste owner $error = $lang['delete_error_invalid']; // Does not exist or not paste owner
} else { } else {
$query = $conn->prepare('DELETE FROM pastes WHERE id = ?'); $query = $conn->prepare('DELETE FROM pastes WHERE id = ?');