mirror of
https://github.com/Neetpone/ponepaste.git
synced 2025-03-12 14:40:09 +01:00
Fix login/signup and user.php mostly
This commit is contained in:
Floorb
parent
a145ff3cc5
commit
478692176e
6 changed files with 57 additions and 48 deletions
|
|
@ -53,7 +53,7 @@ function getCurrentUser(PDO $conn) : array | null {
|
|||
}
|
||||
|
||||
$query = $conn->prepare('SELECT * FROM users WHERE username = ?');
|
||||
$query->execute($_SESSION['username']);
|
||||
$query->execute([$_SESSION['username']]);
|
||||
|
||||
return $query->fetch();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,8 +26,11 @@ function timer() {
|
|||
}
|
||||
}
|
||||
|
||||
function getUserFavs($conn, $username) {
|
||||
$query = $conn->prepare("SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.now_time, pastes.tagsys FROM pins, pastes WHERE pins.f_paste = pastes.id AND pins.m_fav=?");
|
||||
function getUserFavs(PDO $conn, string $username) : array {
|
||||
$query = $conn->prepare(
|
||||
"SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
|
||||
FROM pins, pastes
|
||||
WHERE pins.f_paste = pastes.id AND pins.m_fav = ?");
|
||||
$query->execute([$username]);
|
||||
return $query->fetchAll();
|
||||
}
|
||||
|
|
@ -40,9 +43,9 @@ $query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?"
|
|||
|
||||
|
||||
//Can't seem to get working.
|
||||
function checkFavorite($conn,$paste_id, $user_id) {
|
||||
function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
|
||||
$query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
|
||||
$query->execute([$user_id,$paste_id]);
|
||||
$query->execute([$username, $paste_id]);
|
||||
|
||||
if ($query->fetch()) {
|
||||
return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
|
||||
|
|
@ -263,9 +266,13 @@ LIMIT 0 , ?");
|
|||
}
|
||||
|
||||
|
||||
function getUserPastes($conn, $username) {
|
||||
$query = $conn->prepare("SELECT id, title, code, views, now_time, visible, date, tagsys, member FROM pastes where member=? ORDER by id DESC");
|
||||
$query->execute([$username]);
|
||||
function getUserPastes(PDO $conn, $user_id) : array {
|
||||
$query = $conn->prepare(
|
||||
"SELECT id, title, code, views, created_at, visible, tagsys
|
||||
FROM pastes
|
||||
where user_id = ?
|
||||
ORDER by id DESC");
|
||||
$query->execute([$user_id]);
|
||||
return $query->fetchAll();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -147,6 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
// Login process
|
||||
if (isset($_POST['signin'])) {
|
||||
if (!empty($_POST['username']) && !empty($_POST['password'])) {
|
||||
$username = trim($_POST['username']);
|
||||
$query = $conn->prepare("SELECT id, password, banned, verified FROM users WHERE username = ?");
|
||||
$query->execute([$username]);
|
||||
$row = $query->fetch();
|
||||
|
|
@ -195,6 +196,7 @@ if (isset($_POST['signup'])) {
|
|||
} elseif (!isValidUsername($username)) {
|
||||
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
|
||||
} else {
|
||||
$email = trim($_POST['email']);
|
||||
$query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
|
||||
$query->execute([$username]);
|
||||
if ($query->fetch()) {
|
||||
|
|
|
|||
|
|
@ -172,13 +172,12 @@ $protocol = paste_protocol();
|
|||
</tfoot>
|
||||
<tbody>
|
||||
<?php
|
||||
$res = getUserPastes($conn, $profile_username);
|
||||
foreach ($res as $index => $row) {
|
||||
foreach ($profile_pastes as $row) {
|
||||
$title = Trim($row['title']);
|
||||
$p_id = Trim($row['id']);
|
||||
$p_code = Trim($row['code']);
|
||||
$p_date = strtotime(Trim($row['date']));
|
||||
$p_dateui = date("d F Y", $p_date);
|
||||
$p_date = new DateTime($row['created_at']);
|
||||
$p_dateui = $p_date->format("d F Y");
|
||||
$p_views = Trim($row['views']);
|
||||
$p_visible = Trim($row['visible']);
|
||||
$p_tags = Trim($row['tagsys']);
|
||||
|
|
@ -209,7 +208,7 @@ $protocol = paste_protocol();
|
|||
<td>
|
||||
<a href="' . $protocol . $baseurl . '/' . $p_link . '" title="' . $title . '">' . ($title) . '</a>
|
||||
</td>
|
||||
<td data-sort="' . $p_date . '" class="td-center">
|
||||
<td data-sort="' . $p_date->format('U') . '" class="td-center">
|
||||
<span>' . $p_dateui . '</span>
|
||||
</td>
|
||||
<td class="td-center">
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
<div class="panel-tools">
|
||||
<?php if (isset($_SESSION['token'])) {
|
||||
$f_username = $_SESSION['username'];
|
||||
$fav_paste = checkFavorite($paste_id, $f_username, $con);
|
||||
$fav_paste = checkFavorite($conn, $paste_id, $f_username);
|
||||
}
|
||||
?>
|
||||
<a class="icon tool-icon" class="flip" onclick="openreport()"><i
|
||||
|
|
|
|||
55
user.php
55
user.php
|
|
@ -25,16 +25,21 @@ $ip = $_SERVER['REMOTE_ADDR'];
|
|||
|
||||
// If username defined in URL, then check if it's exists in database. If invalid, redirect to main site.
|
||||
$user_username = trim($_SESSION['username']);
|
||||
if (isset($_GET['user'])) {
|
||||
$profile_username = trim($_GET['user']);
|
||||
|
||||
if (!existingUser($conn, $profile_username)) {
|
||||
// Invalid username
|
||||
if (empty($_GET['user'])) {
|
||||
// No username provided
|
||||
header("Location: ../error.php");
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
// No access to user.php
|
||||
|
||||
$profile_username = trim($_GET['user']);
|
||||
|
||||
$query = $conn->prepare('SELECT id, date, badge FROM users WHERE username = ?');
|
||||
$query->execute([$profile_username]);
|
||||
$profile_info = $query->fetch();
|
||||
|
||||
if (!$profile_info) {
|
||||
// Invalid username
|
||||
header("Location: ../error.php");
|
||||
die();
|
||||
}
|
||||
|
|
@ -43,9 +48,9 @@ $p_title = $profile_username . $lang['user_public_pastes']; // "Username's Publi
|
|||
|
||||
// Favorite Counts
|
||||
$query = $conn->prepare(
|
||||
'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.member = ?'
|
||||
'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pins.f_paste = pastes.id WHERE pastes.user_id = ?'
|
||||
);
|
||||
$query->execute([$profile_username]);
|
||||
$query->execute([$profile_info['id']]);
|
||||
$total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
|
||||
|
|
@ -56,41 +61,37 @@ $query->execute([$profile_username]);
|
|||
$total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
// Badges
|
||||
$query = $conn->prepare('SELECT badge FROM users WHERE username = ?');
|
||||
$query->execute([$profile_username]);
|
||||
|
||||
$profile_badge = match ($query->fetch()['badge']) {
|
||||
$profile_badge = match ($profile_info['badge']) {
|
||||
1 => '<img src = "/img/badges/donate.png" title="[Donated] Donated to Ponepaste" style="margin:5px">',
|
||||
2 => '<img src = "/img/badges/spoon.png" title="[TheWoodenSpoon] You had one job" style="margin:5px">',
|
||||
3 => '<img src = "/img/badges/abadge.png" title="[>AFuckingBadge] Won a PasteJam Competition" style="margin:5px">',
|
||||
default => '',
|
||||
};
|
||||
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ?');
|
||||
$query->execute([$profile_username]);
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ?');
|
||||
$query->execute([$profile_info['id']]);
|
||||
$profile_total_pastes = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 0');
|
||||
$query->execute([$profile_username]);
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 0');
|
||||
$query->execute([$profile_info['id']]);
|
||||
$profile_total_public = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 1');
|
||||
$query->execute([$profile_username]);
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 1');
|
||||
$query->execute([$profile_info['id']]);
|
||||
$profile_total_unlisted = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE member = ? AND visible = 2');
|
||||
$query->execute([$profile_username]);
|
||||
$query = $conn->prepare('SELECT COUNT(*) FROM pastes WHERE user_id = ? AND visible = 2');
|
||||
$query->execute([$profile_info['id']]);
|
||||
$profile_total_private = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE member = ?');
|
||||
$query->execute([$profile_username]);
|
||||
$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE user_id = ?');
|
||||
$query->execute([$profile_info['id']]);
|
||||
$profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
||||
|
||||
$profile_join_date = $profile_info['date'];
|
||||
|
||||
$query = $conn->prepare('SELECT date FROM users WHERE username = ?');
|
||||
$query->execute([$profile_username]);
|
||||
$profile_join_date = $query->fetch()['date'];
|
||||
$profile_pastes = getUserPastes($conn, $profile_info['id']);
|
||||
|
||||
|
||||
updatePageViews($conn);
|
||||
|
|
@ -99,11 +100,11 @@ if (isset($_GET['del'])) {
|
|||
if ($_SESSION['token']) { // Prevent unauthorized deletes
|
||||
$paste_id = intval(trim($_GET['id']));
|
||||
|
||||
$query = $conn->prepare('SELECT member FROM pastes WHERE id = ?');
|
||||
$query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?');
|
||||
$query->execute([$paste_id]);
|
||||
$result = $query->fetch();
|
||||
|
||||
if (empty($result) || $result['member'] !== $user_username) {
|
||||
if (empty($result) || $result['user_id'] !== $profile_info['id']) {
|
||||
$error = $lang['delete_error_invalid']; // Does not exist or not paste owner
|
||||
} else {
|
||||
$query = $conn->prepare('DELETE FROM pastes WHERE id = ?');
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue