PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some admin page fixes.

Browse source
This commit is contained in:
Floorb 2021-08-09 04:21:39 -04:00
parent 9d5e263c43
commit 78427b410a
13 changed files with 107 additions and 219 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
admin/admin.php
View file

@ -13,7 +13,7 @@
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
define('IN_ADMIN', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
$query = $conn->query('SELECT user FROM admin LIMIT 1'); $query = $conn->query('SELECT user FROM admin LIMIT 1');

2
admin/ads.php
View file

@ -13,7 +13,7 @@
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
define('IN_ADMIN', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
updateAdminHistory($conn); updateAdminHistory($conn);

23
admin/common.php
View file

@ -1,15 +1,8 @@
<?php <?php
if (!defined('IN_ADMIN')) { if (!defined('IN_PONEPASTE')) {
die(); die('This file may not be accessed directly.');
} }
$db_opts = [ require_once('../includes/common.php');
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, /* throw a fatal exception on database errors */
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, /* Fetch rows as an associative array (hash table) by default */
PDO::ATTR_EMULATE_PREPARES => false
];
require_once('../includes/config.php');
function updateAdminHistory($conn) { function updateAdminHistory($conn) {
$last_date = null; $last_date = null;
@ -29,8 +22,6 @@ function updateAdminHistory($conn) {
} }
} }
session_start();
if (!isset($_SESSION['login'])) { if (!isset($_SESSION['login'])) {
header('Location: .'); header('Location: .');
exit(); exit();
@ -45,11 +36,3 @@ if (isset($_GET['logout'])) {
exit(); exit();
} }
$conn = new PDO(
"mysql:host=$db_host;dbname=$db_schema;charset=utf8",
$db_user,
$db_pass,
$db_opts
);

201
admin/configuration.php
View file

@ -12,7 +12,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
define('IN_ADMIN', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
const CONFIG_FILE_PATH = '../config/site.php'; const CONFIG_FILE_PATH = '../config/site.php';
@ -31,39 +31,26 @@ function updateConfiguration(string $path, array $new_config) {
fclose($fp); fclose($fp);
} }
/** @noinspection PhpIncludeInspection */
$current_config = require(CONFIG_FILE_PATH); $current_config = require(CONFIG_FILE_PATH);
$current_site_info = $current_config['site_info']; $current_site_info = $current_config['site_info'];
$current_permissions = $current_config['permissions']; $current_permissions = $current_config['permissions'];
$current_mail = $current_config['mail']; $current_mail = $current_config['mail'];
$current_captcha = $current_config['captcha'];
$result = $conn->query('SELECT * FROM captcha WHERE id = 1');
if ($row = $result->fetch()) {
$cap_e = $row['cap_e'];
$mode = $row['mode'];
$mul = $row['mul'];
$allowed = $row['allowed'];
$color = $row['color'];
$recaptcha_sitekey = $row['recaptcha_sitekey'];
$recaptcha_secretkey = $row['recaptcha_secretkey'];
}
/* Update the configuration if necessary */ /* Update the configuration if necessary */
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action']; $action = $_POST['action'];
if ($action === 'manage') { if ($action === 'site_info') {
$data = $_POST['site_info'];
$new_site_info = [ $new_site_info = [
'title' => trim($_POST['title']), 'title' => trim($data['title']),
'description' => trim($_POST['description']), 'description' => trim($data['description']),
'baseurl' => trim($_POST['baseurl']), 'baseurl' => trim($data['baseurl']),
'keywords' => trim($_POST['keywords']), 'keywords' => trim($data['keywords']),
'site_name' => trim($_POST['site_name']), 'site_name' => trim($data['site_name']),
'email' => trim($_POST['email']), 'email' => trim($data['email']),
'google_analytics' => trim($_POST['ga']), 'additional_scripts' => trim($data['additional_scripts'])
'additional_scripts' => trim($_POST['additional_scripts'])
]; ];
$current_config['site_info'] = $new_site_info; $current_config['site_info'] = $new_site_info;
@ -86,23 +73,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$msg = '<div class="paste-alert alert3" style="text-align: center;"> $msg = '<div class="paste-alert alert3" style="text-align: center;">
Site permissions saved. Site permissions saved.
</div>'; </div>';
} elseif (isset($_POST['cap'])) { } elseif ($action === 'captcha') {
$query = $conn->prepare( $new_captcha = [
'UPDATE captcha SET cap_e = ?, mode = ?, mul = ?, allowed = ?, color = ?, recaptcha_sitekey = ?, recaptcha_secretkey = ? WHERE id = 1' 'enabled' => ($_POST['captcha']['enabled'] === '1'),
); 'multiple' => ($_POST['captcha']['multiple'] === '1')
$query->execute([ ];
trim($_POST['cap_e']),
trim($_POST['mode']), $current_config['captcha'] = $new_captcha;
trim($_POST['mul']), $current_captcha = $new_captcha;
trim($_POST['allowed']),
trim($_POST['color']), updateConfiguration(CONFIG_FILE_PATH, $current_config);
trim($_POST['recaptcha_sitekey']),
trim($_POST['recaptcha_secretkey'])
]);
$msg = '<div class="paste-alert alert3" style="text-align: center;"> $msg = '<div class="paste-alert alert3" style="text-align: center;">
Captcha settings saved Captcha settings saved
</div>'; </div>';
} }
} }
?> ?>
@ -170,89 +154,76 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="tab-content"> <div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="siteinfo"> <div role="tabpanel" class="tab-pane active" id="siteinfo">
<form class="form-horizontal" method="POST" <form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>"> action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Site Name</label> <label class="col-sm-2 control-label form-label" for="site_info_name">Site Name</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="site_name" <input type="text" class="form-control" name="site_info[site_name]" id="site_info_name"
placeholder="The name of your site" placeholder="The name of your site"
value="<?php echo htmlentities($current_site_info['site_name'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['site_name']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Site Title</label> <label class="col-sm-2 control-label form-label" for="site_info_title">Site Title</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="title" <input type="text" class="form-control" name="site_info[title]" id="site_info_title"
placeholder="Site title tag" placeholder="Site title tag"
value="<?php echo htmlentities($current_site_info['title'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['title']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Domain name</label> <label class="col-sm-2 control-label form-label" for="site_info_baseurl">Domain name</label>
<div class="col-sm-1" style="padding:5px;"> <div class="col-sm-1" style="padding:5px;">
<span class="badge"> <span class="badge">
<?php if ($_SERVER['HTTPS'] == "on") { <?= !empty($_SERVER['HTTPS']) ? 'https://' : 'http://' ?>;
echo "https://";
} else {
echo "http://";
} ?>
</span> </span>
</div> </div>
<div class="col-sm-5"> <div class="col-sm-5">
<input type="text" class="form-control" name="baseurl" <input type="text" class="form-control" name="site_info[baseurl]" id="site_info_baseurl"
placeholder="eg: pastethis.in (no trailing slash)" placeholder="eg: ponepaste.org (no trailing slash)"
value="<?php echo htmlentities($current_site_info['baseurl'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['baseurl']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Site Description</label> <label class="col-sm-2 control-label form-label" for="site_info_description">Site Description</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="description" <input type="text" class="form-control" name="site_info[description]" id="site_info_description"
placeholder="Site description" placeholder="Site description"
value="<?php echo htmlentities($current_site_info['description'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['description']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Site Keywords</label> <label class="col-sm-2 control-label form-label" for="site_info_keywords">Site Keywords</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="keywords" <input type="text" class="form-control" name="site_info[keywords]" id="site_info_keywords"
placeholder="Keywords (separated by a comma)" placeholder="Keywords (separated by a comma)"
value="<?php echo htmlentities($current_site_info['keywords'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['keywords']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Google Analytics</label> <label class="col-sm-2 control-label form-label" for="site_info_email">Admin Email</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="ga" <input type="text" class="form-control" name="site_info[email]" placeholder="Email" id="site_info_email"
value="<?php echo htmlentities($current_site_info['google_analytics'], ENT_QUOTES); ?>"> value="<?= pp_html_escape($current_site_info['email']); ?>">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label form-label">Admin Email</label> <label class="col-sm-2 control-label form-label" for="site_info_additional_scripts">Additional Site
<div class="col-sm-10">
<input type="text" class="form-control" name="email" placeholder="Email"
value="<?php echo htmlentities($current_site_info['email'], ENT_QUOTES); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Additional Site
Scripts</label> Scripts</label>
<div class="col-sm-10"> <div class="col-sm-10">
<textarea class="form-control" id="additional_scripts" <textarea class="form-control" id="additional_scripts" id="site_info_additional_scripts"
name="additional_scripts" name="site_info[additional_scripts]"
rows="8"><?php echo htmlentities($current_site_info['title'], ENT_QUOTES); ?></textarea> rows="8"><?= pp_html_escape($current_site_info['title']); ?></textarea>
</div> </div>
</div> </div>
<input type="hidden" name="action" value="manage"/> <input type="hidden" name="action" value="site_info"/>
<div class="form-group"> <div class="form-group">
<div class="col-sm-offset-2 col-sm-10"> <div class="col-sm-offset-2 col-sm-10">
@ -300,36 +271,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div role="tabpanel" class="tab-pane" id="captcha"> <div role="tabpanel" class="tab-pane" id="captcha">
<form class="form-horizontal" method="POST" <form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>"> action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="checkbox checkbox-primary"> <div class="checkbox checkbox-primary">
<input <?php if ($cap_e == "on") echo 'checked="true"'; ?> type="checkbox" <input <?php if ($current_captcha['enabled']) echo 'checked="true"'; ?> type="checkbox"
name="cap_e" name="captcha[enabked]"
id="cap_e"> id="captcha_enabled">
<label for="cap_e">Enable Captcha</label> <label for="captcha_enabled">Enable Captcha</label>
</div> </div>
<br/> <br/>
<div class="form-group row"> <div class="form-group row">
<label for="mode" class="col-sm-1 col-form-label">Captcha Type</label> <label for="captcha_mode" class="col-sm-1 col-form-label">Captcha Type</label>
<select class="selectpicker" name="mode"> <select id="captcha_mode" class="selectpicker" name="captcha[mode]">
<?php <?php
if ($mode == "reCAPTCHA") { if ($current_captcha['mode'] == "Easy") {
echo '<option selected="">reCAPTCHA</option>';
} else {
echo '<option>reCAPTCHA</option>';
}
if ($mode == "Easy") {
echo '<option selected="">Easy</option>'; echo '<option selected="">Easy</option>';
} else { } else {
echo '<option>Easy</option>'; echo '<option>Easy</option>';
} }
if ($mode == "Normal") {
if ($current_captcha['mode'] == "Normal") {
echo '<option selected="">Normal</option>'; echo '<option selected="">Normal</option>';
} else { } else {
echo '<option>Normal</option>'; echo '<option>Normal</option>';
} }
if ($mode == "Tough") {
if ($current_captcha['mode'] == "Tough") {
echo '<option selected="">Tough</option>'; echo '<option selected="">Tough</option>';
} else { } else {
echo '<option>Tough</option>'; echo '<option>Tough</option>';
@ -343,52 +311,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
Internal Captcha Settings: Internal Captcha Settings:
</div> </div>
<div class="checkbox checkbox-primary"> <div class="checkbox checkbox-primary">
<input <?php if ($mul == "on") echo 'checked="true"'; ?> type="checkbox" <input <?php if ($current_captcha['multiple']) echo 'checked="checked"'; ?> type="checkbox"
name="mul" name="captcha[multiple]"
id="mul"> id="captcha_multiple">
<label for="mul">Enable multiple backgrounds</label> <label for="captcha_multiple">Enable multiple backgrounds</label>
</div> </div>
<br/> <br/>
<div class="form-group row"> <div class="form-group row">
<label for="allowed" class="col-sm-1 col-form-label">Captcha <label for="captcha_allowed" class="col-sm-1 col-form-label">Captcha
Characters</label> Characters</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" id="allowed" name="allowed" <input type="text" id="captcha_allowed" name="captcha[allowed]"
placeholder="Allowed Characters" value="<?php echo $allowed; ?>"> placeholder="Allowed Characters" value="<?php echo $current_captcha['allowed']; ?>">
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<label for="color" class="col-sm-1 col-form-label">Captcha Text <label for="captcha_colour" class="col-sm-1 col-form-label">Captcha Text
Colour</label> Colour</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" id="color" name="color" <input type="text" id="captcha_colour" name="captcha[colour]"
placeholder="Captcha Text Colour" value="<?php echo $color; ?>"> placeholder="Captcha Text Colour" value="<?= $current_captcha['colour']; ?>">
</div> </div>
</div> </div>
<hr/> <hr/>
<div class="panel-title">
reCAPTCHA Settings:
</div>
<div class="form-group row">
<label for="recaptcha_sitekey" class="col-sm-1 col-form-label">Site
Key</label>
<div class="col-sm-10">
<input type="text" id="recaptcha_sitekey" name="recaptcha_sitekey"
placeholder="Site Key" value="<?php echo $recaptcha_sitekey; ?>">
</div>
</div>
<div class="form-group row">
<label for="recaptcha_secretkey" class="col-sm-1 col-form-label">Secret
Key</label>
<div class="col-sm-10">
<input type="text" id="recaptcha_secretkey" name="recaptcha_secretkey"
placeholder="Site Key"
value="<?php echo $recaptcha_secretkey; ?>">
</div>
</div>
<input type="hidden" name="cap" value="cap"/> <input type="hidden" name="cap" value="cap"/>
@ -429,16 +376,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<script> <script>
function show() { function show() {
var smtppassword = document.getElementById('smtp_pass'); document.getElementById('smtp_pass').setAttribute('type', 'text');
smtppassword.setAttribute('type', 'text');
} }
function hide() { function hide() {
var smtppassword = document.getElementById('smtp_pass'); document.getElementById('smtp_pass').setAttribute('type', 'password');
smtppassword.setAttribute('type', 'password');
} }
if ($('#smtppasstoggle').is(':checked')) { if (document.getElementById('smtppasstoggle').hasAttribute('checked')) {
show(); show();
} else { } else {
hide(); hide();

3
admin/dashboard.php
View file

@ -13,12 +13,13 @@
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
define('IN_ADMIN', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
$today_users_count = 0; $today_users_count = 0;
$today_pastes_count = 0; $today_pastes_count = 0;
require_once('../includes/common.php');
require_once('../includes/functions.php'); require_once('../includes/functions.php');
updateAdminHistory($conn); updateAdminHistory($conn);

2
admin/pastes.php
View file

@ -12,7 +12,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
define('IN_ADMIN', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
updateAdminHistory($conn); updateAdminHistory($conn);

7
config/site.php
View file

@ -28,5 +28,12 @@ return array(
'socket' => '', 'socket' => '',
'auth' => '', 'auth' => '',
'protocol' => '' 'protocol' => ''
],
'captcha' => [
'enabled' => true,
'multiple' => false,
'mode' => 'Normal',
'allowed' => 'ABCDEFGHIJKLMNOPQRSTUVYXYZabcdefghijklmnopqrstuvwxyz0123456789',
'colour' => '#000000'
] ]
); );

5
includes/common.php
View file

@ -128,6 +128,10 @@ if ($site_permissions) {
$privatesite = $siteprivate; $privatesite = $siteprivate;
$noguests = $disableguest; $noguests = $disableguest;
// CAPTCHA configuration
$captcha_config = $site_info['captcha'];
$captcha_enabled = (bool) $captcha_config['enabled'];
// Prevent a potential LFI (you never know :p) // Prevent a potential LFI (you never know :p)
$lang_file = "${default_lang}.php"; $lang_file = "${default_lang}.php";
if (in_array($lang_file, scandir(__DIR__ . '/../langs/'))) { if (in_array($lang_file, scandir(__DIR__ . '/../langs/'))) {
@ -144,7 +148,6 @@ $total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn); $total_unique_views = getSiteTotal_unique_views($conn);
$current_user = User::current($conn); $current_user = User::current($conn);
//$current_user = getCurrentUser($conn);
if ($current_user) { if ($current_user) {
$noguests = "off"; $noguests = "off";

6
includes/passwords.php
View file

@ -7,7 +7,7 @@ function pp_password_hash(string $password) : string {
function pp_password_verify(string $password, string $hash, bool &$needs_rehash = null) : bool { function pp_password_verify(string $password, string $hash, bool &$needs_rehash = null) : bool {
/* New, peppered hash. */ /* New, peppered hash. */
if ($hash[0] === 'P') { if ($hash && $hash[0] === 'P') {
if ($needs_rehash !== null) { if ($needs_rehash !== null) {
$needs_rehash = false; $needs_rehash = false;
} }
@ -15,7 +15,7 @@ function pp_password_verify(string $password, string $hash, bool &$needs_rehash
return password_verify($password . PP_PASSWORD_PEPPER, substr($hash, 1)); return password_verify($password . PP_PASSWORD_PEPPER, substr($hash, 1));
} }
/* Old, unpeppered hash. */ /* Old, non-peppered hash. */
if ($needs_rehash !== null) { if ($needs_rehash !== null) {
$needs_rehash = true; $needs_rehash = true;
} }
@ -38,7 +38,7 @@ function pp_random_token() : string {
function pp_random_password() : string { function pp_random_password() : string {
/* MD-5 is OK to use here because it is not being used to protect secure data, /* MD-5 is OK to use here because it is not being used to protect secure data,
* but rather to reduce the size of the string a little bit into something that * but rather to reduce the size of the string a little into something that
* can reasonably be handled by a user. * can reasonably be handled by a user.
*/ */
return hash('MD5', pp_random_bytes(64)); return hash('MD5', pp_random_bytes(64));

47
index.php
View file

@ -27,34 +27,18 @@ require_once('includes/captcha.php');
require_once('includes/functions.php'); require_once('includes/functions.php');
require_once('includes/Tag.class.php'); require_once('includes/Tag.class.php');
function verifyCaptcha() : string|bool { function verifyCaptcha() : string | bool {
global $cap_e; global $captcha_config;
global $mode;
global $recaptcha_secretkey;
global $lang; global $lang;
global $current_user; global $current_user;
if ($cap_e == "on" && !$current_user) { if ($captcha_config['enabled'] && !$current_user) {
if ($mode == "reCAPTCHA") {
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secretkey . "&response=" . $_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if ($response["success"] == false) {
// reCAPTCHA Errors
return match ($response["error-codes"][0]) {
"missing-input-response" => $lang['missing-input-response'],
"missing-input-secret" => $lang['missing-input-secret'],
"invalid-input-secret" => $lang['invalid-input-secret'],
default => $lang['error']
};
}
} else {
$scode = strtolower(htmlentities(Trim($_POST['scode']))); $scode = strtolower(htmlentities(Trim($_POST['scode'])));
$cap_code = strtolower($_SESSION['captcha']['code']); $cap_code = strtolower($_SESSION['captcha']['code']);
if ($cap_code !== $scode) { if ($cap_code !== $scode) {
return $lang['image_wrong']; // Wrong captcha. return $lang['image_wrong']; // Wrong captcha.
} }
} }
}
return true; return true;
} }
@ -82,7 +66,6 @@ function calculatePasteExpiry(string $expiry) {
function validatePasteFields() : string|null { function validatePasteFields() : string|null {
global $lang; global $lang;
global $pastelimit;
if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */ if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
return $lang['empty_paste']; return $lang['empty_paste'];
@ -113,29 +96,9 @@ if ($row = $site_sitemap_rows->fetch()) {
$changefreq = $row['changefreq']; $changefreq = $row['changefreq'];
} }
// Captcha
$site_captcha_rows = $conn->query("SELECT * FROM captcha LIMIT 1");
if ($row = $site_captcha_rows->fetch()) {
$color = Trim($row['color']);
$mode = Trim($row['mode']);
$mul = Trim($row['mul']);
$allowed = Trim($row['allowed']);
$cap_e = Trim($row['cap_e']);
$recaptcha_sitekey = Trim($row['recaptcha_sitekey']);
$recaptcha_secretkey = Trim($row['recaptcha_secretkey']);
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
if ($cap_e == "on") { if ($captcha_config['enabled']) {
if ($mode == "reCAPTCHA") { $_SESSION['captcha'] = captcha($captcha_config['colour'], $captcha_config['mode'], $captcha_config['multiple'], $captcha_config['allowed']);
$_SESSION['captcha_mode'] = "recaptcha";
$_SESSION['captcha'] = $recaptcha_sitekey;
} else {
$_SESSION['captcha_mode'] = "internal";
$_SESSION['captcha'] = captcha($color, $mode, $mul, $allowed);
}
} else {
$_SESSION['captcha_mode'] = "none";
} }
} }

10
login.php
View file

@ -125,17 +125,15 @@ if (isset($_POST['forgot'])) {
} elseif (!isValidUsername($username)) { } elseif (!isValidUsername($username)) {
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters."; $error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
} else { } else {
$query = $conn->query('SELECT 1 FROM users WHERE username = ?', [$username]); if ($conn->querySelectOne('SELECT 1 FROM users WHERE username = ?', [$username])) {
if ($query->fetch()) {
$error = $lang['userexists']; // "Username already taken."; $error = $lang['userexists']; // "Username already taken.";
} else { } else {
$recovery_code = pp_random_token(); $recovery_code = pp_random_token();
$recovery_code_hash = pp_password_hash($recovery_code); $recovery_code_hash = pp_password_hash($recovery_code);
$query = $conn->prepare( $conn->query(
"INSERT INTO users (username, password, recovery_code_hash, picture, date, ip, badge) VALUES (?, ?, ?, 'NONE', ?, ?, '0')" "INSERT INTO users (username, password, recovery_code_hash, picture, date, ip, badge) VALUES (?, ?, ?, 'NONE', ?, ?, '0')",
[$username, $password, $recovery_code_hash, $date, $ip]
); );
$query->execute([$username, $password, $recovery_code_hash, $date, $ip]);
$success = $lang['registered']; // "Your account was successfully registered."; $success = $lang['registered']; // "Your account was successfully registered.";
} }

3
theme/bulma/header.php
View file

@ -51,9 +51,6 @@ $start = $time;
if (isset($ges_style)) { if (isset($ges_style)) {
echo $ges_style; echo $ges_style;
} }
if (isset($_SESSION['captcha_mode']) == "recaptcha") {
echo "<script src='https://www.google.com/recaptcha/api.js'></script>";
}
?> ?>
</head> </head>

15
theme/bulma/main.php
View file

@ -389,17 +389,8 @@
?> ?>
</div> </div>
<div class="column is-4"> <div class="column is-4">
<!-- ReCaptcha & Captcha --> <!-- CAPTCHA -->
<?php if ($cap_e == "on" && $current_user === null) { <?php if ($captcha_config['enabled'] && $current_user === null): ?>
if ($_SESSION['captcha_mode'] == "recaptcha") {
?>
<div class="g-recaptcha" style="float: right; right: 0;"
data-sitekey="<?php echo $_SESSION['captcha']; ?>"></div>
<br/>
<?php
} else {
?>
<!-- Captcha -->
<div class="is-one-quarter"> <div class="is-one-quarter">
<div class="notification"> <div class="notification">
<span class="tags are-large"><?php echo '<img src="' . $_SESSION['captcha']['image_src'] . '" alt="CAPTCHA" class="imagever">'; ?></span> <span class="tags are-large"><?php echo '<img src="' . $_SESSION['captcha']['image_src'] . '" alt="CAPTCHA" class="imagever">'; ?></span>
@ -409,7 +400,7 @@
"Enter"</p> "Enter"</p>
</div> </div>
</div> </div>
<?php } <?php endif; ?>
} ?> } ?>
</div> </div>
</div> </div>