PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some admin page fixes.

Browse source
This commit is contained in:
Floorb 2021-08-09 04:21:39 -04:00
parent 9d5e263c43
commit 78427b410a
13 changed files with 107 additions and 219 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
admin/admin.php
View file

@ -13,7 +13,7 @@
* GNU General Public License in GPL.txt for more details.
*/
define('IN_ADMIN', 1);
define('IN_PONEPASTE', 1);
require_once('common.php');
$query = $conn->query('SELECT user FROM admin LIMIT 1');

2
admin/ads.php
View file

@ -13,7 +13,7 @@
* GNU General Public License in GPL.txt for more details.
*/
define('IN_ADMIN', 1);
define('IN_PONEPASTE', 1);
require_once('common.php');
updateAdminHistory($conn);

23
admin/common.php
View file

@ -1,15 +1,8 @@
<?php
if (!defined('IN_ADMIN')) {
die();
if (!defined('IN_PONEPASTE')) {
die('This file may not be accessed directly.');
}
$db_opts = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, /* throw a fatal exception on database errors */
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, /* Fetch rows as an associative array (hash table) by default */
PDO::ATTR_EMULATE_PREPARES => false
];
require_once('../includes/config.php');
require_once('../includes/common.php');
function updateAdminHistory($conn) {
$last_date = null;
@ -29,8 +22,6 @@ function updateAdminHistory($conn) {
}
}
session_start();
if (!isset($_SESSION['login'])) {
header('Location: .');
exit();
@ -45,11 +36,3 @@ if (isset($_GET['logout'])) {
exit();
}
$conn = new PDO(
"mysql:host=$db_host;dbname=$db_schema;charset=utf8",
$db_user,
$db_pass,
$db_opts
);

201
admin/configuration.php
View file

@ -12,7 +12,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details.
*/
define('IN_ADMIN', 1);
define('IN_PONEPASTE', 1);
require_once('common.php');
const CONFIG_FILE_PATH = '../config/site.php';
@ -31,39 +31,26 @@ function updateConfiguration(string $path, array $new_config) {
fclose($fp);
}
/** @noinspection PhpIncludeInspection */
$current_config = require(CONFIG_FILE_PATH);
$current_site_info = $current_config['site_info'];
$current_permissions = $current_config['permissions'];
$current_mail = $current_config['mail'];
$result = $conn->query('SELECT * FROM captcha WHERE id = 1');
if ($row = $result->fetch()) {
$cap_e = $row['cap_e'];
$mode = $row['mode'];
$mul = $row['mul'];
$allowed = $row['allowed'];
$color = $row['color'];
$recaptcha_sitekey = $row['recaptcha_sitekey'];
$recaptcha_secretkey = $row['recaptcha_secretkey'];
}
$current_captcha = $current_config['captcha'];
/* Update the configuration if necessary */
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'];
if ($action === 'manage') {
if ($action === 'site_info') {
$data = $_POST['site_info'];
$new_site_info = [
'title' => trim($_POST['title']),
'description' => trim($_POST['description']),
'baseurl' => trim($_POST['baseurl']),
'keywords' => trim($_POST['keywords']),
'site_name' => trim($_POST['site_name']),
'email' => trim($_POST['email']),
'google_analytics' => trim($_POST['ga']),
'additional_scripts' => trim($_POST['additional_scripts'])
'title' => trim($data['title']),
'description' => trim($data['description']),
'baseurl' => trim($data['baseurl']),
'keywords' => trim($data['keywords']),
'site_name' => trim($data['site_name']),
'email' => trim($data['email']),
'additional_scripts' => trim($data['additional_scripts'])
];
$current_config['site_info'] = $new_site_info;
@ -86,23 +73,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Site permissions saved.
</div>';
} elseif (isset($_POST['cap'])) {
$query = $conn->prepare(
'UPDATE captcha SET cap_e = ?, mode = ?, mul = ?, allowed = ?, color = ?, recaptcha_sitekey = ?, recaptcha_secretkey = ? WHERE id = 1'
);
$query->execute([
trim($_POST['cap_e']),
trim($_POST['mode']),
trim($_POST['mul']),
trim($_POST['allowed']),
trim($_POST['color']),
trim($_POST['recaptcha_sitekey']),
trim($_POST['recaptcha_secretkey'])
]);
} elseif ($action === 'captcha') {
$new_captcha = [
'enabled' => ($_POST['captcha']['enabled'] === '1'),
'multiple' => ($_POST['captcha']['multiple'] === '1')
];
$current_config['captcha'] = $new_captcha;
$current_captcha = $new_captcha;
updateConfiguration(CONFIG_FILE_PATH, $current_config);
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Captcha settings saved
</div>';
}
}
?>
@ -170,89 +154,76 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="siteinfo">
<form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>">
action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="form-group">
<label class="col-sm-2 control-label form-label">Site Name</label>
<label class="col-sm-2 control-label form-label" for="site_info_name">Site Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="site_name"
<input type="text" class="form-control" name="site_info[site_name]" id="site_info_name"
placeholder="The name of your site"
value="<?php echo htmlentities($current_site_info['site_name'], ENT_QUOTES); ?>">
value="<?= pp_html_escape($current_site_info['site_name']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Site Title</label>
<label class="col-sm-2 control-label form-label" for="site_info_title">Site Title</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="title"
<input type="text" class="form-control" name="site_info[title]" id="site_info_title"
placeholder="Site title tag"
value="<?php echo htmlentities($current_site_info['title'], ENT_QUOTES); ?>">
value="<?= pp_html_escape($current_site_info['title']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Domain name</label>
<label class="col-sm-2 control-label form-label" for="site_info_baseurl">Domain name</label>
<div class="col-sm-1" style="padding:5px;">
<span class="badge">
<?php if ($_SERVER['HTTPS'] == "on") {
echo "https://";
} else {
echo "http://";
} ?>
<?= !empty($_SERVER['HTTPS']) ? 'https://' : 'http://' ?>;
</span>
</div>
<div class="col-sm-5">
<input type="text" class="form-control" name="baseurl"
placeholder="eg: pastethis.in (no trailing slash)"
value="<?php echo htmlentities($current_site_info['baseurl'], ENT_QUOTES); ?>">
<input type="text" class="form-control" name="site_info[baseurl]" id="site_info_baseurl"
placeholder="eg: ponepaste.org (no trailing slash)"
value="<?= pp_html_escape($current_site_info['baseurl']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Site Description</label>
<label class="col-sm-2 control-label form-label" for="site_info_description">Site Description</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="description"
<input type="text" class="form-control" name="site_info[description]" id="site_info_description"
placeholder="Site description"
value="<?php echo htmlentities($current_site_info['description'], ENT_QUOTES); ?>">
value="<?= pp_html_escape($current_site_info['description']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Site Keywords</label>
<label class="col-sm-2 control-label form-label" for="site_info_keywords">Site Keywords</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="keywords"
<input type="text" class="form-control" name="site_info[keywords]" id="site_info_keywords"
placeholder="Keywords (separated by a comma)"
value="<?php echo htmlentities($current_site_info['keywords'], ENT_QUOTES); ?>">
value="<?= pp_html_escape($current_site_info['keywords']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Google Analytics</label>
<label class="col-sm-2 control-label form-label" for="site_info_email">Admin Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="ga"
value="<?php echo htmlentities($current_site_info['google_analytics'], ENT_QUOTES); ?>">
<input type="text" class="form-control" name="site_info[email]" placeholder="Email" id="site_info_email"
value="<?= pp_html_escape($current_site_info['email']); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Admin Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="email" placeholder="Email"
value="<?php echo htmlentities($current_site_info['email'], ENT_QUOTES); ?>">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">Additional Site
<label class="col-sm-2 control-label form-label" for="site_info_additional_scripts">Additional Site
Scripts</label>
<div class="col-sm-10">
<textarea class="form-control" id="additional_scripts"
name="additional_scripts"
rows="8"><?php echo htmlentities($current_site_info['title'], ENT_QUOTES); ?></textarea>
<textarea class="form-control" id="additional_scripts" id="site_info_additional_scripts"
name="site_info[additional_scripts]"
rows="8"><?= pp_html_escape($current_site_info['title']); ?></textarea>
</div>
</div>
<input type="hidden" name="action" value="manage"/>
<input type="hidden" name="action" value="site_info"/>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
@ -300,36 +271,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div role="tabpanel" class="tab-pane" id="captcha">
<form class="form-horizontal" method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>">
action="<?= $_SERVER['PHP_SELF']; ?>">
<div class="checkbox checkbox-primary">
<input <?php if ($cap_e == "on") echo 'checked="true"'; ?> type="checkbox"
name="cap_e"
id="cap_e">
<label for="cap_e">Enable Captcha</label>
<input <?php if ($current_captcha['enabled']) echo 'checked="true"'; ?> type="checkbox"
name="captcha[enabked]"
id="captcha_enabled">
<label for="captcha_enabled">Enable Captcha</label>
</div>
<br/>
<div class="form-group row">
<label for="mode" class="col-sm-1 col-form-label">Captcha Type</label>
<select class="selectpicker" name="mode">
<label for="captcha_mode" class="col-sm-1 col-form-label">Captcha Type</label>
<select id="captcha_mode" class="selectpicker" name="captcha[mode]">
<?php
if ($mode == "reCAPTCHA") {
echo '<option selected="">reCAPTCHA</option>';
} else {
echo '<option>reCAPTCHA</option>';
}
if ($mode == "Easy") {
if ($current_captcha['mode'] == "Easy") {
echo '<option selected="">Easy</option>';
} else {
echo '<option>Easy</option>';
}
if ($mode == "Normal") {
if ($current_captcha['mode'] == "Normal") {
echo '<option selected="">Normal</option>';
} else {
echo '<option>Normal</option>';
}
if ($mode == "Tough") {
if ($current_captcha['mode'] == "Tough") {
echo '<option selected="">Tough</option>';
} else {
echo '<option>Tough</option>';
@ -343,52 +311,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
Internal Captcha Settings:
</div>
<div class="checkbox checkbox-primary">
<input <?php if ($mul == "on") echo 'checked="true"'; ?> type="checkbox"
name="mul"
id="mul">
<label for="mul">Enable multiple backgrounds</label>
<input <?php if ($current_captcha['multiple']) echo 'checked="checked"'; ?> type="checkbox"
name="captcha[multiple]"
id="captcha_multiple">
<label for="captcha_multiple">Enable multiple backgrounds</label>
</div>
<br/>
<div class="form-group row">
<label for="allowed" class="col-sm-1 col-form-label">Captcha
<label for="captcha_allowed" class="col-sm-1 col-form-label">Captcha
Characters</label>
<div class="col-sm-10">
<input type="text" id="allowed" name="allowed"
placeholder="Allowed Characters" value="<?php echo $allowed; ?>">
<input type="text" id="captcha_allowed" name="captcha[allowed]"
placeholder="Allowed Characters" value="<?php echo $current_captcha['allowed']; ?>">
</div>
</div>
<div class="form-group row">
<label for="color" class="col-sm-1 col-form-label">Captcha Text
<label for="captcha_colour" class="col-sm-1 col-form-label">Captcha Text
Colour</label>
<div class="col-sm-10">
<input type="text" id="color" name="color"
placeholder="Captcha Text Colour" value="<?php echo $color; ?>">
<input type="text" id="captcha_colour" name="captcha[colour]"
placeholder="Captcha Text Colour" value="<?= $current_captcha['colour']; ?>">
</div>
</div>
<hr/>
<div class="panel-title">
reCAPTCHA Settings:
</div>
<div class="form-group row">
<label for="recaptcha_sitekey" class="col-sm-1 col-form-label">Site
Key</label>
<div class="col-sm-10">
<input type="text" id="recaptcha_sitekey" name="recaptcha_sitekey"
placeholder="Site Key" value="<?php echo $recaptcha_sitekey; ?>">
</div>
</div>
<div class="form-group row">
<label for="recaptcha_secretkey" class="col-sm-1 col-form-label">Secret
Key</label>
<div class="col-sm-10">
<input type="text" id="recaptcha_secretkey" name="recaptcha_secretkey"
placeholder="Site Key"
value="<?php echo $recaptcha_secretkey; ?>">
</div>
</div>
<input type="hidden" name="cap" value="cap"/>
@ -429,16 +376,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<script>
function show() {
var smtppassword = document.getElementById('smtp_pass');
smtppassword.setAttribute('type', 'text');
document.getElementById('smtp_pass').setAttribute('type', 'text');
}
function hide() {
var smtppassword = document.getElementById('smtp_pass');
smtppassword.setAttribute('type', 'password');
document.getElementById('smtp_pass').setAttribute('type', 'password');
}
if ($('#smtppasstoggle').is(':checked')) {
if (document.getElementById('smtppasstoggle').hasAttribute('checked')) {
show();
} else {
hide();

3
admin/dashboard.php
View file

@ -13,12 +13,13 @@
* GNU General Public License in GPL.txt for more details.
*/
define('IN_ADMIN', 1);
define('IN_PONEPASTE', 1);
require_once('common.php');
$today_users_count = 0;
$today_pastes_count = 0;
require_once('../includes/common.php');
require_once('../includes/functions.php');
updateAdminHistory($conn);

2
admin/pastes.php
View file

@ -12,7 +12,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details.
*/
define('IN_ADMIN', 1);
define('IN_PONEPASTE', 1);
require_once('common.php');
updateAdminHistory($conn);

7
config/site.php
View file

@ -28,5 +28,12 @@ return array(
'socket' => '',
'auth' => '',
'protocol' => ''
],
'captcha' => [
'enabled' => true,
'multiple' => false,
'mode' => 'Normal',
'allowed' => 'ABCDEFGHIJKLMNOPQRSTUVYXYZabcdefghijklmnopqrstuvwxyz0123456789',
'colour' => '#000000'
]
);

5
includes/common.php
View file

@ -128,6 +128,10 @@ if ($site_permissions) {
$privatesite = $siteprivate;
$noguests = $disableguest;
// CAPTCHA configuration
$captcha_config = $site_info['captcha'];
$captcha_enabled = (bool) $captcha_config['enabled'];
// Prevent a potential LFI (you never know :p)
$lang_file = "${default_lang}.php";
if (in_array($lang_file, scandir(__DIR__ . '/../langs/'))) {
@ -144,7 +148,6 @@ $total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn);
$current_user = User::current($conn);
//$current_user = getCurrentUser($conn);
if ($current_user) {
$noguests = "off";

6
includes/passwords.php
View file

@ -7,7 +7,7 @@ function pp_password_hash(string $password) : string {
function pp_password_verify(string $password, string $hash, bool &$needs_rehash = null) : bool {
/* New, peppered hash. */
if ($hash[0] === 'P') {
if ($hash && $hash[0] === 'P') {
if ($needs_rehash !== null) {
$needs_rehash = false;
}
@ -15,7 +15,7 @@ function pp_password_verify(string $password, string $hash, bool &$needs_rehash
return password_verify($password . PP_PASSWORD_PEPPER, substr($hash, 1));
}
/* Old, unpeppered hash. */
/* Old, non-peppered hash. */
if ($needs_rehash !== null) {
$needs_rehash = true;
}
@ -38,7 +38,7 @@ function pp_random_token() : string {
function pp_random_password() : string {
/* MD-5 is OK to use here because it is not being used to protect secure data,
* but rather to reduce the size of the string a little bit into something that
* but rather to reduce the size of the string a little into something that
* can reasonably be handled by a user.
*/
return hash('MD5', pp_random_bytes(64));

45
index.php
View file

@ -28,33 +28,17 @@ require_once('includes/functions.php');
require_once('includes/Tag.class.php');
function verifyCaptcha() : string | bool {
global $cap_e;
global $mode;
global $recaptcha_secretkey;
global $captcha_config;
global $lang;
global $current_user;
if ($cap_e == "on" && !$current_user) {
if ($mode == "reCAPTCHA") {
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secretkey . "&response=" . $_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if ($response["success"] == false) {
// reCAPTCHA Errors
return match ($response["error-codes"][0]) {
"missing-input-response" => $lang['missing-input-response'],
"missing-input-secret" => $lang['missing-input-secret'],
"invalid-input-secret" => $lang['invalid-input-secret'],
default => $lang['error']
};
}
} else {
if ($captcha_config['enabled'] && !$current_user) {
$scode = strtolower(htmlentities(Trim($_POST['scode'])));
$cap_code = strtolower($_SESSION['captcha']['code']);
if ($cap_code !== $scode) {
return $lang['image_wrong']; // Wrong captcha.
}
}
}
return true;
}
@ -82,7 +66,6 @@ function calculatePasteExpiry(string $expiry) {
function validatePasteFields() : string|null {
global $lang;
global $pastelimit;
if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
return $lang['empty_paste'];
@ -113,29 +96,9 @@ if ($row = $site_sitemap_rows->fetch()) {
$changefreq = $row['changefreq'];
}
// Captcha
$site_captcha_rows = $conn->query("SELECT * FROM captcha LIMIT 1");
if ($row = $site_captcha_rows->fetch()) {
$color = Trim($row['color']);
$mode = Trim($row['mode']);
$mul = Trim($row['mul']);
$allowed = Trim($row['allowed']);
$cap_e = Trim($row['cap_e']);
$recaptcha_sitekey = Trim($row['recaptcha_sitekey']);
$recaptcha_secretkey = Trim($row['recaptcha_secretkey']);
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
if ($cap_e == "on") {
if ($mode == "reCAPTCHA") {
$_SESSION['captcha_mode'] = "recaptcha";
$_SESSION['captcha'] = $recaptcha_sitekey;
} else {
$_SESSION['captcha_mode'] = "internal";
$_SESSION['captcha'] = captcha($color, $mode, $mul, $allowed);
}
} else {
$_SESSION['captcha_mode'] = "none";
if ($captcha_config['enabled']) {
$_SESSION['captcha'] = captcha($captcha_config['colour'], $captcha_config['mode'], $captcha_config['multiple'], $captcha_config['allowed']);
}
}

10
login.php
View file

@ -125,17 +125,15 @@ if (isset($_POST['forgot'])) {
} elseif (!isValidUsername($username)) {
$error = $lang['usrinvalid']; // "Username not valid. Usernames can't contain special characters.";
} else {
$query = $conn->query('SELECT 1 FROM users WHERE username = ?', [$username]);
if ($query->fetch()) {
if ($conn->querySelectOne('SELECT 1 FROM users WHERE username = ?', [$username])) {
$error = $lang['userexists']; // "Username already taken.";
} else {
$recovery_code = pp_random_token();
$recovery_code_hash = pp_password_hash($recovery_code);
$query = $conn->prepare(
"INSERT INTO users (username, password, recovery_code_hash, picture, date, ip, badge) VALUES (?, ?, ?, 'NONE', ?, ?, '0')"
$conn->query(
"INSERT INTO users (username, password, recovery_code_hash, picture, date, ip, badge) VALUES (?, ?, ?, 'NONE', ?, ?, '0')",
[$username, $password, $recovery_code_hash, $date, $ip]
);
$query->execute([$username, $password, $recovery_code_hash, $date, $ip]);
$success = $lang['registered']; // "Your account was successfully registered.";
}

3
theme/bulma/header.php
View file

@ -51,9 +51,6 @@ $start = $time;
if (isset($ges_style)) {
echo $ges_style;
}
if (isset($_SESSION['captcha_mode']) == "recaptcha") {
echo "<script src='https://www.google.com/recaptcha/api.js'></script>";
}
?>
</head>

15
theme/bulma/main.php
View file

@ -389,17 +389,8 @@
?>
</div>
<div class="column is-4">
<!-- ReCaptcha & Captcha -->
<?php if ($cap_e == "on" && $current_user === null) {
if ($_SESSION['captcha_mode'] == "recaptcha") {
?>
<div class="g-recaptcha" style="float: right; right: 0;"
data-sitekey="<?php echo $_SESSION['captcha']; ?>"></div>
<br/>
<?php
} else {
?>
<!-- Captcha -->
<!-- CAPTCHA -->
<?php if ($captcha_config['enabled'] && $current_user === null): ?>
<div class="is-one-quarter">
<div class="notification">
<span class="tags are-large"><?php echo '<img src="' . $_SESSION['captcha']['image_src'] . '" alt="CAPTCHA" class="imagever">'; ?></span>
@ -409,7 +400,7 @@
"Enter"</p>
</div>
</div>
<?php }
<?php endif; ?>
} ?>
</div>
</div>