From 855c7f7db39f4e264fcfb2e6f13215bc53eef01c Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Fri, 13 Aug 2021 16:54:06 -0400
Subject: [PATCH] Make admin dashboard work again.

---
 admin/dashboard.php | 10 ++++------
 admin/index.php     | 35 +++++++++--------------------------
 paste.php           |  2 +-
 3 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/admin/dashboard.php b/admin/dashboard.php
index 8c6d523..b596cf9 100644
--- a/admin/dashboard.php
+++ b/admin/dashboard.php
@@ -169,20 +169,18 @@ for ($loop = 0; $loop <= 6; $loop++) {
                             foreach ($res as $row) {
                                 $title = Trim($row['title']);
                                 $p_id = Trim($row['id']);
-                                $p_date = $row['date']->format('jS F Y h:i:s A');
+                                $p_date = new DateTime($row['created_at']);
+                                $p_date_formatted = $p_date->format('jS F Y h:i:s A');
                                 $p_ip = Trim($row['ip']);
                                 $p_member = Trim($row['member']);
                                 $p_view = Trim($row['views']);
-                                $p_time = Trim($row['now_time']);
-                                $nowtime1 = time();
-                                $oldtime1 = $p_time;
-                                $p_time = conTime($nowtime1 - $oldtime1);
+                                $p_time = friendlyDateDifference($p_date, new DateTime());
                                 $title = truncate($title, 5, 30);
                                 echo "
 										  <tr>
 											<td>$p_id</td>
 											<td>$p_member</td>
-											<td>$p_date</td>
+											<td>$p_date_formatted</td>
 											<td><span class='label label-default'>$p_ip</span></td>
 											<td>$p_view</td>
 										  </tr> ";
diff --git a/admin/index.php b/admin/index.php
index 44d1bfa..964dd89 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -12,39 +12,22 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
+define('IN_PONEPASTE', 1);
+require_once(__DIR__  . '/../includes/common.php');
 
-require_once('../includes/config.php');
-
-$conn = new PDO(
-    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    $db_user,
-    $db_pass,
-    $db_opts
-);
-
-$query = $conn->query('SELECT user, pass FROM admin');
-
-while ($row = $query->fetch()) {
-    $adminid = Trim($row['user']);
-    $password = Trim($row['pass']);
-}
+$row = $conn->querySelectOne('SELECT user, pass FROM admin LIMIT 1');
+$adminid = $row['user'];
+$password = $row['pass'];
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-    if ($adminid == htmlentities(trim($_POST['username']))) {
-        if (password_verify($_POST['password'], $password)) {
-            header("Location: dashboard.php");
-            $_SESSION['login'] = true;
-        } else {
-            $msg = '<div class="paste-alert alert6" style="text-align:center;">
-						Wrong User/Password
-					</div>';
-        }
+    if ($adminid === trim($_POST['username']) && password_verify($_POST['password'], $password)) {
+        $_SESSION['login'] = true;
+        header("Location: dashboard.php");
+        exit();
     } else {
         $msg = '<div class="paste-alert alert6" style="text-align:center;">
 						Wrong User/Password
 					</div>';
-
     }
 }
 ?>
diff --git a/paste.php b/paste.php
index 44b6d0a..816f5bc 100644
--- a/paste.php
+++ b/paste.php
@@ -212,7 +212,7 @@ if ($p_password == "NONE" || $p_password === null) {
 
 
     // View counter
-    if ($_SESSION['not_unique'] !== $paste_id) {
+    if (@$_SESSION['not_unique'] !== $paste_id) {
         $_SESSION['not_unique'] = $paste_id;
         $conn->query("UPDATE pastes SET views = (views + 1) where id = ?", [$paste_id]);
     }