PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Introduce User and DatabaseHandle class

Browse source
This commit is contained in:
Floorb 2021-07-17 18:17:29 -04:00
parent cbcfe5cb76
commit 8f940d718d
15 changed files with 151 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
fav.php
View file

@ -6,28 +6,18 @@ require_once('includes/functions.php');
// UTF-8 // UTF-8
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
$date = date('jS F Y'); if ($current_user && !empty($_POST['fid'])) {
$ip = $_SERVER['REMOTE_ADDR']; $paste_id = intval($_POST['fid']);
$query = $conn->prepare('SELECT 1 FROM pins WHERE paste_id = ? AND user_id = ?');
if (isset($_POST['fid']) && isset($_SESSION['token'])) { $query->execute([$paste_id, $current_user->user_id]);
$f_user = htmlspecialchars($_SESSION['username']);
$f_pasteid = Trim(htmlspecialchars($_POST['fid']));
$f_pasteid = preg_replace('/[^0-9]/', '', $f_pasteid);
$f_pasteid = (int)filter_var($f_pasteid, FILTER_SANITIZE_NUMBER_INT);
$f_time = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
$query = $conn->prepare('SELECT 1 FROM pins WHERE f_paste = ? AND m_fav = ?');
$query->execute([$f_pasteid, $f_user]);
if ($query->fetch()) { /* Already favorited */ if ($query->fetch()) { /* Already favorited */
$query = $conn->prepare('DELETE FROM pins WHERE f_paste = ? AND m_fav = ?'); $query = $conn->prepare('DELETE FROM pins WHERE paste_id = ? AND user_id = ?');
} else { } else {
$query = $conn->prepare('INSERT INTO pins (m_fav, f_paste, f_time) VALUES (?, ?, NOW())'); $query = $conn->prepare('INSERT INTO pins (paste_id, user_id, f_time) VALUES (?, ?, NOW())');
} }
$query->execute([$f_pasteid, $f_user]); $query->execute([$paste_id, $current_user->user_id]);
$error = 'Paste has been favorited.'; $error = 'Paste has been favorited.';
} }

32
includes/DatabaseHandle.class.php Normal file
View file

@ -0,0 +1,32 @@
<?php
class DatabaseHandle {
private static DatabaseHandle $instance;
private PDO $conn;
public function __construct(string $conString, string $username, string $password) {
$this->conn = new PDO($conString, $username, $password, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false
]);
}
public function query(string $query, array $params = null) : PDOStatement {
if (empty($params)) {
return $this->conn->query($query);
}
$stmt = $this->conn->prepare($query);
$stmt->execute($params);
return $stmt;
}
public static function get() {
if (DatabaseHandle::$instance === null) {
DatabaseHandle::$instance = new DatabaseHandle();
}
return DatabaseHandle::$instance;
}
}

54
includes/User.class.php Normal file
View file

@ -0,0 +1,54 @@
<?php
class User {
public int $user_id;
public string $username;
private function __construct(array $row) {
$this->user_id = intval($row['user_id']);
$this->username = $row['username'];
}
public static function current(DatabaseHandle $conn) : User | null {
$session_user = User::createFromPhpSession($conn);
if ($session_user !== null) {
return $session_user;
}
if (!empty($_COOKIE['_ponepaste_token']) &&
($token_user = User::createFromRememberToken($conn, $_COOKIE['_ponepaste_token']))) {
$_SESSION['user_id'] = $token_user->user_id;
return $token_user;
}
return null;
}
public static function createFromRememberToken(DatabaseHandle $conn, string $remember_token) : User | null {
$result = $conn->query(
'SELECT users.id AS id, users.username AS username
FROM user_sessions
INNER JOIN users ON users.id = user_sessions.user_id
WHERE user_sessions.token = ?', [$remember_token]
);
if ($row = $result->fetch()) {
return new User($row);
}
return null;
}
public static function createFromPhpSession(DatabaseHandle $conn) : User | null {
if (empty($_SESSION['user_id'])) {
return null;
}
$user_id = intval($_SESSION['user_id']);
$row = $conn->query('SELECT id, username FROM users WHERE id = ?', [$user_id])->fetch();
return $row ? new User($row) : null;
}
}

30
includes/common.php
View file

@ -5,6 +5,8 @@ if (!defined('IN_PONEPASTE')) {
require_once(__DIR__ . '/config.php'); require_once(__DIR__ . '/config.php');
require_once(__DIR__ . '/functions.php'); require_once(__DIR__ . '/functions.php');
require_once(__DIR__ . '/DatabaseHandle.class.php');
require_once(__DIR__ . '/User.class.php');
/* View functions */ /* View functions */
function urlForPaste($paste_id) : string { function urlForPaste($paste_id) : string {
@ -47,18 +49,6 @@ function getSiteTotal_unique_views(PDO $conn) : int {
return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]); return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]);
} }
function getCurrentUser(PDO $conn) : array | null {
if (empty($_SESSION['username'])) {
return null;
}
$query = $conn->prepare('SELECT * FROM users WHERE username = ?');
$query->execute([$_SESSION['username']]);
return $query->fetch();
}
/** /**
* Specialization of `htmlentities()` that avoids double escaping and uses UTF-8. * Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
* *
@ -115,6 +105,8 @@ $conn = new PDO(
$db_opts $db_opts
); );
$new_conn = new DatabaseHandle("mysql:host=$db_host;dbname=$db_schema;charset=utf8", $db_user, $db_pass);
// Setup site info // Setup site info
$site_info = getSiteInfo(); $site_info = getSiteInfo();
$row = $site_info['site_info']; $row = $site_info['site_info'];
@ -147,9 +139,7 @@ if ($site_permissions) {
$privatesite = $siteprivate; $privatesite = $siteprivate;
$noguests = $disableguest; $noguests = $disableguest;
if (isset($_SESSION['username'])) {
$noguests = "off";
}
// Prevent a potential LFI (you never know :p) // Prevent a potential LFI (you never know :p)
$lang_file = "${default_lang}.php"; $lang_file = "${default_lang}.php";
@ -164,8 +154,7 @@ if (is_banned($conn, $ip)) die($lang['banned']); // "You have been banned from "
// Logout // Logout
if (isset($_GET['logout'])) { if (isset($_GET['logout'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']); header('Location: ' . $_SERVER['HTTP_REFERER']);
unset($_SESSION['token']); unset($_SESSION['user_id']);
unset($_SESSION['username']);
unset($_SESSION['pic']); unset($_SESSION['pic']);
session_destroy(); session_destroy();
} }
@ -175,4 +164,9 @@ $total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn); $total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn); $total_unique_views = getSiteTotal_unique_views($conn);
$current_user = getCurrentUser($conn); $current_user = User::current($new_conn);
//$current_user = getCurrentUser($conn);
if ($current_user) {
$noguests = "off";
}

5
index.php
View file

@ -31,8 +31,9 @@ function verifyCaptcha() : string|bool {
global $mode; global $mode;
global $recaptcha_secretkey; global $recaptcha_secretkey;
global $lang; global $lang;
global $current_user;
if ($cap_e == "on" && !isset($_SESSION['username'])) { if ($cap_e == "on" && !$current_user) {
if ($mode == "reCAPTCHA") { if ($mode == "reCAPTCHA") {
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secretkey . "&response=" . $_POST['g-recaptcha-response']); $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secretkey . "&response=" . $_POST['g-recaptcha-response']);
$response = json_decode($response, true); $response = json_decode($response, true);
@ -104,8 +105,6 @@ header('Content-Type: text/html; charset=utf-8');
$date = date('jS F Y'); $date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$current_user = getCurrentUser($conn);
// Sitemap // Sitemap
$site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1'); $site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1');
if ($row = $site_sitemap_rows->fetch()) { if ($row = $site_sitemap_rows->fetch()) {

6
login.php
View file

@ -26,8 +26,9 @@ $ip = $_SERVER['REMOTE_ADDR'];
// Check if already logged in // Check if already logged in
if (isset($_SESSION['token'])) { if ($current_user !== null) {
header("Location: ./"); header("Location: ./");
die();
} }
// Page title // Page title
@ -84,8 +85,7 @@ if (isset($_POST['forgot'])) {
$error = $lang['banned']; $error = $lang['banned'];
} else { } else {
// Login successful // Login successful
$_SESSION['token'] = md5($db_id . $username); $_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $username;
header('Location: ' . $_SERVER['HTTP_REFERER']); header('Location: ' . $_SERVER['HTTP_REFERER']);
exit(); exit();

6
profile.php
View file

@ -28,10 +28,12 @@ $p_title = $lang['myprofile']; //"My Profile";
// Check if already logged in // Check if already logged in
if (!isset($_SESSION['token'])) { if ($current_user === null) {
header("Location: ./login.php"); header("Location: ./login.php");
die();
} }
$user_username = htmlentities(trim($_SESSION['username']));
$user_username = $current_user->username;
$query = $conn->prepare('SELECT * FROM users WHERE username = ?'); $query = $conn->prepare('SELECT * FROM users WHERE username = ?');
$query->execute([$user_username]); $query->execute([$user_username]);

14
report.php
View file

@ -6,21 +6,15 @@ require_once('includes/functions.php');
// UTF-8 // UTF-8
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
$date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
//Report paste //Report paste
$p_reasonrep = Trim(htmlspecialchars($_POST['reasonrep'])); $p_reasonrep = Trim(htmlspecialchars($_POST['reasonrep']));
if (isset($_SESSION['token'])) { $p_memreport = $current_user ? $current_user ->username : 'Guest';
$p_memreport = htmlspecialchars($_SESSION['username']); $p_pastereport = $_POST['reppasteid'];
} else {
$p_memreport = "Guest";
}
$p_pastereport = Trim(htmlspecialchars($_POST['reppasteid']));
$p_reporttime = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
$p_reasonrep = preg_replace("/[^0-9]/", "", $p_reasonrep); $p_reasonrep = preg_replace("/[^0-9]/", "", $p_reasonrep);
$conn->prepare('INSERT INTO user_reports (m_report, p_report, t_report, rep_reason) VALUES (?, ?, ?, ?)') $conn->prepare('INSERT INTO user_reports (m_report, p_report, t_report, rep_reason) VALUES (?, ?, NOW(), ?)')
->execute([$p_memreport, $p_pastereport, $p_reporttime, $p_reasonrep]); ->execute([$p_memreport, $p_pastereport, $p_reasonrep]);
$repmes = "Paste has been reported."; $repmes = "Paste has been reported.";

14
theme/bulma/header.php
View file

@ -76,9 +76,8 @@ $start = $time;
<div id="navMenuDocumentation" class="navbar-menu"> <div id="navMenuDocumentation" class="navbar-menu">
<div class="navbar-end"> <div class="navbar-end">
<div class="navbar-item"> <div class="navbar-item">
<?php if (isset($_SESSION['token'])) { <?php if ($current_user !== null) {
if (isset($privatesite) && $privatesite == "on") { // Hide if site is private if (!isset($privatesite) || $privatesite !== "on") {
} else {
if ($mod_rewrite == '1') { if ($mod_rewrite == '1') {
echo ' <a class="button navbar-item mx-2" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/"> echo ' <a class="button navbar-item mx-2" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/">
<span class="icon has-text-info"> <span class="icon has-text-info">
@ -124,13 +123,13 @@ $start = $time;
} }
} }
echo '<div class="navbar-item has-dropdown is-hoverable"> echo '<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" role="presentation">' . $_SESSION['username'] . '</a> <a class="navbar-link" role="presentation">' . pp_html_escape($current_user->username) . '</a>
<div class="navbar-dropdown">'; <div class="navbar-dropdown">';
if ($mod_rewrite == '1') { if ($mod_rewrite == '1') {
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user/' . $_SESSION['username'] . '">Pastes</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user/' . urlencode($current_user->username) . '">Pastes</a>';
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile">Settings</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile">Settings</a>';
} else { } else {
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user.php?user=' . $_SESSION['username'] . '">Pastes</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user.php?user=' . urlencode($current_user->username) . '">Pastes</a>';
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile.php">Settings</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile.php">Settings</a>';
} }
echo '<hr class="navbar-divider"> echo '<hr class="navbar-divider">
@ -141,8 +140,7 @@ $start = $time;
<?php } else { ?> <?php } else { ?>
<div class="buttons"> <div class="buttons">
<?php <?php
if (isset($privatesite) && $privatesite == "on") { // Hide if site is private if (!isset($privatesite) || $privatesite != "on") {
} else {
if ($mod_rewrite == '1') { if ($mod_rewrite == '1') {
echo '<a class="button navbar-item mx-2" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/archive"> echo '<a class="button navbar-item mx-2" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/archive">
<span class="icon has-text-info"> <span class="icon has-text-info">

8
theme/bulma/login.php
View file

@ -83,7 +83,7 @@
</div> </div>
<div class="column"> <div class="column">
<?php <?php
if (isset($site_ads) && !isset($_SESSION['username'])) { if (isset($site_ads) && $current_user === null) {
echo $site_ads['ads_2']; echo $site_ads['ads_2'];
} }
?> ?>
@ -139,7 +139,7 @@
</div> </div>
<div class="column"> <div class="column">
<?php <?php
if (isset($site_ads) && !isset($_SESSION['username'])) { if (isset($site_ads) && $current_user === null) {
echo $site_ads['ads_2']; echo $site_ads['ads_2'];
} }
?> ?>
@ -187,7 +187,7 @@
</div> </div>
<div class="column"> <div class="column">
<?php <?php
if (isset($site_ads) && !isset($_SESSION['username'])) { if (isset($site_ads) && $current_user === null) {
echo $site_ads['ads_2']; echo $site_ads['ads_2'];
} }
?> ?>
@ -206,7 +206,7 @@
</div> </div>
<div class="column"> <div class="column">
<?php <?php
if (isset($site_ads) && !isset($_SESSION['username'])) { if (isset($site_ads) && $current_user === null) {
echo $site_ads['ads_2']; echo $site_ads['ads_2'];
} }
?> ?>

6
theme/bulma/main.php
View file

@ -329,7 +329,7 @@
<option value="1" <?php echo ($post_visibility == "1") ? 'selected="selected"' : ''; ?>> <option value="1" <?php echo ($post_visibility == "1") ? 'selected="selected"' : ''; ?>>
Unlisted Unlisted
</option> </option>
<?php if (isset($_SESSION['token'])) { ?> <?php if ($current_user) { ?>
<option value="2" <?php echo ($post_visibility == "2") ? 'selected="selected"' : ''; ?>> <option value="2" <?php echo ($post_visibility == "2") ? 'selected="selected"' : ''; ?>>
Private Private
</option> </option>
@ -385,14 +385,14 @@
<!-- $text_ads --> <!-- $text_ads -->
<?php <?php
// don't display ads for logged in users. // don't display ads for logged in users.
if (!empty($site_ads) && !isset($_SESSION['username'])) { if (!empty($site_ads) && $current_user === null) {
echo $site_ads['text_ads']; echo $site_ads['text_ads'];
} }
?> ?>
</div> </div>
<div class="column is-4"> <div class="column is-4">
<!-- ReCaptcha & Captcha --> <!-- ReCaptcha & Captcha -->
<?php if ($cap_e == "on" && !isset($_SESSION['username'])) { <?php if ($cap_e == "on" && $current_user === null) {
if ($_SESSION['captcha_mode'] == "recaptcha") { if ($_SESSION['captcha_mode'] == "recaptcha") {
?> ?>
<div class="g-recaptcha" style="float: right; right: 0;" <div class="g-recaptcha" style="float: right; right: 0;"

4
theme/bulma/profile.php
View file

@ -21,7 +21,7 @@
<div class="bd-duo"> <div class="bd-duo">
<div class="bd-lead"> <div class="bd-lead">
<h1 class="title is-5"><?php echo $lang['totalpastes'] . ' ' . $total_user_pastes ?></h1> <h1 class="title is-5"><?php echo $lang['totalpastes'] . ' ' . $total_user_pastes ?></h1>
<h1 class="subtitle is-6"><?php echo '<a href="user.php?user=' . $_SESSION['username'] . '" target="_self">' . $lang['mypastes'] . '</a>'; ?></h1> <h1 class="subtitle is-6"><?php echo '<a href="user.php?user=' . urlencode($current_user->username) . '" target="_self">' . $lang['mypastes'] . '</a>'; ?></h1>
<?php <?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($success)) { if (isset($success)) {
@ -58,7 +58,7 @@
<label class="label">Username</label> <label class="label">Username</label>
<div class="control has-icons-left has-icons-right"> <div class="control has-icons-left has-icons-right">
<input disabled="" type="text" class="input" name="username" <input disabled="" type="text" class="input" name="username"
style="cursor:not-allowed;" placeholder="<?php echo $user_username; ?>"> style="cursor:not-allowed;" placeholder="<?php echo pp_html_escape($current_user->username); ?>">
<span class="icon is-small is-left"> <span class="icon is-small is-left">
<i class="fas fa-user"></i> <i class="fas fa-user"></i>
</span> </span>

16
theme/bulma/user_profile.php
View file

@ -32,7 +32,7 @@ $protocol = paste_protocol();
}) })
}); });
</script> </script>
<?php if (isset($_SESSION['token'])) { ?> <?php if ($current_user) { ?>
<script> <script>
$(document).ready(function () { $(document).ready(function () {
$('#favs').DataTable({ $('#favs').DataTable({
@ -119,7 +119,7 @@ $protocol = paste_protocol();
?> ?>
<?php <?php
if ($_SESSION['username'] == $profile_username) { if ($current_user && $current_user->username === $profile_username) {
?> ?>
<?php echo $lang['profile-stats']; ?><br/> <?php echo $lang['profile-stats']; ?><br/>
<?php echo $lang['totalpastes'] . ' ' . $profile_total_pastes; ?> &mdash; <?php echo $lang['totalpastes'] . ' ' . $profile_total_pastes; ?> &mdash;
@ -146,12 +146,12 @@ $protocol = paste_protocol();
<tr> <tr>
<td><?php echo $lang['pastetitle']; ?></td> <td><?php echo $lang['pastetitle']; ?></td>
<td><?php echo $lang['pastetime']; ?></td> <td><?php echo $lang['pastetime']; ?></td>
<?php if (isset($_SESSION) && $_SESSION['username'] == $profile_username) { <?php if ($is_current_user) {
echo "<td>" . $lang['visibility'] . "</td>"; echo "<td>" . $lang['visibility'] . "</td>";
} ?> } ?>
<td><?php echo $lang['pasteviews']; ?></td> <td><?php echo $lang['pasteviews']; ?></td>
<td><?php echo $lang['tags']; ?></td> <td><?php echo $lang['tags']; ?></td>
<?php if (isset($_SESSION) && $_SESSION['username'] == $profile_username) { <?php if ($is_current_user) {
echo "<td>" . $lang['delete'] . "</td>"; echo "<td>" . $lang['delete'] . "</td>";
} ?> } ?>
</tr> </tr>
@ -160,12 +160,12 @@ $protocol = paste_protocol();
<tr> <tr>
<td><?php echo $lang['pastetitle']; ?></td> <td><?php echo $lang['pastetitle']; ?></td>
<td><?php echo $lang['pastedate']; ?></td> <td><?php echo $lang['pastedate']; ?></td>
<?php if (isset($_SESSION) && $_SESSION['username'] == $profile_username) { <?php if ($is_current_user) {
echo "<td>" . $lang['visibility'] . "</td>"; echo "<td>" . $lang['visibility'] . "</td>";
} ?> } ?>
<td><?php echo $lang['pasteviews']; ?></td> <td><?php echo $lang['pasteviews']; ?></td>
<td><?php echo $lang['tags']; ?></td> <td><?php echo $lang['tags']; ?></td>
<?php if (isset($_SESSION) && $_SESSION['username'] == $profile_username) { <?php if ($is_current_user) {
echo "<td>" . $lang['delete'] . "</td>"; echo "<td>" . $lang['delete'] . "</td>";
} ?> } ?>
</tr> </tr>
@ -202,7 +202,7 @@ $protocol = paste_protocol();
$title = truncate($title, 20, 50); $title = truncate($title, 20, 50);
// Guests only see public pastes // Guests only see public pastes
if (!isset($_SESSION['token']) || $_SESSION['username'] != $profile_username) { if (!$is_current_user) {
if ($row['visible'] == 0) { if ($row['visible'] == 0) {
echo '<tr> echo '<tr>
<td> <td>
@ -254,7 +254,7 @@ $protocol = paste_protocol();
</tbody> </tbody>
</table> </table>
</div> </div>
<?php if ($_SESSION['username'] == $profile_username) { ?> <?php if ($is_current_user) { ?>
<div class="tab-content" id="second-tab"> <div class="tab-content" id="second-tab">
<table id="favs" class="table is-fullwidth is-hoverable"> <table id="favs" class="table is-fullwidth is-hoverable">
<thead> <thead>

16
theme/bulma/view.php
View file

@ -372,7 +372,6 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<!-- Expiry --> <!-- Expiry -->
<div class="select"> <div class="select">
<select name="paste_expire_date"> <select name="paste_expire_date">
<?php// if (isset($_SESSION['token'])) {?>
<option value="N" selected="selected">Never</option> <option value="N" selected="selected">Never</option>
<option value="self">View Once</option> <option value="self">View Once</option>
<option value="10M">10 Minutes</option> <option value="10M">10 Minutes</option>
@ -381,17 +380,6 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<option value="1W">1 Week</option> <option value="1W">1 Week</option>
<option value="2W">2 Weeks</option> <option value="2W">2 Weeks</option>
<option value="1M">1 Month</option> <option value="1M">1 Month</option>
<?php// } else { ?>
<!--
<option value="1D" selected="selected">1 Day</option>
<option value="self">View Once</option>
<option value="10M">10 Minutes</option>
<option disabled >1 Week (Register)</option>
<option disabled >2 Weeks (Register)</option>
<option disabled >1 Month (Register)</option>
<option disabled >Never (Register)</option>
-->
<?php// } ?>
</select> </select>
</div> </div>
</div> </div>
@ -413,7 +401,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<option value="1" <?php echo ($p_visible == "1") ? 'selected="selected"' : ''; ?>> <option value="1" <?php echo ($p_visible == "1") ? 'selected="selected"' : ''; ?>>
Unlisted Unlisted
</option> </option>
<?php if (isset($_SESSION['token'])) { ?> <?php if ($current_user) { ?>
<option value="2" <?php echo ($p_visible == "2") ? 'selected="selected"' : ''; ?>> <option value="2" <?php echo ($p_visible == "2") ? 'selected="selected"' : ''; ?>>
Private Private
</option> </option>
@ -535,7 +523,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
}); });
</script> </script>
<?php if (isset($_SESSION['token'])) { ?> <?php if ($current_user) { ?>
<script> <script>
$(document).ready(function () { $(document).ready(function () {
$('#favorite').on('click', null, function () { $('#favorite').on('click', null, function () {

20
user.php
View file

@ -23,9 +23,6 @@ header('Content-Type: text/html; charset=utf-8');
$date = date('jS F Y'); $date = date('jS F Y');
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
// If username defined in URL, then check if it's exists in database. If invalid, redirect to main site.
$user_username = trim($_SESSION['username']);
if (empty($_GET['user'])) { if (empty($_GET['user'])) {
// No username provided // No username provided
header("Location: ../error.php"); header("Location: ../error.php");
@ -48,18 +45,17 @@ $p_title = $profile_username . $lang['user_public_pastes']; // "Username's Publi
// Favorite Counts // Favorite Counts
$query = $conn->prepare( $query = $conn->prepare(
'SELECT COUNT(*) AS total_favs FROM pins INNER JOIN pastes ON pastes.id = pins.paste_id WHERE pins.paste_id = ?' 'SELECT COUNT(*) FROM pins INNER JOIN pastes ON pastes.id = pins.paste_id WHERE pins.paste_id = ?'
); );
$query->execute([$profile_info['id']]); $query->execute([$profile_info['id']]);
$total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]); $total_pfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
$query = $conn->prepare( $query = $conn->prepare(
'SELECT COUNT(*) AS total_favs 'SELECT COUNT(*)
FROM pins INNER JOIN users ON users.id = pins.user_id FROM pins INNER JOIN users ON users.id = pins.user_id
WHERE users.username = ?' WHERE users.id = ?'
); );
$query->execute([$profile_username]); $query->execute([$profile_info['id']]);
$total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]); $total_yfav = intval($query->fetch(PDO::FETCH_NUM)[0]);
// Badges // Badges
@ -94,19 +90,19 @@ $profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);
$profile_join_date = $profile_info['date']; $profile_join_date = $profile_info['date'];
$profile_pastes = getUserPastes($conn, $profile_info['id']); $profile_pastes = getUserPastes($conn, $profile_info['id']);
$is_current_user = ($current_user !== null) && ($profile_info['id'] == $current_user->user_id);
updatePageViews($conn); updatePageViews($conn);
if (isset($_GET['del'])) { if (isset($_GET['del'])) {
if ($_SESSION['token']) { // Prevent unauthorized deletes if ($current_user !== null) { // Prevent unauthorized deletes
$paste_id = intval(trim($_GET['id'])); $paste_id = intval(trim($_GET['id']));
$query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?'); $query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?');
$query->execute([$paste_id]); $query->execute([$paste_id]);
$result = $query->fetch(); $result = $query->fetch();
if (empty($result) || $result['user_id'] !== $profile_info['id']) { if (empty($result) || $result['user_id'] !== $current_user->user_id) {
$error = $lang['delete_error_invalid']; // Does not exist or not paste owner $error = $lang['delete_error_invalid']; // Does not exist or not paste owner
} else { } else {
$query = $conn->prepare('DELETE FROM pastes WHERE id = ?'); $query = $conn->prepare('DELETE FROM pastes WHERE id = ?');