From a5b8fea99d221a0d4b925eccb77f12b7a99cbb30 Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Sun, 11 Jul 2021 12:48:48 -0400
Subject: [PATCH] Update pages.php to use PDO

---
 pages.php | 131 ++++--------------------------------------------------
 1 file changed, 9 insertions(+), 122 deletions(-)

diff --git a/pages.php b/pages.php
index 5ee5d94..d2e7649 100644
--- a/pages.php
+++ b/pages.php
@@ -12,9 +12,8 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
-
-require_once('config.php');
+define('IN_PONEPASTE', 1);
+require_once('includes/common.php');
 require_once('includes/functions.php');
 
 // UTF-8
@@ -22,127 +21,15 @@ header('Content-Type: text/html; charset=utf-8');
 
 $date    = date('jS F Y');
 $ip      = $_SERVER['REMOTE_ADDR'];
-$data_ip = file_get_contents('tmp/temp.tdata');
-$con = new PDO(
-    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    $db_user,
-    $db_pass,
-    $db_opts
-);
 
-
-if (mysqli_connect_errno()) {
-    die("Unable to connect to database");
-}
-$query  = "SELECT * FROM site_info";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $title				= Trim($row['title']);
-    $des				= Trim($row['des']);
-    $baseurl			= Trim($row['baseurl']);
-    $keyword			= Trim($row['keyword']);
-    $site_name			= Trim($row['site_name']);
-    $email				= Trim($row['email']);
-    $twit				= Trim($row['twit']);
-    $face				= Trim($row['face']);
-    $gplus				= Trim($row['gplus']);
-    $ga					= Trim($row['ga']);
-    $additional_scripts	= Trim($row['additional_scripts']);
-}
-
-// Set theme and language
-$query  = "SELECT * FROM interface";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $default_lang  = Trim($row['lang']);
-    $default_theme = Trim($row['theme']);
-}
-
-require_once("langs/$default_lang");
-
-// Check if IP is banned
-if ( is_banned($con, $ip) ) die($lang['banned']); // "You have been banned from ".$site_name;
-
-// Logout
-if (isset($_GET['logout'])) {
-	header('Location: ' . $_SERVER['HTTP_REFERER']);
-    unset($_SESSION['token']);
-    unset($_SESSION['oauth_uid']);
-    unset($_SESSION['username']);
-    session_destroy();
-}
-
-// Page views 
-$query = "SELECT @last_id := MAX(id) FROM page_view";
-
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query  = "SELECT * FROM page_view WHERE id=" . Trim($last_id);
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_date = $row['date'];
-}
-
-if ($last_date == $date) {
-    if (str_contains($data_ip, $ip)) {
-        $query  = "SELECT * FROM page_view WHERE id=" . Trim($last_id);
-        $result = mysqli_query($con, $query);
-        
-        while ($row = mysqli_fetch_array($result)) {
-            $last_tpage = Trim($row['tpage']);
-        }
-        $last_tpage = $last_tpage + 1;
-        
-        // IP already exists, update page views
-        $query = "UPDATE page_view SET tpage=$last_tpage WHERE id=" . Trim($last_id);
-        mysqli_query($con, $query);
-    } else {
-        $query  = "SELECT * FROM page_view WHERE id=" . Trim($last_id);
-        $result = mysqli_query($con, $query);
-        
-        while ($row = mysqli_fetch_array($result)) {
-            $last_tpage  = Trim($row['tpage']);
-            $last_tvisit = Trim($row['tvisit']);
-        }
-        $last_tpage  = $last_tpage + 1;
-        $last_tvisit = $last_tvisit + 1;
-        
-        // Update both tpage and tvisit.
-        $query = "UPDATE page_view SET tpage=$last_tpage,tvisit=$last_tvisit WHERE id=" . Trim($last_id);
-        mysqli_query($con, $query);
-        file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);
-    }
-} else {
-    // Delete the file and clear data_ip
-    unlink("tmp/temp.tdata");
-    $data_ip = "";
-    
-    // New date is created!
-    $query = "INSERT INTO page_view (date,tpage,tvisit) VALUES ('$date','1','1')";
-    mysqli_query($con, $query);
-    
-    // Update IP
-    file_put_contents('tmp/temp.tdata', $data_ip . "\r\n" . $ip);
-    
-}
+updatePageViews($conn);
 
 if (isset($_GET['page'])) {
-    $page_name = trim($_GET['page']);
-    $page_name = Trim(htmlspecialchars($page_name));
-    $page_name   = mysqli_real_escape_string($con, $page_name);
-    $sql       = "SELECT * FROM pages where page_name='$page_name'";
-    $result    = mysqli_query($con, $sql);
-    
-    // Loop through each record
-    while ($row = mysqli_fetch_array($result)) {
-        // Populate and display results data in each row
+    $page_name = htmlspecialchars(trim($_GET['page']));
+
+    $query = $conn->prepare('SELECT page_title, page_content, last_date FROM pages WHERE page_name = ?');
+    $query->execute([$page_name]);
+    if ($row = $query->fetch()) {
         $page_title   = $row['page_title'];
         $page_content = $row['page_content'];
         $last_date    = $row['last_date'];
@@ -154,4 +41,4 @@ if (isset($_GET['page'])) {
 require_once('theme/' . $default_theme . '/header.php');
 require_once('theme/' . $default_theme . '/pages.php');
 require_once('theme/' . $default_theme . '/footer.php');
-?>
\ No newline at end of file
+