From a5e5d2488443c12c5357f5dbc3e6888339d28b61 Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Wed, 14 Jul 2021 04:34:15 -0400
Subject: [PATCH] Slight database code renovations

---
 fav.php    | 91 ++++++++++++------------------------------------------
 oauth.php  | 38 ++---------------------
 report.php | 50 ++----------------------------
 3 files changed, 24 insertions(+), 155 deletions(-)

diff --git a/fav.php b/fav.php
index 327cb3e..1a091ff 100644
--- a/fav.php
+++ b/fav.php
@@ -1,7 +1,6 @@
 <?php
-session_start();
-
-require_once('config.php');
+define('IN_PONEPASTE', 1);
+require_once('includes/common.php');
 require_once('includes/functions.php');
 
 // UTF-8
@@ -9,81 +8,29 @@ header('Content-Type: text/html; charset=utf-8');
 
 $date = date('jS F Y');
 $ip = $_SERVER['REMOTE_ADDR'];
-$data_ip = file_get_contents('tmp/temp.tdata');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
 
-if (mysqli_connect_errno()) {
-    die("Unable to connect to database");
-}
-$query = "SELECT * FROM site_info";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $title = Trim($row['title']);
-    $des = Trim($row['des']);
-    $baseurl = Trim($row['baseurl']);
-    $keyword = Trim($row['keyword']);
-    $site_name = Trim($row['site_name']);
-    $email = Trim($row['email']);
-    $ga = Trim($row['ga']);
-    $additional_scripts = Trim($row['additional_scripts']);
-}
-
-// Set theme and language
-$query = "SELECT * FROM interface";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $default_lang = Trim($row['lang']);
-    $default_theme = Trim($row['theme']);
-}
-
-require_once("langs/$default_lang");
-
-// Check if IP is banned
-if (is_banned($con, $ip)) die($lang['banned']); // "You have been banned from ".$site_name;
-
-// Logout
-if (isset($_GET['logout'])) {
-    header('Location: ' . $_SERVER['HTTP_REFERER']);
-    unset($_SESSION['token']);
-    unset($_SESSION['oauth_uid']);
-    unset($_SESSION['username']);
-    session_destroy();
-}
+if (isset($_POST['fid']) && isset($_SESSION['token'])) {
+    $f_user = htmlspecialchars($_SESSION['username']);
+    $f_pasteid = Trim(htmlspecialchars($_POST['fid']));
+    $f_pasteid = preg_replace('/[^0-9]/', '', $f_pasteid);
+    $f_pasteid = (int)filter_var($f_pasteid, FILTER_SANITIZE_NUMBER_INT);
+    $f_time = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
 
 
-//Fav paste
-if (isset($_POST['fid'])) {
-    if (isset($_SESSION['token'])) {
-        $f_user = htmlspecialchars($_SESSION['username']);
-        $f_pasteid = Trim(htmlspecialchars($_POST['fid']));
-        $f_pasteid = preg_replace('/[^0-9]/', '', $f_pasteid);
-        $f_pasteid = (int)filter_var($f_pasteid, FILTER_SANITIZE_NUMBER_INT);
-        $f_time = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
-//Sec
-        $f_user = mysqli_real_escape_string($con, $f_user);
-        $f_pasteid = mysqli_real_escape_string($con, $f_pasteid);
-        $f_time = mysqli_real_escape_string($con, $f_time);
-        $fav_check = "SELECT COUNT(fid) FROM pins WHERE f_paste='$f_pasteid' AND m_fav='$f_user'";
-        $result = mysqli_query($con, $fav_check);
-        $count = mysqli_fetch_row($result)[0];
-        if ($count == 0) {
-            $faved = "INSERT INTO pins (m_fav,f_paste,f_time) VALUES 
-('$f_user','$f_pasteid ','$f_time')";
-        } else {
-            $faved = "DELETE FROM pins WHERE f_paste='$f_pasteid' and m_fav='$f_user'";
-        }
-        if ($con->query($faved) === true) {
-            $error = "Paste has been Favorited.";
-        } else {
-            $error = "Fav failed";
-        }
+    $query = $conn->prepare('SELECT 1 FROM pins WHERE f_paste = ? AND m_fav = ?');
+    $query->execute([$f_pasteid, $f_user]);
+
+    if ($query->fetch()) { /* Already favorited */
+        $query = $conn->prepare('DELETE FROM pins WHERE f_paste = ? AND m_fav = ?');
+    } else {
+        $query = $conn->prepare('INSERT INTO pins (m_fav, f_paste, f_time) VALUES (?, ?, NOW())');
     }
-}
 
+    $query->execute([$f_pasteid, $f_user]);
+
+    $error = 'Paste has been favorited.';
+}
 
 // Theme
 require_once('theme/' . $default_theme . '/header.php');
 require_once('theme/' . $default_theme . '/report.php');
-?>
\ No newline at end of file
diff --git a/oauth.php b/oauth.php
index 4528cbb..0c1eee3 100644
--- a/oauth.php
+++ b/oauth.php
@@ -12,47 +12,14 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
-
-// Required functions
-require_once('config.php');
+define('IN_PONEPASTE', 1);
+require_once('includes/common.php');
 require_once('includes/functions.php');
 
 // Current date & user IP
 $date = date('jS F Y');
 $ip = $_SERVER['REMOTE_ADDR'];
 
-// Database Connection
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-if (mysqli_connect_errno()) {
-    die("Unable to connect to database");
-}
-// Get site info
-$query = "SELECT * FROM site_info";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $title = Trim($row['title']);
-    $des = Trim($row['des']);
-    $baseurl = Trim($row['baseurl']);
-    $keyword = Trim($row['keyword']);
-    $site_name = Trim($row['site_name']);
-    $email = Trim($row['email']);
-    $ga = Trim($row['ga']);
-    $additional_scripts = Trim($row['additional_scripts']);
-}
-
-// Set theme and language
-$query = "SELECT * FROM interface";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $default_lang = Trim($row['lang']);
-    $default_theme = Trim($row['theme']);
-}
-
-require_once("langs/$default_lang");
-
 // Page title
 $p_title = $lang['login/register']; // "Login/Register";
 
@@ -101,4 +68,3 @@ OutPut:
 require_once('theme/' . $default_theme . '/header.php');
 require_once('theme/' . $default_theme . '/oauth.php');
 require_once('theme/' . $default_theme . '/footer.php');
-?>
\ No newline at end of file
diff --git a/report.php b/report.php
index f601853..8831778 100644
--- a/report.php
+++ b/report.php
@@ -1,7 +1,6 @@
 <?php
-session_start();
-
-require_once('config.php');
+define('IN_PONEPASTE', 1);
+require_once('includes/common.php');
 require_once('includes/functions.php');
 
 // UTF-8
@@ -9,49 +8,6 @@ header('Content-Type: text/html; charset=utf-8');
 
 $date = date('jS F Y');
 $ip = $_SERVER['REMOTE_ADDR'];
-$data_ip = file_get_contents('tmp/temp.tdata');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-
-if (mysqli_connect_errno()) {
-    die("Unable to connect to database");
-}
-$query = "SELECT * FROM site_info";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $title = Trim($row['title']);
-    $des = Trim($row['des']);
-    $baseurl = Trim($row['baseurl']);
-    $keyword = Trim($row['keyword']);
-    $site_name = Trim($row['site_name']);
-    $email = Trim($row['email']);
-    $ga = Trim($row['ga']);
-    $additional_scripts = Trim($row['additional_scripts']);
-}
-
-// Set theme and language
-$query = "SELECT * FROM interface";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $default_lang = Trim($row['lang']);
-    $default_theme = Trim($row['theme']);
-}
-
-require_once("langs/$default_lang");
-
-// Check if IP is banned
-if (is_banned($con, $ip)) die($lang['banned']); // "You have been banned from ".$site_name;
-
-// Logout
-if (isset($_GET['logout'])) {
-    header('Location: ' . $_SERVER['HTTP_REFERER']);
-    unset($_SESSION['token']);
-    unset($_SESSION['oauth_uid']);
-    unset($_SESSION['username']);
-    session_destroy();
-}
-
 
 //Report paste
 $p_reasonrep = Trim(htmlspecialchars($_POST['reasonrep']));
@@ -74,4 +30,4 @@ if ($con->query($reported) === true) {
 } else {
     $repmes = "Reporting failed";
 }
-?>
+