From ab632347b6422147b3af613110eb6237265aca9d Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Mon, 1 Nov 2021 16:56:17 -0400 Subject: [PATCH] More Eloquent conversions --- api/tags_autocomplete.php | 3 +- archive.php | 5 ++- includes/Models/IPBan.php | 8 +++++ includes/Models/PageView.php | 8 +++++ includes/Models/Paste.php | 1 - includes/Models/User.php | 3 ++ includes/common.php | 39 ++++++-------------- includes/functions.php | 43 ---------------------- login.php | 69 +++++++++++++++++++++--------------- paste.php | 19 +++++++--- profile.php | 15 ++++---- theme/bulma/archive.php | 7 ---- theme/bulma/css/paste.css | 19 +++++++--- theme/bulma/discover.php | 24 ++++++------- theme/bulma/event.php | 23 ++---------- theme/bulma/login.php | 20 ----------- theme/bulma/main.php | 7 ---- theme/bulma/pages.php | 4 --- theme/bulma/user_profile.php | 69 ++++++------------------------------ theme/bulma/view.php | 16 ++++----- 20 files changed, 145 insertions(+), 257 deletions(-) create mode 100644 includes/Models/IPBan.php create mode 100644 includes/Models/PageView.php diff --git a/api/tags_autocomplete.php b/api/tags_autocomplete.php index 00c5047..49bbcae 100644 --- a/api/tags_autocomplete.php +++ b/api/tags_autocomplete.php @@ -1,8 +1,9 @@ query("SELECT COUNT(*) from pastes WHERE tagsys IS NULL")->fetch(PDO::FETCH_NUM)[0]); +$total_untagged = Paste::doesntHave('tags')->count(); updatePageViews($conn); diff --git a/includes/Models/IPBan.php b/includes/Models/IPBan.php new file mode 100644 index 0000000..dab1b7d --- /dev/null +++ b/includes/Models/IPBan.php @@ -0,0 +1,8 @@ +hasOne(UserSession::class); diff --git a/includes/common.php b/includes/common.php index 6abe9cc..bf0052a 100644 --- a/includes/common.php +++ b/includes/common.php @@ -8,9 +8,9 @@ require_once(__DIR__ . '/functions.php'); require_once(__DIR__ . '/DatabaseHandle.class.php'); use Illuminate\Database\Capsule\Manager as Capsule; -use Illuminate\Support\Facades\DB; -use Illuminate\Support\Facades\Event; use PonePaste\Helpers\SessionHelper; +use PonePaste\Models\IPBan; +use PonePaste\Models\PageView; use PonePaste\Models\Paste; use PonePaste\Models\User; @@ -102,22 +102,6 @@ function getSiteInfo() : array { return require(__DIR__ . '/../config/site.php'); } -function getSiteAds(DatabaseHandle $conn) : array|bool { - return $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch(); -} - -function getSiteTotalPastes(DatabaseHandle $conn) : int { - return intval($conn->query('SELECT COUNT(*) FROM pastes')->fetch(PDO::FETCH_NUM)[0]); -} - -function getSiteTotalviews(DatabaseHandle $conn) : int { - return intval($conn->query('SELECT tpage FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]); -} - -function getSiteTotal_unique_views(DatabaseHandle $conn) : int { - return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]); -} - /** * Specialization of `htmlentities()` that avoids double escaping and uses UTF-8. * @@ -186,11 +170,11 @@ $capsule->bootEloquent(); $site_info = getSiteInfo(); $global_site_info = $site_info['site_info']; $row = $site_info['site_info']; -$title = Trim($row['title']); -$baseurl = Trim($row['baseurl']); -$site_name = Trim($row['site_name']); -$email = Trim($row['email']); -$additional_scripts = Trim($row['additional_scripts']); +$title = trim($row['title']); +$baseurl = trim($row['baseurl']); +$site_name = trim($row['site_name']); +$email = trim($row['email']); +$additional_scripts = trim($row['additional_scripts']); // Setup theme $default_theme = 'bulma'; @@ -212,14 +196,13 @@ $captcha_enabled = (bool) $captcha_config['enabled']; // Check if IP is banned $ip = $_SERVER['REMOTE_ADDR']; -if ($conn->query('SELECT 1 FROM ban_user WHERE ip = ?', [$ip])->fetch()) { +if (IPBan::where('ip', $ip)->first()) { die('You have been banned.'); } -$site_ads = getSiteAds($conn); -$total_pastes = getSiteTotalPastes($conn); -$total_page_views = getSiteTotalviews($conn); -$total_unique_views = getSiteTotal_unique_views($conn); +$total_pastes = Paste::count(); +$total_page_views = PageView::select('tpage')->orderBy('id', 'desc')->first()->tpage; +$total_unique_views = PageView::select('tvisit')->orderBy('id', 'desc')->first()->tvisit; $current_user = SessionHelper::currentUser(); diff --git a/includes/functions.php b/includes/functions.php index 75746ab..78d1611 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -1,34 +1,6 @@ query( - 'SELECT name, slug FROM tags - INNER JOIN paste_taggings ON paste_taggings.tag_id = tags.id - WHERE paste_taggings.paste_id = ?', - [$paste_id])->fetchAll(); -} - -function getUserFavs(DatabaseHandle $conn, int $user_id) : array { - $query = $conn->prepare( - "SELECT pins.f_time, pastes.id, pins.paste_id, pastes.title, pastes.created_at, pastes.updated_at - FROM pins - INNER JOIN pastes ON pastes.id = pins.paste_id - WHERE pins.user_id = ?"); - $query->execute([$user_id]); - return $query->fetchAll(); -} - -function checkFavorite($user, $paste_id) : string { - if ($user->favourites->where('paste_id', $paste_id)->first()) { - return ""; - } else { - return ""; - } -} - - function getreports($conn, $count = 10) { $query = $conn->prepare('SELECT * FROM user_reports LIMIT ?'); $query->execute([$count]); @@ -162,21 +134,6 @@ function getRecentadmin($conn, $count = 5) { return $query->fetchAll(); } -function getUserPastes(DatabaseHandle $conn, int $user_id) : array { - return $conn->query( - "SELECT id, title, visible, code, created_at, views FROM pastes - WHERE user_id = ? - ORDER by pastes.id DESC", [$user_id])->fetchAll(); -} - -function getTotalPastes(DatabaseHandle $conn, int $user_id) : int { - $query = $conn->prepare("SELECT COUNT(*) AS total_pastes - FROM pastes INNER JOIN users ON users.id = pastes.user_id - WHERE users.id = ?"); - $query->execute([$user_id]); - - return intval($query->fetch(PDO::FETCH_NUM)[0]); -} function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string { $delta = $greater->diff($lesser, true); diff --git a/login.php b/login.php index e9508b2..23e70ed 100644 --- a/login.php +++ b/login.php @@ -4,6 +4,10 @@ require_once('includes/common.php'); require_once('includes/functions.php'); require_once('includes/passwords.php'); +use PonePaste\Helpers\SessionHelper; +use PonePaste\Models\User; +use PonePaste\Models\UserSession; + // Current Date & User IP $date = date('jS F Y'); $ip = $_SERVER['REMOTE_ADDR']; @@ -22,22 +26,24 @@ if (isset($_POST['forgot'])) { $username = trim($_POST['username']); $recovery_code = trim($_POST['recovery_code']); - $query = $conn->query("SELECT id, recovery_code_hash FROM users WHERE username = ?", [$username]); - $row = $query->fetch(); - - if ($row && pp_password_verify($_POST['recovery_code'], $row['recovery_code_hash'])) { + $user = User::select('id', 'recovery_code_hash') + ->where('username', $username); + /* see justification below for error-suppression operator */ + if (pp_password_verify($_POST['recovery_code'], @$user->recovery_code_hash)) { $new_password = pp_random_password(); $new_password_hash = pp_password_hash($new_password); $recovery_code = pp_random_token(); $new_recovery_code_hash = pp_password_hash($recovery_code); - $conn->prepare('UPDATE users SET password = ?, recovery_code_hash = ? WHERE id = ?') - ->execute([$new_password_hash, $new_recovery_code_hash, $row['id']]); + $user->password = $new_password_hash; + $user->recovery_code_hash = $new_recovery_code_hash; + + $user->save(); $success = 'Your password has been changed. A new recovery code has also been generated. Please note the recovery code and then sign in with the new password.'; } else { - $error = 'Incorrect username or password.'; + $error = 'Incorrect username or recovery code.'; } } else { $error = 'All fields must be filled out.'; @@ -46,38 +52,40 @@ if (isset($_POST['forgot'])) { if (!empty($_POST['username']) && !empty($_POST['password'])) { $remember_me = (bool) $_POST['remember_me']; $username = trim($_POST['username']); - $row = $conn->query("SELECT id, password, banned FROM users WHERE username = ?", [$username]) - ->fetch(); + $user = User::select('id', 'password', 'banned') + ->where('username', $username) + ->first(); $needs_rehash = false; /* This is designed to be a constant time lookup, hence the warning suppression operator so that - * we always call pp_password_verify, even if row is null. + * we always call pp_password_verify, even if the user is null. */ - if (pp_password_verify($_POST['password'], @$row['password'], $needs_rehash)) { - $user_id = $row['id']; - + if (pp_password_verify($_POST['password'], @$user->password, $needs_rehash)) { if ($needs_rehash) { - $new_password_hash = pp_password_hash($_POST['password']); - - $conn->query('UPDATE users SET password = ? WHERE id = ?', - [$new_password_hash, $user_id]); + $user->password = pp_password_hash($_POST['password']); + $user->save(); } - if ($row['banned']) { + if ($user->banned) { // User is banned $error = 'You are banned.'; } else { // Login successful - $_SESSION['user_id'] = (string) $user_id; + $_SESSION['user_id'] = (string) $user->id; if ($remember_me) { $remember_token = pp_random_token(); $expire_at = (new DateTime())->add(new DateInterval('P1Y')); - $conn->query('INSERT INTO user_sessions (user_id, token, expire_at) VALUES (?, ?, FROM_UNIXTIME(?))', [$user_id, $remember_token, $expire_at->format('U')]); + $session = new UserSession([ + 'user_id' => $user->id, + 'token' => $remember_token, + 'expire_at' => $expire_at + ]); + $session->save(); - setcookie(User::REMEMBER_TOKEN_COOKIE, $remember_token, [ + setcookie(SessionHelper::REMEMBER_TOKEN_COOKIE, $remember_token, [ 'expires' => (int) $expire_at->format('U'), 'secure' => !empty($_SERVER['HTTPS']), /* Local dev environment is non-HTTPS */ 'httponly' => true, @@ -96,7 +104,7 @@ if (isset($_POST['forgot'])) { $error = 'All fields must be filled out.'; } } elseif (isset($_POST['signup'])) { // Registration process - $username = htmlentities(trim($_POST['username'], ENT_QUOTES)); + $username = trim($_POST['username']); $password = pp_password_hash($_POST['password']); if (empty($_POST['password']) || empty($_POST['username'])) { @@ -106,15 +114,20 @@ if (isset($_POST['forgot'])) { } elseif (preg_match('/[^A-Za-z0-9._\\-$]/', $username)) { $error = 'Username is invalid - please use A-Za-z0-9, periods, hyphens, and underscores only.'; } else { - if ($conn->querySelectOne('SELECT 1 FROM users WHERE username = ?', [$username])) { + if (User::where('username', $username)->first()) { $error = 'That username has already been taken.'; } else { + /* this is displayed to the user in the template, hence the variable rather than inlining */ $recovery_code = pp_random_token(); - $recovery_code_hash = pp_password_hash($recovery_code); - $conn->query( - "INSERT INTO users (username, password, recovery_code_hash, picture, date, ip, badge) VALUES (?, ?, ?, 'NONE', ?, ?, '0')", - [$username, $password, $recovery_code_hash, $date, $ip] - ); + + $user = new User([ + 'username' => $username, + 'password' => $password, + 'recovery_code_hash' => pp_password_hash($recovery_code), + 'date' => $date, + 'ip' => $ip + ]); + $user->save(); $success = 'Your account was successfully registered.'; } diff --git a/paste.php b/paste.php index 646c4eb..21cb362 100644 --- a/paste.php +++ b/paste.php @@ -21,7 +21,7 @@ $paste_id = intval(trim($_REQUEST['id'])); updatePageViews($conn); // This is used in the theme files. -$totalpastes = getSiteTotalPastes($conn); +$totalpastes = Paste::count(); // Get paste favorite count $fav_count = $conn->querySelectOne('SELECT COUNT(*) FROM user_favourites WHERE paste_id = ?', [$paste_id], PDO::FETCH_NUM)[0]; @@ -46,8 +46,6 @@ if (!$paste) { goto Not_Valid_Paste; } -//var_dump($paste); - $paste_owner_id = $paste->user->id; $paste_title = $paste->title; $paste_code = $paste->code; @@ -69,6 +67,7 @@ $p_visible = $paste->visible; $p_expiry = $paste->expiry; $p_password = $paste->password; $p_encrypt = (bool) $paste->encrypt; +$paste_is_favourited = $current_user !== null && $current_user->favourites->where('paste_id', $paste->id)->count() === 1; $is_private = $p_visible === '2'; @@ -110,6 +109,15 @@ if (!empty($p_expiry) && $p_expiry !== 'SELF') { } } +/* handle favouriting */ +if (isset($_POST['fave'])) { + if ($paste_is_favourited) { + $current_user->favourites()->detach($paste->id); + } else { + $current_user->favourites()->attach($paste->id); + } +} + if ($p_encrypt == 1) { $p_content = openssl_decrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY); } @@ -133,7 +141,7 @@ if (isset($_POST['delete'])) { if (!$current_user || ($paste_owner_id !== $current_user->user_id)) { flashError('You must be logged in and own this paste to delete it.'); } else { - $conn->query('DELETE FROM pastes WHERE id = ?', [$paste_id]); + $paste->delete(); flashSuccess('Paste deleted.'); header('Location: ' . urlForMember($current_user->username)); die(); @@ -195,7 +203,8 @@ if ($password_required && $password_valid) { // View counter if (@$_SESSION['not_unique'] !== $paste_id) { $_SESSION['not_unique'] = $paste_id; - $conn->query("UPDATE pastes SET views = (views + 1) where id = ?", [$paste_id]); + $paste->views += 1; + $paste->save(); } $page_template = 'view'; diff --git a/profile.php b/profile.php index b9f0005..0fcff21 100644 --- a/profile.php +++ b/profile.php @@ -4,6 +4,8 @@ require_once('includes/common.php'); require_once('includes/functions.php'); require_once('includes/passwords.php'); +use PonePaste\Models\Paste; + // Check if already logged in if ($current_user === null) { header("Location: ./login.php"); @@ -11,14 +13,11 @@ if ($current_user === null) { } $user_username = $current_user->username; - -$query = $conn->query('SELECT * FROM users WHERE id = ?', [$current_user->user_id]); $row = $query->fetch(); -$user_id = $row['id']; -$user_platform = Trim($row['platform']); -$user_date = $row['date']; -$user_ip = $row['ip']; -$user_password = $row['password']; +$user_id = $current_user->id; +$user_date = $current_user->date; +$user_ip = $current_user->ip; +$user_password = $current_user->password; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['cpassword'])) { @@ -41,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { updatePageViews($conn); -$total_user_pastes = getTotalPastes($conn, $current_user->user_id); +$total_user_pastes = Paste::where('user_id', $current_user->user_id)->count(); // Theme $page_template = 'profile'; diff --git a/theme/bulma/archive.php b/theme/bulma/archive.php index 2748fa1..fc3e992 100644 --- a/theme/bulma/archive.php +++ b/theme/bulma/archive.php @@ -69,13 +69,6 @@
- - - diff --git a/theme/bulma/css/paste.css b/theme/bulma/css/paste.css index e14d60f..c4d7506 100644 --- a/theme/bulma/css/paste.css +++ b/theme/bulma/css/paste.css @@ -161,14 +161,25 @@ input:checked + .slider:before { } } -img [alt="www.000webhost.com"] { - display: none; -} - .td-center { text-align: center !important; } .green .hljs-comment { color: #789922; +} + +button.button--no-style { + background: none; + color: inherit; + border: none; + padding: 0; + font: inherit; + cursor: pointer; + outline: inherit; + display: inline; +} + +.form--inline { + display: inline; } \ No newline at end of file diff --git a/theme/bulma/discover.php b/theme/bulma/discover.php index 07e3d57..138b260 100644 --- a/theme/bulma/discover.php +++ b/theme/bulma/discover.php @@ -68,11 +68,11 @@

- + title) ?>

- + user->username) ?>

@@ -107,11 +107,11 @@

- + title) ?>

- + user->username) ?>

@@ -146,11 +146,11 @@

- + title) ?>

- + user->username) ?>

@@ -185,11 +185,11 @@

- + title) ?>

- + user->username) ?>

diff --git a/theme/bulma/event.php b/theme/bulma/event.php index 347d4ff..628a140 100644 --- a/theme/bulma/event.php +++ b/theme/bulma/event.php @@ -133,7 +133,7 @@
-

Submited Entries +

Submitted Entries

@@ -164,18 +164,7 @@ ''; ?> - -

+
@@ -201,10 +190,4 @@ - + diff --git a/theme/bulma/login.php b/theme/bulma/login.php index 97a1a88..5ca4aeb 100644 --- a/theme/bulma/login.php +++ b/theme/bulma/login.php @@ -64,11 +64,6 @@
-
@@ -121,11 +116,6 @@
-

@@ -169,11 +159,6 @@
-
@@ -188,11 +173,6 @@
-
diff --git a/theme/bulma/main.php b/theme/bulma/main.php index 27a285e..4e43a86 100644 --- a/theme/bulma/main.php +++ b/theme/bulma/main.php @@ -302,13 +302,6 @@
- -
diff --git a/theme/bulma/pages.php b/theme/bulma/pages.php index e3c7dcd..5f0449a 100644 --- a/theme/bulma/pages.php +++ b/theme/bulma/pages.php @@ -10,10 +10,6 @@ } else { echo '

Not Found

'; } - - if (isset($site_ads)) { - echo $site_ads['ads_2']; - } ?>
diff --git a/theme/bulma/user_profile.php b/theme/bulma/user_profile.php index c12c429..fdf15a2 100644 --- a/theme/bulma/user_profile.php +++ b/theme/bulma/user_profile.php @@ -209,16 +209,22 @@ title, 20, 50)); - $p_date = new DateTime($paste->created_at); + $f_date = new DateTime($paste->pivot->f_time); + $update_date = new DateTime($paste->updated_at); + $delta = $update_date->diff(new DateTime(), true); ?> format('d F Y') ?> - - views ?> + + days <= 2): ?> + + + + + tags, $profile_username); ?> - @@ -231,62 +237,9 @@ Tags - - - format("d F Y"); - $Recent_update = new DateTime($row['updated_at']); - $Recent_update_u = date_format($Recent_update, 'U'); - $tagArray2 = array_map(function ($tag) { - return $tag['name']; - }, getPasteTags($conn, $f_id)); - $f_tags = implode(',', $tagArray2); - //$p_link = ($mod_rewrite == '1') ? "$f_id" : "paste.php?favdel=$fu_id"; - //$f_delete_link = ($mod_rewrite == '1') ? "user.php?favdel&user=$profile_username&fid=$f_id" : "user.php?favdel&user=$profile_username&fid=$f_id"; - $title = truncate($title, 20, 50); - $current_time = time(); - $past = strtotime('-2 day', $current_time); - if ($past <= $Recent_update_u && $Recent_update_u <= $current_time) { - $updatenote = ""; - } else { - $updatenote = ""; - } - - echo ' - - ' . ($ftitle) . ' - - - ' . $f_dateui . ' - - - ' . $updatenote . ' - - - '; - if (strlen($f_tags) > 0) { - echo tagsToHtmlUser($f_tags,$profile_username); - } else { - echo ' No tags'; - } - - - echo ''; - } - } - ?> - +
-
diff --git a/theme/bulma/view.php b/theme/bulma/view.php index da60a78..36c88b7 100644 --- a/theme/bulma/view.php +++ b/theme/bulma/view.php @@ -175,11 +175,12 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
- id); - } - ?> + +
+ + +
+ @@ -442,11 +443,6 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was

-