From accc28ac754ee4697b1b2cb27e0c0d728334de4b Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Wed, 14 Jul 2021 14:20:43 -0400 Subject: [PATCH] Much work with regards to the database restructure --- admin/dashboard.php | 5 ++--- includes/common.php | 12 ++++++++++- includes/functions.php | 17 +++++++++------- index.php | 43 +++++++++++----------------------------- paste.php | 45 ++++++++++++++++++++++++------------------ theme/bulma/view.php | 28 +++++++++++++------------- 6 files changed, 74 insertions(+), 76 deletions(-) diff --git a/admin/dashboard.php b/admin/dashboard.php index 03189ff..2f7fa07 100644 --- a/admin/dashboard.php +++ b/admin/dashboard.php @@ -45,8 +45,7 @@ $query->execute([$c_date]); $today_users_count = intval($query->fetch(PDO::FETCH_NUM)[0]); /* Number of pastes today */ -$query = $conn->prepare('SELECT COUNT(*) FROM pastes where s_date = ?'); -$query->execute([$c_date]); +$query = $conn->query('SELECT COUNT(*) FROM pastes where DATE(created_at) = DATE(NOW())'); $today_pastes_count = intval($query->fetch(PDO::FETCH_NUM)[0]); for ($loop = 0; $loop <= 6; $loop++) { @@ -169,7 +168,7 @@ for ($loop = 0; $loop <= 6; $loop++) { foreach ($res as $row) { $title = Trim($row['title']); $p_id = Trim($row['id']); - $p_date = Trim($row['s_date']); + $p_date = $row['date']->format('jS F Y h:i:s A'); $p_ip = Trim($row['ip']); $p_member = Trim($row['member']); $p_view = Trim($row['views']); diff --git a/includes/common.php b/includes/common.php index d73c8ba..936245a 100644 --- a/includes/common.php +++ b/includes/common.php @@ -47,6 +47,17 @@ function getSiteTotal_unique_views(PDO $conn) : int { return intval($conn->query('SELECT tvisit FROM page_view ORDER BY id DESC LIMIT 1')->fetch(PDO::FETCH_NUM)[0]); } +function getCurrentUser(PDO $conn) : array | null { + if (empty($_SESSION['username'])) { + return null; + } + + $query = $conn->prepare('SELECT * FROM users WHERE username = ?'); + $query->execute($_SESSION['username']); + + return $query->fetch(); +} + function updatePageViews(PDO $conn) : void { $ip = $_SERVER['REMOTE_ADDR']; $date = date('jS F Y'); @@ -129,7 +140,6 @@ if (isset($_SESSION['username'])) { $noguests = "off"; } - // Prevent a potential LFI (you never know :p) $lang_file = "${default_lang}.php"; if (in_array($lang_file, scandir('langs/'))) { diff --git a/includes/functions.php b/includes/functions.php index 69df6b3..19c710d 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -138,10 +138,13 @@ function getRecentreport($conn, $count) { function getUserRecom($conn, $p_member) { - $query = $conn->prepare("SELECT id, member, title, visible -FROM pastes where member= ? AND visible = '0' -ORDER BY id DESC -LIMIT 0 , 5"); + $query = $conn->prepare( + "SELECT pastes.id AS id, users.username AS member, title, visible + FROM pastes + INNER JOIN users ON users.username = ? + WHERE visible = '0' + ORDER BY id DESC + LIMIT 0, 5"); $query->execute([$p_member]); return $query->fetchAll(); } @@ -151,7 +154,7 @@ function recentupdate($conn, $count) { "SELECT pastes.id AS id, visible, title, created_at, users.username AS member, tagsys FROM pastes INNER JOIN users ON users.id = pastes.user_id - WHERE visible = '0' ORDER BY timeedit DESC + WHERE visible = '0' ORDER BY updated_at DESC LIMIT ?"); $query->execute([$count]); return $query->fetchAll(); @@ -220,7 +223,7 @@ function getRecent($conn, $count) { } function getRecentadmin($conn, $count = 5) { - $query = $conn->prepare('SELECT id, ip title, date, now_time, s_date, views, member FROM pastes ORDER BY id DESC LIMIT 0, ?'); + $query = $conn->prepare('SELECT id, ip title, date, now_time, views, member FROM pastes ORDER BY id DESC LIMIT 0, ?'); $query->execute([$count]); return $query->fetchAll(); @@ -261,7 +264,7 @@ LIMIT 0 , ?"); function getUserPastes($conn, $username) { - $query = $conn->prepare("SELECT id, title, code, views, s_date, now_time, visible, date, tagsys, member FROM pastes where member=? ORDER by id DESC"); + $query = $conn->prepare("SELECT id, title, code, views, now_time, visible, date, tagsys, member FROM pastes where member=? ORDER by id DESC"); $query->execute([$username]); return $query->fetchAll(); } diff --git a/index.php b/index.php index fb7d0a8..aba0c75 100644 --- a/index.php +++ b/index.php @@ -104,6 +104,8 @@ header('Content-Type: text/html; charset=utf-8'); $date = date('jS F Y'); $ip = $_SERVER['REMOTE_ADDR']; +$current_user = getCurrentUser($conn); + // Sitemap $site_sitemap_rows = $conn->query('SELECT * FROM sitemap_options LIMIT 1'); if ($row = $site_sitemap_rows->fetch()) { @@ -174,7 +176,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { } else { $p_password = password_hash($p_password, PASSWORD_DEFAULT); } - $p_encrypt = Trim(htmlspecialchars($_POST['encrypted'])); + $p_encrypt = trim(htmlspecialchars($_POST['encrypted'])); if (empty($p_encrypt)) { $p_encrypt = "0"; @@ -184,42 +186,32 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $p_content = encrypt($p_content); } - if (isset($_SESSION['token'])) { - $p_member = Trim($_SESSION['username']); - } else { - $p_member = "Guest"; - } - // Set expiry time $expires = calculatePasteExpiry($p_expiry); - $p_date = date('jS F Y h:i:s A'); - $date = date('jS F Y'); - $now_time = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y")); - $timeedit = gmmktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y")); - // Edit existing paste or create new? if ($editing) { - if (isset($_SESSION['username'])) { + if ($current_user && $current_user['id'] === $paste_id) { $paste_id = intval($_POST['paste_id']); $statement = $conn->prepare( - "UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?, member = ?, ip = ?, tagsys = ?, now_time = ?, timeedit = ? + "UPDATE pastes SET title = ?, content = ?, visible = ?, code = ?, expiry = ?, password = ?, encrypt = ?,ip = ?, tagsys = ?, updated_at = NOW() WHERE id = ?" ); $statement->execute([ - $p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $p_member, $ip, $p_tagsys, $now_time, $timeedit, $edit_paste_id + $p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $ip, $p_tagsys, $paste_id ]); $success = $paste_id; } else { $error = $lang['loginwarning']; //"You must be logged in to do that." } } else { + $paste_owner = $current_user ? $current_user['id'] : null; $statement = $conn->prepare( - "INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, member, date, ip, now_time, views, s_date, tagsys) VALUES - (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '0', ?, ?)" + "INSERT INTO pastes (title, content, visible, code, expiry, password, encrypt, user_id, created_at, ip, views, tagsys) VALUES + (?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, 0, ?)" ); - $statement->execute([$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $p_member, $p_date, $ip, $now_time, $date, $p_tagsys]); + $statement->execute([$p_title, $p_content, $p_visible, $p_code, $expires, $p_password, $p_encrypt, $paste_owner, $ip, $p_tagsys]); $paste_id = intval($conn->lastInsertId()); /* returns the last inserted ID as per the query above */ if ($p_visible == '0') { addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite); @@ -229,20 +221,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Redirect to paste on successful entry, or on successful edit redirect back to edited paste if (isset($success)) { - if ($mod_rewrite == '1') { - if ($editing) { - $paste_url = "$edit_paste_id"; - } else { - $paste_url = "$success"; - } - } else { - if ($editing) { - $paste_url = "paste.php?id=$edit_paste_id"; - } else { - $paste_url = "paste.php?id=$success"; - } - } - + $paste_url = urlForPaste($success); header("Location: ${paste_url}"); die(); } diff --git a/paste.php b/paste.php index 6d6402f..ac812e1 100644 --- a/paste.php +++ b/paste.php @@ -37,7 +37,7 @@ $fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]); // Get paste info $query = $conn->prepare( - 'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, encrypt, views, tagsys, users.username AS member + 'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member FROM pastes INNER JOIN users ON users.id = pastes.user_id WHERE pastes.id = ?'); @@ -47,27 +47,35 @@ $row = $query->fetch(); // This is used in the theme files. $totalpastes = getSiteTotalPastes($conn); +$current_user = getCurrentUser($conn); + if (!$row) { header('HTTP/1.1 404 Not Found'); $notfound = $lang['notfound']; // "Not found"; } else { - $p_title = $row['title']; + $paste_title = $row['title']; + $paste_code = $row['code']; + + $paste = [ + 'title' => $paste_title, + 'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'), + 'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'), + 'member' => $row['member'], + 'tags' => $row['tagsys'], + 'views' => $row['views'], + 'code' => $paste_code + ]; $p_content = $row['content']; $p_visible = $row['visible']; - $p_code = $row['code']; $p_expiry = Trim($row['expiry']); $p_password = $row['password']; $p_member = $row['member']; $p_encrypt = $row['encrypt']; - $p_views = $row['views']; - $p_tagsys = $row['tagsys']; - - $mod_date = date("jS F Y h:i:s A", $now_time); $p_private_error = '0'; if ($p_visible == "2") { - if (isset($_SESSION['username'])) { - if ($p_member !== trim($_SESSION['username'])) { + if ($current_user) { + if ($p_member !== $current_user['id']) { $notfound = $lang['privatepaste']; //" This is a private paste."; $p_private_error = '1'; goto Not_Valid_Paste; @@ -98,12 +106,12 @@ if (!$row) { // Download the paste if (isset($_GET['download'])) { if ($p_password == "NONE") { - doDownload($paste_id, $p_title, $p_member, $op_content, $p_code); + doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code); exit(); } else { if (isset($_GET['password'])) { if (password_verify($_GET['password'], $p_password)) { - doDownload($paste_id, $p_title, $p_member, $op_content, $p_code); + doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code); exit(); } else { $error = $lang['wrongpassword']; // 'Wrong password'; @@ -117,12 +125,12 @@ if (!$row) { // Raw view if (isset($_GET['raw'])) { if ($p_password == "NONE") { - rawView($paste_id, $p_title, $op_content, $p_code); + rawView($paste_id, $paste_title, $op_content, $paste_code); exit(); } else { if (isset($_GET['password'])) { if (password_verify($_GET['password'], $p_password)) { - rawView($paste_id, $p_title, $op_content, $p_code); + rawView($paste_id, $paste_title, $op_content, $paste_code); exit(); } else { $error = $lang['wrongpassword']; // 'Wrong password'; @@ -151,12 +159,12 @@ if (!$row) { // Apply syntax highlight $p_content = htmlspecialchars_decode($p_content); - if ($p_code === "pastedown") { + if ($paste_code === "pastedown") { $Parsedown = new Parsedown(); $Parsedown->setSafeMode(true); $p_content = $Parsedown->text($p_content); } else { - $geshi = new GeSHi($p_content, $p_code, 'includes/geshi/'); + $geshi = new GeSHi($p_content, $paste_code, 'includes/geshi/'); $geshi->enable_classes(); $geshi->set_header_type(GESHI_HEADER_DIV); @@ -177,12 +185,12 @@ if (!$row) { // Embed view after GeSHI is applied so that $p_code is syntax highlighted as it should be. if (isset($_GET['embed'])) { if ($p_password == "NONE") { - embedView($paste_id, $p_title, $p_content, $p_code, $title, $baseurl, $ges_style, $lang); + embedView($paste_id, $paste_title, $p_content, $paste_code, $title, $baseurl, $ges_style, $lang); exit(); } else { if (isset($_GET['password'])) { if (password_verify($_GET['password'], $p_password)) { - embedView($paste_id, $p_title, $p_content, $p_code, $title, $p_baseurl, $ges_style, $lang); + embedView($paste_id, $paste_title, $p_content, $paste_code, $title, $p_baseurl, $ges_style, $lang); exit(); } else { $error = $lang['wrongpassword']; // 'Wrong password'; @@ -196,7 +204,6 @@ if (!$row) { require_once('theme/' . $default_theme . '/header.php'); if ($p_password == "NONE") { - // No password & diplay the paste // Set download URL @@ -262,4 +269,4 @@ if ($p_private_error == '1') { // Footer require_once('theme/' . $default_theme . '/footer.php'); -?> + diff --git a/theme/bulma/view.php b/theme/bulma/view.php index 8838fc1..8449d47 100644 --- a/theme/bulma/view.php +++ b/theme/bulma/view.php @@ -58,7 +58,7 @@ * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 3 * of the License, or (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -146,9 +146,9 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
   + aria-hidden="true">      + aria-hidden="true">     
@@ -160,7 +160,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was   
-

+

Guest @@ -168,11 +168,11 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was By
- Created: + Created:
- - Modified: - + + +
@@ -185,7 +185,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was ?> - + @@ -220,7 +220,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
0) { @@ -238,7 +238,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was ' . $error . '

'; } else { - if ($p_code != "pastedown") { + if ($paste['code'] != "pastedown") { echo '
' . linkify($p_content) . '
'; } else { @@ -309,7 +309,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was $name) { if (in_array($code, $popular_formats)) { - $sel = ($p_code == $code) ? 'selected="selected"' : ' '; + $sel = ($paste['code'] == $code) ? 'selected="selected"' : ' '; echo ''; } } @@ -317,7 +317,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was // Show all GeSHi formats. foreach ($geshiformats as $code => $name) { if (!in_array($code, $popular_formats)) { - $sel = ($p_code == $code) ? 'selected="selected"' : ''; + $sel = ($paste['code'] == $code) ? 'selected="selected"' : ''; echo ''; } } @@ -501,7 +501,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was var charRemain = (maxLength - strLength); var char2kb = charRemain / 1000; var charDisplay = roundToTwo(char2kb); -// Grace limit +// Grace limit var gracelimit = 11480; var newstrLength = obj.value.length - 1000000; var graceRemain = (gracelimit - newstrLength);