diff --git a/discover.php b/discover.php
index 2119557..693a1d7 100644
--- a/discover.php
+++ b/discover.php
@@ -12,8 +12,6 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details.
*/
-session_start();
-
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
diff --git a/includes/functions.php b/includes/functions.php
index 4e62ce3..96c5348 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -273,7 +273,7 @@ function getTotalPastes($conn, $username) {
return $count;
}
-function isValidUsername($str) {
+function isValidUsername(string $str) : bool {
return !preg_match('/[^A-Za-z0-9._\\-$]/', $str);
}
@@ -514,18 +514,13 @@ function addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite) {
file_put_contents("sitemap.xml", $full_map);
}
-function paste_protocol() {
-
- $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
-
- return $protocol;
+function paste_protocol() : string {
+ return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
}
-function is_banned($conn, $ip) {
+function is_banned(PDO $conn, string $ip) : bool {
$query = $conn->prepare('SELECT 1 FROM ban_user WHERE ip = ?');
$query->execute([$ip]);
- return (bool)$query->fetch();
+ return (bool) $query->fetch();
}
-
-?>
\ No newline at end of file
diff --git a/login.php b/login.php
index 7d1251d..7ae7d29 100644
--- a/login.php
+++ b/login.php
@@ -14,6 +14,7 @@
*/
// Required functions
+define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
require_once('includes/password.php');
@@ -163,22 +164,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = htmlentities(trim($_POST['username']));
$password = $_POST['password'];
if ($username != null && $password != null) {
- $query = $conn->prepare("SELECT * FROM users WHERE username=?");
+ $query = $conn->prepare("SELECT * FROM users WHERE username = ?");
$query->execute([$username]);
- if ($query->fetchColumn() > 0) {
+ if ($row = $query->fetch()) {
// Username found
- while ($row = $query->fetch()) {
- $db_oauth_uid = $row['oauth_uid'];
- $db_email_id = $row['email_id'];
- $db_full_name = $row['full_name'];
- $db_platform = $row['platform'];
- $db_password = $row['password'];
- $db_verified = $row['verified'];
- $db_picture = $row['picture'];
- $db_date = $row['date'];
- $db_ip = $row['ip'];
- $db_id = $row['id'];
- }
+ $db_oauth_uid = $row['oauth_uid'];
+ $db_email_id = $row['email_id'];
+ $db_full_name = $row['full_name'];
+ $db_platform = $row['platform'];
+ $db_password = $row['password'];
+ $db_verified = $row['verified'];
+ $db_picture = $row['picture'];
+ $db_date = $row['date'];
+ $db_ip = $row['ip'];
+ $db_id = $row['id'];
if (password_verify($password, $db_password)) {
if ($db_verified == "1") {
@@ -228,50 +227,47 @@ if (isset($_POST['signup'])) {
} else {
if ($username != null && $password != null && $email != null) {
$res = isValidUsername($username);
- if ($res == '1') {
- $query = "SELECT * FROM users WHERE username='$username'";
- $result = mysqli_query($con, $query);
- if (mysqli_num_rows($result) > 0) {
+ if ($res) {
+ $query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
+ $query->execute([$username]);
+ if ($query->fetch()) {
$error = $lang['userexists']; // "Username already taken.";
} else {
+ $query = $conn->prepare("SELECT 1 FROM users WHERE email_id = ?");
+ $query->execute([$email]);
- $query = "SELECT * FROM users WHERE email_id='$email'";
- $result = mysqli_query($con, $query);
-
- if (mysqli_num_rows($result) > 0) {
+ if ($query->fetch()) {
$error = $lang['emailexists']; // "Email already registered.";
} else {
- if ($verification == 'disabled') {
- $query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','1','NONE','$date','$ip','0')";
+ $verification_needed = $verification !== 'disabled';
+
+ $query = $conn->prepare(
+ "INSERT INTO users (oauth_uid, username, email_id, platform, password, verified, picture, date, ip, badge) VALUES ('0', ?, ?, 'Direct', ?, ?, 'NONE', ?, ?, '0')"
+ );
+ $query->execute([$username, $email, $password, $verification_needed ? 0 : 1, $date, $ip]);
+
+ if (!$verification_needed) {
+ $success = $lang['registered']; // "Your account was successfully registered.";
} else {
- $query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','0','NONE','$date','$ip','0')";
- }
- mysqli_query($con, $query);
- if (mysqli_error($con))
- $error = "Invalid input dectected";
- else {
- if ($verification == 'disabled') {
- $success = $lang['registered']; // "Your account was successfully registered.";
- } else {
- $success = $lang['registered']; // "Your account was successfully registered.";
- $protocol = paste_protocol();
- $verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $email . 'd94ereg');
- $sent_mail = $email;
- $subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
- $body = "
+ $success = $lang['registered']; // "Your account was successfully registered.";
+ $protocol = paste_protocol();
+ $verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $email . 'd94ereg');
+ $sent_mail = $email;
+ $subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
+ $body = "
Hello $username, Your $site_name account has been created. Please verify your account by clicking the link below.
$verify_url
After confirming your account you can log in using your username: $username and the password you used when signing up.
";
- if ($mail_type == '1') {
- default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body);
- } else {
- smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
- }
+ if ($mail_type == '1') {
+ default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body);
+ } else {
+ smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
}
}
+
}
}
diff --git a/mail/mail.php b/mail/mail.php
index 730dfe7..ea27e4b 100644
--- a/mail/mail.php
+++ b/mail/mail.php
@@ -47,7 +47,7 @@ function default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body) {
}
-function smtp_mail($smtp_host, $smtp_port = 587, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec = 'tls', $admin_mail, $admin_name, $sent_mail, $subject, $body) {
+function smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body) {
require_once('class.phpmailer.php');
require_once('class.smtp.php');
$mail = new PHPMailer;
diff --git a/oauth.php b/oauth.php
index cbb29b7..39de0d5 100644
--- a/oauth.php
+++ b/oauth.php
@@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$error = $lang['usernotvalid']; //"Username not vaild";
} else {
$res = isValidUsername($new_username);
- if ($res == '1') {
+ if ($res) {
$query = "SELECT * FROM users WHERE username='$new_username'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {