PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 22:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Signup and login should now work.

Browse source
This commit is contained in:
Floorb 2021-07-12 10:44:39 -04:00
parent 7289aba68d
commit c8614b24cd
5 changed files with 47 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
discover.php
View file

@ -12,8 +12,6 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details. * GNU General Public License in GPL.txt for more details.
*/ */
session_start();
define('IN_PONEPASTE', 1); define('IN_PONEPASTE', 1);
require_once('includes/common.php'); require_once('includes/common.php');
require_once('includes/functions.php'); require_once('includes/functions.php');

15
includes/functions.php
View file

@ -273,7 +273,7 @@ function getTotalPastes($conn, $username) {
return $count; return $count;
} }
function isValidUsername($str) { function isValidUsername(string $str) : bool {
return !preg_match('/[^A-Za-z0-9._\\-$]/', $str); return !preg_match('/[^A-Za-z0-9._\\-$]/', $str);
} }
@ -514,18 +514,13 @@ function addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite) {
file_put_contents("sitemap.xml", $full_map); file_put_contents("sitemap.xml", $full_map);
} }
function paste_protocol() { function paste_protocol() : string {
return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
$protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
return $protocol;
} }
function is_banned($conn, $ip) { function is_banned(PDO $conn, string $ip) : bool {
$query = $conn->prepare('SELECT 1 FROM ban_user WHERE ip = ?'); $query = $conn->prepare('SELECT 1 FROM ban_user WHERE ip = ?');
$query->execute([$ip]); $query->execute([$ip]);
return (bool)$query->fetch(); return (bool) $query->fetch();
} }
?>

84
login.php
View file

@ -14,6 +14,7 @@
*/ */
// Required functions // Required functions
define('IN_PONEPASTE', 1);
require_once('includes/common.php'); require_once('includes/common.php');
require_once('includes/functions.php'); require_once('includes/functions.php');
require_once('includes/password.php'); require_once('includes/password.php');
@ -163,22 +164,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = htmlentities(trim($_POST['username'])); $username = htmlentities(trim($_POST['username']));
$password = $_POST['password']; $password = $_POST['password'];
if ($username != null && $password != null) { if ($username != null && $password != null) {
$query = $conn->prepare("SELECT * FROM users WHERE username=?"); $query = $conn->prepare("SELECT * FROM users WHERE username = ?");
$query->execute([$username]); $query->execute([$username]);
if ($query->fetchColumn() > 0) { if ($row = $query->fetch()) {
// Username found // Username found
while ($row = $query->fetch()) { $db_oauth_uid = $row['oauth_uid'];
$db_oauth_uid = $row['oauth_uid']; $db_email_id = $row['email_id'];
$db_email_id = $row['email_id']; $db_full_name = $row['full_name'];
$db_full_name = $row['full_name']; $db_platform = $row['platform'];
$db_platform = $row['platform']; $db_password = $row['password'];
$db_password = $row['password']; $db_verified = $row['verified'];
$db_verified = $row['verified']; $db_picture = $row['picture'];
$db_picture = $row['picture']; $db_date = $row['date'];
$db_date = $row['date']; $db_ip = $row['ip'];
$db_ip = $row['ip']; $db_id = $row['id'];
$db_id = $row['id'];
}
if (password_verify($password, $db_password)) { if (password_verify($password, $db_password)) {
if ($db_verified == "1") { if ($db_verified == "1") {
@ -228,50 +227,47 @@ if (isset($_POST['signup'])) {
} else { } else {
if ($username != null && $password != null && $email != null) { if ($username != null && $password != null && $email != null) {
$res = isValidUsername($username); $res = isValidUsername($username);
if ($res == '1') { if ($res) {
$query = "SELECT * FROM users WHERE username='$username'"; $query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
$result = mysqli_query($con, $query); $query->execute([$username]);
if (mysqli_num_rows($result) > 0) { if ($query->fetch()) {
$error = $lang['userexists']; // "Username already taken."; $error = $lang['userexists']; // "Username already taken.";
} else { } else {
$query = $conn->prepare("SELECT 1 FROM users WHERE email_id = ?");
$query->execute([$email]);
$query = "SELECT * FROM users WHERE email_id='$email'"; if ($query->fetch()) {
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {
$error = $lang['emailexists']; // "Email already registered."; $error = $lang['emailexists']; // "Email already registered.";
} else { } else {
if ($verification == 'disabled') { $verification_needed = $verification !== 'disabled';
$query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','1','NONE','$date','$ip','0')";
$query = $conn->prepare(
"INSERT INTO users (oauth_uid, username, email_id, platform, password, verified, picture, date, ip, badge) VALUES ('0', ?, ?, 'Direct', ?, ?, 'NONE', ?, ?, '0')"
);
$query->execute([$username, $email, $password, $verification_needed ? 0 : 1, $date, $ip]);
if (!$verification_needed) {
$success = $lang['registered']; // "Your account was successfully registered.";
} else { } else {
$query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','0','NONE','$date','$ip','0')"; $success = $lang['registered']; // "Your account was successfully registered.";
} $protocol = paste_protocol();
mysqli_query($con, $query); $verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $email . 'd94ereg');
if (mysqli_error($con)) $sent_mail = $email;
$error = "Invalid input dectected"; $subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
else { $body = "
if ($verification == 'disabled') {
$success = $lang['registered']; // "Your account was successfully registered.";
} else {
$success = $lang['registered']; // "Your account was successfully registered.";
$protocol = paste_protocol();
$verify_url = $protocol . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/verify.php?username=$username&code=" . Md5('4et4$55765' . $email . 'd94ereg');
$sent_mail = $email;
$subject = $lang['mail_acc_con']; // "$site_name Account Confirmation";
$body = "
Hello $username, Your $site_name account has been created. Please verify your account by clicking the link below.<br /><br /> Hello $username, Your $site_name account has been created. Please verify your account by clicking the link below.<br /><br />
<a href='$verify_url' target='_self'>$verify_url</a> <br /> <br /> <a href='$verify_url' target='_self'>$verify_url</a> <br /> <br />
After confirming your account you can log in using your username: <b>$username</b> and the password you used when signing up. After confirming your account you can log in using your username: <b>$username</b> and the password you used when signing up.
"; ";
if ($mail_type == '1') { if ($mail_type == '1') {
default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body); default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body);
} else { } else {
smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body); smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
}
} }
} }
} }
} }

2
mail/mail.php
View file

@ -47,7 +47,7 @@ function default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body) {
} }
function smtp_mail($smtp_host, $smtp_port = 587, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec = 'tls', $admin_mail, $admin_name, $sent_mail, $subject, $body) { function smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body) {
require_once('class.phpmailer.php'); require_once('class.phpmailer.php');
require_once('class.smtp.php'); require_once('class.smtp.php');
$mail = new PHPMailer; $mail = new PHPMailer;

2
oauth.php
View file

@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$error = $lang['usernotvalid']; //"Username not vaild"; $error = $lang['usernotvalid']; //"Username not vaild";
} else { } else {
$res = isValidUsername($new_username); $res = isValidUsername($new_username);
if ($res == '1') { if ($res) {
$query = "SELECT * FROM users WHERE username='$new_username'"; $query = "SELECT * FROM users WHERE username='$new_username'";
$result = mysqli_query($con, $query); $result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) { if (mysqli_num_rows($result) > 0) {