PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Signup and login should now work.

Browse source
This commit is contained in:
Floorb 2021-07-12 10:44:39 -04:00
parent 7289aba68d
commit c8614b24cd
5 changed files with 47 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
discover.php
View file

@ -12,8 +12,6 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License in GPL.txt for more details.
*/
session_start();
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');

15
includes/functions.php
View file

@ -273,7 +273,7 @@ function getTotalPastes($conn, $username) {
return $count;
}
function isValidUsername($str) {
function isValidUsername(string $str) : bool {
return !preg_match('/[^A-Za-z0-9._\\-$]/', $str);
}
@ -514,18 +514,13 @@ function addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite) {
file_put_contents("sitemap.xml", $full_map);
}
function paste_protocol() {
$protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
return $protocol;
function paste_protocol() : string {
return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
}
function is_banned($conn, $ip) {
function is_banned(PDO $conn, string $ip) : bool {
$query = $conn->prepare('SELECT 1 FROM ban_user WHERE ip = ?');
$query->execute([$ip]);
return (bool)$query->fetch();
return (bool) $query->fetch();
}
?>

42
login.php
View file

@ -14,6 +14,7 @@
*/
// Required functions
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
require_once('includes/password.php');
@ -163,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = htmlentities(trim($_POST['username']));
$password = $_POST['password'];
if ($username != null && $password != null) {
$query = $conn->prepare("SELECT * FROM users WHERE username=?");
$query = $conn->prepare("SELECT * FROM users WHERE username = ?");
$query->execute([$username]);
if ($query->fetchColumn() > 0) {
if ($row = $query->fetch()) {
// Username found
while ($row = $query->fetch()) {
$db_oauth_uid = $row['oauth_uid'];
$db_email_id = $row['email_id'];
$db_full_name = $row['full_name'];
@ -178,7 +178,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$db_date = $row['date'];
$db_ip = $row['ip'];
$db_id = $row['id'];
}
if (password_verify($password, $db_password)) {
if ($db_verified == "1") {
@ -228,29 +227,26 @@ if (isset($_POST['signup'])) {
} else {
if ($username != null && $password != null && $email != null) {
$res = isValidUsername($username);
if ($res == '1') {
$query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {
if ($res) {
$query = $conn->prepare('SELECT 1 FROM users WHERE username = ?');
$query->execute([$username]);
if ($query->fetch()) {
$error = $lang['userexists']; // "Username already taken.";
} else {
$query = $conn->prepare("SELECT 1 FROM users WHERE email_id = ?");
$query->execute([$email]);
$query = "SELECT * FROM users WHERE email_id='$email'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {
if ($query->fetch()) {
$error = $lang['emailexists']; // "Email already registered.";
} else {
if ($verification == 'disabled') {
$query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','1','NONE','$date','$ip','0')";
} else {
$query = "INSERT INTO users (oauth_uid,username,email_id,platform,password,verified,picture,date,ip,badge) VALUES ('0','$username','$email','Direct','$password','0','NONE','$date','$ip','0')";
}
mysqli_query($con, $query);
if (mysqli_error($con))
$error = "Invalid input dectected";
else {
if ($verification == 'disabled') {
$verification_needed = $verification !== 'disabled';
$query = $conn->prepare(
"INSERT INTO users (oauth_uid, username, email_id, platform, password, verified, picture, date, ip, badge) VALUES ('0', ?, ?, 'Direct', ?, ?, 'NONE', ?, ?, '0')"
);
$query->execute([$username, $email, $password, $verification_needed ? 0 : 1, $date, $ip]);
if (!$verification_needed) {
$success = $lang['registered']; // "Your account was successfully registered.";
} else {
$success = $lang['registered']; // "Your account was successfully registered.";
@ -271,7 +267,7 @@ if (isset($_POST['signup'])) {
smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body);
}
}
}
}
}

2
mail/mail.php
View file

@ -47,7 +47,7 @@ function default_mail($admin_mail, $admin_name, $sent_mail, $subject, $body) {
}
function smtp_mail($smtp_host, $smtp_port = 587, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec = 'tls', $admin_mail, $admin_name, $sent_mail, $subject, $body) {
function smtp_mail($smtp_host, $smtp_port, $smtp_auth, $smtp_user, $smtp_pass, $smtp_sec, $admin_mail, $admin_name, $sent_mail, $subject, $body) {
require_once('class.phpmailer.php');
require_once('class.smtp.php');
$mail = new PHPMailer;

2
oauth.php
View file

@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$error = $lang['usernotvalid']; //"Username not vaild";
} else {
$res = isValidUsername($new_username);
if ($res == '1') {
if ($res) {
$query = "SELECT * FROM users WHERE username='$new_username'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {