From db2809d241273379e4ae6ac832fb75795a8f04f9 Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Mon, 19 Jul 2021 18:38:13 -0400 Subject: [PATCH] Code cleanup --- includes/User.class.php | 11 +++++- includes/common.php | 2 - includes/functions.php | 83 +++++------------------------------------ paste.php | 11 ++++-- 4 files changed, 25 insertions(+), 82 deletions(-) diff --git a/includes/User.class.php b/includes/User.class.php index c7e486f..5ef4661 100644 --- a/includes/User.class.php +++ b/includes/User.class.php @@ -9,6 +9,13 @@ class User { $this->username = $row['username']; } + public static function findByUsername(DatabaseHandle $conn, string $username) : User | null { + $query = $conn->query('SELECT id, username FROM users WHERE username = ?', [$username]); + $row = $query->fetch(); + + return empty($row) ? null : new User($row); + } + public static function current(DatabaseHandle $conn) : User | null { $session_user = User::createFromPhpSession($conn); @@ -27,7 +34,7 @@ class User { public static function createFromRememberToken(DatabaseHandle $conn, string $remember_token) : User | null { $result = $conn->query( - 'SELECT users.id AS id, users.username AS username + 'SELECT users.id AS id, users.username AS username, users.banned AS banned FROM user_sessions INNER JOIN users ON users.id = user_sessions.user_id WHERE user_sessions.token = ?', [$remember_token] @@ -47,7 +54,7 @@ class User { $user_id = intval($_SESSION['user_id']); - $row = $conn->query('SELECT id, username FROM users WHERE id = ?', [$user_id])->fetch(); + $row = $conn->query('SELECT id, username, banned FROM users WHERE id = ?', [$user_id])->fetch(); return $row ? new User($row) : null; } diff --git a/includes/common.php b/includes/common.php index 6616df1..958ae18 100644 --- a/includes/common.php +++ b/includes/common.php @@ -138,8 +138,6 @@ if ($site_permissions) { $privatesite = $siteprivate; $noguests = $disableguest; - - // Prevent a potential LFI (you never know :p) $lang_file = "${default_lang}.php"; if (in_array($lang_file, scandir('langs/'))) { diff --git a/includes/functions.php b/includes/functions.php index 3444a16..7c427a1 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -176,12 +176,6 @@ function decrypt(string $value) : string { return openssl_decrypt($value, "AES-256-CBC", $sec_key); } -function deleteMyPaste($conn, $paste_id) { - $query = "DELETE FROM pastes where id='$paste_id'"; - $result = mysqli_query($conn, $query); -} - - function getRecent($conn, $count) { $query = $conn->prepare(" SELECT pastes.id, visible, title, created_at, users.username AS member, tagsys @@ -195,13 +189,17 @@ function getRecent($conn, $count) { } function getRecentadmin($conn, $count = 5) { - $query = $conn->prepare('SELECT id, ip, title, date, now_time, views, member FROM pastes ORDER BY id DESC LIMIT 0, ?'); + $query = $conn->prepare( + 'SELECT pastes.id AS id, pastes.ip AS ip, title, created_at, views, users.username AS member + FROM pastes + INNER JOIN users ON users.id = pastes.user_id + ORDER BY id DESC LIMIT 0, ?'); $query->execute([$count]); return $query->fetchAll(); } -function getpopular($conn, $count) { +function getpopular(PDO $conn, int $count) : array { $query = $conn->prepare(" SELECT pastes.id AS id, visible, title, pastes.created_at AS created_at, views, users.username AS member, tagsys FROM pastes INNER JOIN users ON users.id = pastes.user_id @@ -213,7 +211,7 @@ function getpopular($conn, $count) { return $query->fetchAll(); } -function getrandom($conn, $count) { +function getrandom(PDO $conn, int $count) : array { $query = $conn->prepare(" SELECT pastes.id, visible, title, created_at, views, users.username AS member, tagsys FROM pastes @@ -225,38 +223,13 @@ function getrandom($conn, $count) { return $query->fetchAll(); } -function getUserRecent($conn, $count, $username) { - $query = $conn->prepare("SELECT id, member, title, date, now_time -FROM pastes where member=? -ORDER BY id DESC -LIMIT 0 , ?"); - $query->execute([$username, $count]); - return $query->fetchAll(); -} - - -function getUserPastes(PDO $conn, $user_id) : array { +function getUserPastes(PDO $conn, int $user_id) : array { $query = $conn->prepare( "SELECT id, title, visible, code, created_at, tagsys, user_id, views from pastes WHERE user_id = ? ORDER by pastes.id DESC"); $query->execute([$user_id]); return $query->fetchAll(); } - -function jsonView($paste_id, $p_title, $p_conntent, $p_code) { - $stats = false; - if ($p_code) { - // Raw - header('conntent-type: text/plain'); - echo $p_conntent; - $stats = true; - } else { - // 404 - header('HTTP/1.1 404 Not Found'); - } - return $stats; -} - function getTotalPastes(PDO $conn, string $username) : int { $query = $conn->prepare("SELECT COUNT(*) AS total_pastes @@ -271,18 +244,6 @@ function isValidUsername(string $str) : bool { return !preg_match('/[^A-Za-z0-9._\\-$]/', $str); } -function existingUser(PDO $conn, string $username) : bool { - $query = $conn->prepare('SELECT 1 FROM users WHERE username = ?'); - $query->execute([$username]); - - return (bool) $query->fetch(); -} - -function updateMyView(PDO $conn, $paste_id) { - $query = $conn->prepare("UPDATE pastes SET views = (views + 1) where id = ?"); - $query->execute([$paste_id]); -} - function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string { $delta = $greater->diff($lesser, true); @@ -341,7 +302,7 @@ function conTime($secs) { return $val; } -function truncate($input, $maxWords, $maxChars) { +function truncate(string $input, int $maxWords, int $maxChars) : string { $words = preg_split('/\s+/', $input); $words = array_slice($words, 0, $maxWords); $words = array_reverse($words); @@ -364,32 +325,6 @@ function truncate($input, $maxWords, $maxChars) { return $result . ($input == $result ? '' : '[...]'); } -function truncatetag($input, $maxWords, $maxChars) { - $str = $input; - $pattern = '/,/i'; - $words = preg_replace($pattern, ' ', $str); - $words = preg_split('/\s+/', $input); - $words = array_slice($words, 0, $maxWords); - $words = array_reverse($words); - - $chars = 0; - $truncated1 = array(); - - while (count($words) > 0) { - $fragment = trim(array_pop($words)); - $chars += strlen($fragment); - - if ($chars > $maxChars) - break; - - $truncated1[] = $fragment; - } - - $result = implode(' ', $truncated1); - - return $result . ($input == $result ? '' : '...'); -} - function doDownload($paste_id, $p_title, $p_member, $p_conntent, $p_code) { $stats = false; if ($p_code) { diff --git a/paste.php b/paste.php index 062fac1..412459a 100644 --- a/paste.php +++ b/paste.php @@ -219,16 +219,18 @@ if ($p_password == "NONE") { $p_embed = "paste.php?embed&id=$paste_id"; } - //pasteviews + // View counter if ($_SESSION['not_unique'] !== $paste_id) { $_SESSION['not_unique'] = $paste_id; - updateMyView($conn, $paste_id); + $conn->prepare("UPDATE pastes SET views = (views + 1) where id = ?") + ->execute($paste_id); } // Theme require_once('theme/' . $default_theme . '/view.php'); if ($p_expiry == "SELF") { - deleteMyPaste($con, $paste_id); + $conn->prepare('DELETE FROM pastes WHERE id = ?') + ->execute([$paste_id]); } } else { $p_download = "paste.php?download&id=$paste_id&password=" . pp_password_hash(isset($_POST['mypass'])); @@ -239,7 +241,8 @@ if ($p_password == "NONE") { // Theme require_once('theme/' . $default_theme . '/view.php'); if ($p_expiry == "SELF") { - deleteMyPaste($con, $paste_id); + $conn->prepare('DELETE FROM pastes WHERE id = ?') + ->execute([$paste_id]); } } else { $error = $lang['wrongpwd']; //"Password is wrong";