mirror of
https://github.com/Neetpone/ponepaste.git
synced 2025-03-12 06:30:07 +01:00
CSRF stuff I guess
This commit is contained in:
Floorb
parent
52a1c86bd9
commit
e89de763d5
21 changed files with 148 additions and 262 deletions
52
.htaccess
52
.htaccess
|
|
@ -1,52 +0,0 @@
|
|||
Options +FollowSymLinks
|
||||
RewriteEngine on
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteRule ^page/([a-zA-Z0-9]+)/? pages.php?page=$1 [L]
|
||||
RewriteRule ^archive archive.php [L]
|
||||
RewriteRule ^discover discover.php [L]
|
||||
RewriteRule ^profile profile.php [L]
|
||||
RewriteRule ^user/([^/]+)/?$ user.php?user=$1 [L]
|
||||
RewriteRule ^user/([^/]+)/([^/]+)/?$ user.php?user=$1&q=$2 [L]
|
||||
RewriteRule ^contact contact.php [L]
|
||||
RewriteRule ^download/(.*)$ paste.php?download&id=$1 [L]
|
||||
RewriteRule ^raw/(.*)$ paste.php?raw&id=$1 [L]
|
||||
RewriteRule ^embed/(.*)$ paste.php?embed&id=$1 [L]
|
||||
RewriteRule ^report report.php [L]
|
||||
RewriteRule ^event event.php [L]
|
||||
Options +FollowSymLinks
|
||||
RewriteBase /
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" [OR]
|
||||
RewriteCond %{HTTP_USER_AGENT} Mb2345Browser|LieBaoFast|zh-CN|MicroMessenger|zh_CN|Kinza|Datanyze|serpstatbot|spaziodati|OPPO\sA33|AspiegelBot|aspiegel|PetalBot|SemrushBot/7~bl [NC]
|
||||
RewriteRule ^ - [F,L]
|
||||
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteRule ^(.*)$ paste.php?id=$1 [L]
|
||||
</IfModule>
|
||||
|
||||
# compress text, html, javascript, css, xml:
|
||||
AddOutputFilterByType DEFLATE text/plain
|
||||
AddOutputFilterByType DEFLATE text/html
|
||||
AddOutputFilterByType DEFLATE text/xml
|
||||
AddOutputFilterByType DEFLATE text/css
|
||||
AddOutputFilterByType DEFLATE application/xml
|
||||
AddOutputFilterByType DEFLATE application/xhtml+xml
|
||||
AddOutputFilterByType DEFLATE application/rss+xml
|
||||
AddOutputFilterByType DEFLATE application/javascript
|
||||
AddOutputFilterByType DEFLATE application/x-javascript
|
||||
|
||||
# Or, compress certain file types by extension:
|
||||
<files *.html>
|
||||
SetOutputFilter DEFLATE
|
||||
</files>
|
||||
|
|
@ -5,4 +5,4 @@ punishedponepaste
|
|||
# Building the JS
|
||||
When you change the JS, you need to rebuild it. `assets/bundle.js` is used in dev, `assets/bundle.min.js` is used in production.
|
||||
|
||||
You need Yarn (version 1, not version 2 - 2 may work but I haven't tried it.) After that, whenever you change anything under `js/`, you need to run `yarn rollup --config`. Good luck!
|
||||
You need Yarn (version 1, not version 2 - 2 may work, but I haven't tried it.) After that, whenever you change anything under `js/`, you need to run `yarn rollup --config`. Good luck!
|
||||
|
|
@ -7,6 +7,7 @@ use PonePaste\Models\UserSession;
|
|||
|
||||
class SessionHelper {
|
||||
public const REMEMBER_TOKEN_COOKIE = '_ponepaste_token';
|
||||
public const CSRF_TOKEN_KEY = 'csrf_token';
|
||||
|
||||
public static function currentUser() {
|
||||
$session_user = SessionHelper::currentUserFromPhpSession();
|
||||
|
|
@ -60,7 +61,6 @@ class SessionHelper {
|
|||
return null;
|
||||
}
|
||||
|
||||
|
||||
return User::find(intval($_SESSION['user_id']));
|
||||
}
|
||||
}
|
||||
|
|
@ -33,8 +33,6 @@ class Paste extends Model {
|
|||
$this->tags()->attach($tag);
|
||||
}
|
||||
|
||||
// FIXME: We need to get rid of tagsys.
|
||||
$this->tagsys = implode(',', $tags);
|
||||
$this->save();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ function captcha($color, $mode, $mul, $allowed) : array {
|
|||
}
|
||||
|
||||
// Generate HTML for image src
|
||||
$image_src = substr(__FILE__, strlen(realpath($_SERVER['DOCUMENT_ROOT']))) . '?_CAPTCHA&t=' . urlencode(microtime());
|
||||
$image_src = substr(__FILE__, strlen(realpath($_SERVER['DOCUMENT_ROOT']))) . '?_CAPTCHA&_R=' . urlencode(rand());
|
||||
$image_src = '/' . ltrim(preg_replace('/\\\\/', '/', $image_src), '/');
|
||||
|
||||
$_SESSION['_CAPTCHA']['config'] = serialize($captcha_config);
|
||||
|
|
@ -125,7 +125,6 @@ if (!function_exists('hex2rgb')) {
|
|||
|
||||
// Draw the image
|
||||
if (isset($_GET['_CAPTCHA'])) {
|
||||
|
||||
session_start();
|
||||
|
||||
$captcha_config = unserialize(@$_SESSION['_CAPTCHA']['config']);
|
||||
|
|
@ -178,5 +177,4 @@ if (isset($_GET['_CAPTCHA'])) {
|
|||
// Output image
|
||||
header("Content-type: image/png");
|
||||
imagepng($captcha);
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ if (!defined('IN_PONEPASTE')) {
|
|||
require_once(__DIR__ . '/../vendor/autoload.php');
|
||||
require_once(__DIR__ . '/config.php');
|
||||
require_once(__DIR__ . '/functions.php');
|
||||
require_once(__DIR__ . '/passwords.php');
|
||||
require_once(__DIR__ . '/DatabaseHandle.class.php');
|
||||
|
||||
use Illuminate\Database\Capsule\Manager as Capsule;
|
||||
|
|
@ -154,6 +155,33 @@ function updatePageViews() : void {
|
|||
}
|
||||
}
|
||||
|
||||
function setupCsrfToken() : string {
|
||||
if (isset($_SESSION[SessionHelper::CSRF_TOKEN_KEY])) {
|
||||
return $_SESSION[SessionHelper::CSRF_TOKEN_KEY];
|
||||
}
|
||||
|
||||
$token = pp_random_token();
|
||||
$_SESSION[SessionHelper::CSRF_TOKEN_KEY] = $token;
|
||||
|
||||
return $token;
|
||||
}
|
||||
|
||||
function verifyCsrfToken($token = null) : bool {
|
||||
if ($token === null) {
|
||||
$token = $_POST[SessionHelper::CSRF_TOKEN_KEY];
|
||||
}
|
||||
|
||||
if (empty($token) || empty($_SESSION[SessionHelper::CSRF_TOKEN_KEY])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$success = hash_equals($_SESSION[SessionHelper::CSRF_TOKEN_KEY], $token);
|
||||
|
||||
unset($_SESSION[SessionHelper::CSRF_TOKEN_KEY]);
|
||||
|
||||
return $success;
|
||||
}
|
||||
|
||||
session_start();
|
||||
|
||||
/* Set up the database and Eloquent ORM */
|
||||
|
|
@ -215,6 +243,8 @@ $total_unique_views = PageView::select('tvisit')->orderBy('id', 'desc')->first()
|
|||
|
||||
$current_user = SessionHelper::currentUser();
|
||||
|
||||
//SessionHelper::setupCsrfToken();
|
||||
|
||||
$script_bundles = [];
|
||||
|
||||
/* Security headers */
|
||||
|
|
|
|||
|
|
@ -55,13 +55,6 @@ function tagsToHtmlUser(string | array | Collection $tags, $profile_username) :
|
|||
return $output;
|
||||
}
|
||||
|
||||
function getevent($conn, $event_name, $count) {
|
||||
$query = $conn->prepare("SELECT id, visible, title, date, now_time, views, member FROM pastes WHERE visible='1' AND tagsys LIKE '%?%'
|
||||
ORDER BY RAND () LIMIT 0, ?");
|
||||
$query->execute([$event_name, $count]);
|
||||
return $query->fetchAll();
|
||||
}
|
||||
|
||||
function linkify($value, $protocols = array('http', 'mail'), array $attributes = array()) {
|
||||
// Link attributes
|
||||
$attr = '';
|
||||
|
|
@ -150,7 +143,7 @@ function truncate(string $input, int $maxWords, int $maxChars) : string {
|
|||
return $result . ($input == $result ? '' : '[...]');
|
||||
}
|
||||
|
||||
function embedView($paste_id, $p_title, $content, $p_code, $title, $baseurl, $lang) {
|
||||
function embedView($paste_id, $p_title, $content, $title) {
|
||||
$stats = false;
|
||||
if ($content) {
|
||||
// Build the output
|
||||
|
|
|
|||
|
|
@ -75,6 +75,11 @@ updatePageViews();
|
|||
|
||||
// POST Handler
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!verifyCsrfToken()) {
|
||||
$error = 'Incorrect CSRF token (do you have cookies enabled?)';
|
||||
goto OutPut;
|
||||
}
|
||||
|
||||
$error = validatePasteFields();
|
||||
|
||||
if ($error !== null) {
|
||||
|
|
@ -172,6 +177,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
OutPut:
|
||||
$csrf_token = setupCsrfToken();
|
||||
$page_template = 'main';
|
||||
require_once('theme/' . $default_theme . '/common.php');
|
||||
|
|
|
|||
|
|
@ -224,6 +224,10 @@ class DataTable {
|
|||
}
|
||||
|
||||
const dumbFilterCallback = (datum, query) => {
|
||||
if (!query) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (datum.title.indexOf(query) !== -1) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,16 @@ import { escape, whenReady } from './dom';
|
|||
import { DataTable, dumbFilterCallback } from './data_tables';
|
||||
import { globalSetup } from './main';
|
||||
|
||||
const getUserInfo = () => {
|
||||
const elem = document.getElementById('js-data-holder');
|
||||
|
||||
if (!elem) {
|
||||
return { userId: null, csrfToken: null };
|
||||
}
|
||||
|
||||
return { userId: elem.dataset.userId, csrfToken: elem.dataset.csrfToken };
|
||||
};
|
||||
|
||||
const parsePasteInfo = (elem) => {
|
||||
if (!elem.dataset.pasteInfo) {
|
||||
return null;
|
||||
|
|
@ -40,12 +50,23 @@ whenReady(() => {
|
|||
</a>`;
|
||||
}).join('');
|
||||
|
||||
const userData = getUserInfo();
|
||||
|
||||
const deleteElem = true ? `<td>
|
||||
<form action="/${rowData.id}" method="POST">
|
||||
<input type="hidden" name="delete" value="delete" />
|
||||
<input type="hidden" name="csrf_token" value="${userData.csrfToken}" />
|
||||
<input type="submit" value="Delete" />
|
||||
</form>
|
||||
</td>` : '';
|
||||
|
||||
return `<tr>
|
||||
<td><a href="/${rowData.id}">${escape(rowData.title)}</a></td>
|
||||
<td>${rowData.created_at}</td>
|
||||
<td>${rowData.visibility}</td>
|
||||
<td>${rowData.views || 0}</td>
|
||||
<td>${tags}</td>
|
||||
${deleteElem}
|
||||
</tr>`;
|
||||
},
|
||||
filterCallback: dumbFilterCallback,
|
||||
|
|
|
|||
|
|
@ -7,13 +7,16 @@ use PonePaste\Models\Page;
|
|||
|
||||
updatePageViews();
|
||||
|
||||
$page_title = 'Page not found';
|
||||
|
||||
if (isset($_GET['page'])) {
|
||||
$page = Page::select('page_title', 'page_content', 'last_date')
|
||||
->where('page_name', $_GET['page'])
|
||||
->first();
|
||||
$page_title = $page->page_title;
|
||||
} else {
|
||||
$page_title = 'Page not found';
|
||||
|
||||
if (isset($page)) {
|
||||
$page_title = $page->page_title;
|
||||
}
|
||||
}
|
||||
|
||||
$page_template = 'pages';
|
||||
|
|
|
|||
27
paste.php
27
paste.php
|
|
@ -2,7 +2,6 @@
|
|||
define('IN_PONEPASTE', 1);
|
||||
require_once('includes/common.php');
|
||||
require_once('includes/functions.php');
|
||||
require_once('includes/passwords.php');
|
||||
|
||||
use Highlight\Highlighter;
|
||||
use PonePaste\Models\Paste;
|
||||
|
|
@ -55,6 +54,13 @@ if (!$paste) {
|
|||
goto Not_Valid_Paste;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!verifyCsrfToken()) {
|
||||
$notfound = 'Invalid CSRF token (do you have cookies enabled?)';
|
||||
goto Not_Valid_Paste;
|
||||
}
|
||||
}
|
||||
|
||||
$paste_owner_id = $paste->user->id;
|
||||
$paste_title = $paste->title;
|
||||
$paste_code = $paste->code;
|
||||
|
|
@ -72,7 +78,6 @@ $fav_count = $paste->favouriters()->count();
|
|||
'tags' => getPasteTags($conn, $paste_id)
|
||||
];*/
|
||||
|
||||
//$p_member = $row['member'];
|
||||
$p_content = $paste->content;
|
||||
$p_visible = $paste->visible;
|
||||
$p_expiry = $paste->expiry;
|
||||
|
|
@ -80,7 +85,6 @@ $p_password = $paste->password;
|
|||
$p_encrypt = (bool) $paste->encrypt;
|
||||
$paste_is_favourited = $current_user !== null && $current_user->favourites->where('paste_id', $paste->id)->count() === 1;
|
||||
|
||||
|
||||
$is_private = $p_visible === '2';
|
||||
|
||||
if ($is_private && (!$current_user || $current_user->id !== $paste_owner_id)) {
|
||||
|
|
@ -88,6 +92,19 @@ if ($is_private && (!$current_user || $current_user->id !== $paste_owner_id)) {
|
|||
goto Not_Valid_Paste;
|
||||
}
|
||||
|
||||
/* Paste deletion */
|
||||
if (isset($_POST['delete'])) {
|
||||
if (!$current_user || ($current_user->id !== $paste_owner_id)) {
|
||||
$notfound = 'You cannot delete someone else\'s paste!';
|
||||
goto Not_Valid_Paste;
|
||||
}
|
||||
|
||||
$paste->delete();
|
||||
flashSuccess('Paste deleted.');
|
||||
header('Location: ' . urlForMember($current_user));
|
||||
die();
|
||||
}
|
||||
|
||||
/* Verify paste password */
|
||||
$password_required = $p_password !== null && $p_password !== 'NONE';
|
||||
$password_valid = true;
|
||||
|
|
@ -191,7 +208,7 @@ if ($paste_code === "pastedown") {
|
|||
|
||||
// Embed view after highlighting is applied so that $p_code is syntax highlighted as it should be.
|
||||
if (isset($_GET['embed'])) {
|
||||
embedView($paste_id, $paste_title, $p_content, $paste_code, $title, $baseurl, $lang);
|
||||
embedView($paste_id, $paste_title, $p_content, $title);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
@ -230,5 +247,7 @@ if ($is_private || $notfound || !$password_valid) {
|
|||
// Display errors
|
||||
$page_template = 'errors';
|
||||
}
|
||||
|
||||
$csrf_token = setupCsrfToken();
|
||||
require_once('theme/' . $default_theme . '/common.php');
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ require_once('includes/passwords.php');
|
|||
|
||||
use PonePaste\Models\Paste;
|
||||
|
||||
// Check if already logged in
|
||||
if ($current_user === null) {
|
||||
header("Location: ./login.php");
|
||||
die();
|
||||
|
|
@ -19,7 +18,9 @@ $user_ip = $current_user->ip;
|
|||
$user_password = $current_user->password;
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
if (isset($_POST['cpassword'])) {
|
||||
if (!verifyCsrfToken()) {
|
||||
$error = 'Invalid CSRF token (do you have cookies enabled?)';
|
||||
} else if (isset($_POST['cpassword'])) {
|
||||
$user_new_full = trim(htmlspecialchars($_POST['full']));
|
||||
$user_old_pass = $_POST['old_password'];
|
||||
if (pp_password_verify($user_old_pass, $user_password)) {
|
||||
|
|
@ -40,8 +41,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
updatePageViews();
|
||||
|
||||
$total_user_pastes = Paste::where('user_id', $current_user->id)->count();
|
||||
$csrf_token = setupCsrfToken();
|
||||
|
||||
// Theme
|
||||
$page_template = 'profile';
|
||||
$page_title = 'My Profile';
|
||||
require_once('theme/' . $default_theme . '/common.php');
|
||||
|
|
|
|||
15
report.php
15
report.php
|
|
@ -1,15 +0,0 @@
|
|||
<?php
|
||||
define('IN_PONEPASTE', 1);
|
||||
require_once('includes/common.php');
|
||||
require_once('includes/functions.php');
|
||||
|
||||
//Report paste
|
||||
$p_reasonrep = Trim(htmlspecialchars($_POST['reasonrep']));
|
||||
$p_memreport = $current_user ? $current_user->username : 'Guest';
|
||||
$p_pastereport = $_POST['reppasteid'];
|
||||
$p_reasonrep = preg_replace("/[^0-9]/", "", $p_reasonrep);
|
||||
|
||||
$conn->prepare('INSERT INTO user_reports (m_report, p_report, t_report, rep_reason) VALUES (?, ?, NOW(), ?)')
|
||||
->execute([$p_memreport, $p_pastereport, $p_reasonrep]);
|
||||
$repmes = "Paste has been reported.";
|
||||
|
||||
|
|
@ -125,6 +125,10 @@ $flashes = getFlashes();
|
|||
</div>
|
||||
</nav>
|
||||
|
||||
<?php if ($current_user): ?>
|
||||
<div class="hidden" id="js-data-holder" data-user-id="<?= $current_user->id ?>" data-csrf-token="<?= $csrf_token ?>"></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<div id="#signin" class="modal modal-fx-fadeInScale">
|
||||
<div class="modal-background"></div>
|
||||
<div class="modal-content modal-card is-tiny">
|
||||
|
|
|
|||
|
|
@ -57,132 +57,9 @@
|
|||
<?php }
|
||||
if (!$site_is_private) { ?>
|
||||
<div class="notification is-warning">
|
||||
<strong id="headline">Entries Deadline</strong>
|
||||
<div id="countdown">
|
||||
<p>
|
||||
<span id="days"></span> Days,
|
||||
<span id="hours"></span> Hours,
|
||||
<span id="minutes"></span> Minutes,
|
||||
<span id="seconds"></span> Seconds Remaining
|
||||
</p>
|
||||
</div>
|
||||
<div class="message">
|
||||
<div id="content">
|
||||
</div>
|
||||
</div>
|
||||
<p>No event right now!</p>
|
||||
</div>
|
||||
</div>
|
||||
<br>
|
||||
<h1 class="title is-4">Welcome to Ponepaste /pj50kb/ Pastejam
|
||||
<h1>
|
||||
<h1 class="title is-5">No context 50kb Challenge
|
||||
<h1>
|
||||
<b> What is the PasteJam 50kb challange?</b>
|
||||
<p> The PasteJam 50kb challenge is a competition that last for two weeks that any one
|
||||
can join.</p>
|
||||
<b> What do I win? </b>
|
||||
<p style="color:green;"> >A fucking badge, plus the best pony game the host can
|
||||
find.</p>
|
||||
<img src="/img/prize.png" alt="Prize" />
|
||||
<p>Note: This is a steam game, winner will be sent a cdkey</p>
|
||||
<br>
|
||||
<b> What do I have to do? </b>
|
||||
<p> A prompt is given and you have to write a 50kb greentext or prose. </p>
|
||||
<b> Does it have to be exactly 50kb </b>
|
||||
<p> As close as possible. This is more of a guide due to magin of error.</p>
|
||||
<b> What will happen if I submit a paste thats under 50kb?</b>
|
||||
<p> Again, As close as possible.</p>
|
||||
<b> Can I ask for feedback for my green/prose?</b>
|
||||
<p> From other anons on /mlp/ is fine.</p>
|
||||
<b> Can I write anything? </b>
|
||||
<p> As long it follows the prompt, mlp related and follows Ponepaste rules.</p>
|
||||
<b> How is the prompt chosen?</b>
|
||||
<p> Hand picked homonyms.</p>
|
||||
<b> How do I submit? </b>
|
||||
<p> Make a <b>UNLISTED</b> paste with /pj50kb/ in the title and tag.</p>
|
||||
<b> How is the winner chosen?</b>
|
||||
<p> By a vote after the closing date </p>
|
||||
<b> When is the closing date? </b>
|
||||
<p> 28th of May </p>
|
||||
<b> When does the voting start? </b>
|
||||
<p> 28th of May, to gives (you) time to read.</p>
|
||||
<b> Where do I vote? </b>
|
||||
<p> Here, on this page.</p>
|
||||
<b> How long will the vote last? </b>
|
||||
<p> Two weeks. Vote ends on 11th of June, 8pm UTC </p>
|
||||
<b> What will I be voting on?</b>
|
||||
<p> How well the story is written, how unique the idea is and how it fits the
|
||||
prompt. </p>
|
||||
<b>Can the entry be a sequel/ side arc of one of their existing greens?</b>
|
||||
<p>It must be a stand alone story. </p>
|
||||
<br>
|
||||
<br>
|
||||
<div class="notification is-info">
|
||||
<strong>Prompt:</strong>
|
||||
<figure>
|
||||
<figcaption>Listen to the prompt:</figcaption>
|
||||
<audio
|
||||
controls
|
||||
src="prompt.mp3">
|
||||
Your browser is shit and does not support the
|
||||
<code>audio</code> element.
|
||||
</audio>
|
||||
</figure>
|
||||
|
||||
</div>
|
||||
<!-- Submitted Pastes -->
|
||||
<div class="col-md-9 col-lg-10">
|
||||
<div class="panel panel-default">
|
||||
<h1 class="title is-4">Submitted Entries
|
||||
<h1>
|
||||
<div class="panel-body">
|
||||
<div class="list-widget pagination-content">
|
||||
<?php
|
||||
$res = getevent($conn, 100);
|
||||
while ($row = mysqli_fetch_array($res)) {
|
||||
$title = Trim($row['title']);
|
||||
$p_member = Trim($row['member']);
|
||||
$titlehov = ($row['title']);
|
||||
$p_id = Trim($row['id']);
|
||||
$p_date = Trim($row['date']);
|
||||
$p_time = Trim($row['now_time']);
|
||||
$nowtime = time();
|
||||
$oldtime = $p_time;
|
||||
$p_time = conTime($nowtime - $oldtime);
|
||||
$title = truncate($title, 24, 60);
|
||||
$todea = strtotime("now");
|
||||
?>
|
||||
<?php
|
||||
echo '<header class="bd-category-header my-1">
|
||||
<a href="' . $p_id . '" title="' . $titlehov . '">' . $title . ' </a>
|
||||
<a class="icon is-pulled-right has-tooltip-arrow has-tooltip-left-mobile has-tooltip-bottom-desktop has-tooltip-left-until-widescreen" data-tooltip="' . $p_time . '">
|
||||
<i class="far fa-clock has-text-grey" aria-hidden="true"></i>
|
||||
</a>
|
||||
<p class="subtitle is-7">' . 'by ' . '
|
||||
<i><a href="https://Ponepaste.org/user/' . $p_member . '">' . $p_member . '</a></i>
|
||||
</p>' .
|
||||
'</header>';
|
||||
?>
|
||||
|
||||
<?php } ?>
|
||||
</div>
|
||||
</div>
|
||||
<div class="notification is-warning">
|
||||
<strong id="headline">Note:</strong>
|
||||
<div id="mess">
|
||||
<p>
|
||||
No one has been nominated for the Wooden Spoon Award.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<iframe width="620" height="444"
|
||||
src="https://strawpoll.com/embed/kzvcup4hp"
|
||||
style="width: 100%; height: 444px;" frameborder="0"
|
||||
allowfullscreen></iframe>
|
||||
</div>
|
||||
</div>
|
||||
<hr>
|
||||
<!-- <iframe width="620" height="744" src="https://strawpoll.com/embed/kz179c835" style="width: 100%; height: 744px;" frameborder="0" allowfullscreen></iframe> -->
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -298,12 +298,15 @@
|
|||
<div class="notification">
|
||||
<span class="tags are-large"><img src="<?= $_SESSION['captcha']['image_src'] ?>" alt="CAPTCHA" class="imagever" /></span>
|
||||
<input type="text" class="input" name="scode" value=""
|
||||
placeholder="Enter the CAPTCHA">
|
||||
placeholder="Enter the CAPTCHA" />
|
||||
<p class="is-size-6 has-text-grey-light has-text-left mt-2">and press
|
||||
"Enter"</p>
|
||||
</div>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (isset($csrf_token)): ?>
|
||||
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>" />
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,9 @@
|
|||
<div class="bd-duo">
|
||||
<div class="bd-lead">
|
||||
<h1 class="title is-5">Total Pastes: <?= $total_user_pastes ?></h1>
|
||||
<h1 class="subtitle is-6"><?php echo '<a href="user.php?user=' . urlencode($current_user->username) . '" target="_self">My Pastes</a>'; ?></h1>
|
||||
<h1 class="subtitle is-6">
|
||||
<a href="<?= urlForMember($current_user); ?>" target="_self">My Pastes</a>
|
||||
</h1>
|
||||
<?php
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
if (isset($success)) {
|
||||
|
|
@ -20,14 +22,14 @@
|
|||
?>
|
||||
<hr>
|
||||
<h1 class="title is-5">My Profile</h1>
|
||||
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
|
||||
<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post">
|
||||
<div class="columns">
|
||||
<div class="column">
|
||||
<div class="field">
|
||||
<label class="label">Generate New Recovery Key</label>
|
||||
<div class="control has-icons-left has-icons-right">
|
||||
<input disabled="" type="text" class="input" name="username"
|
||||
style="cursor:not-allowed;" placeholder="New gen generated here">
|
||||
style="cursor:not-allowed;" placeholder="New key generated here">
|
||||
<span class="icon is-small is-left">
|
||||
<i class="fas fa-user"></i>
|
||||
</span>
|
||||
|
|
@ -43,9 +45,9 @@
|
|||
<div class="field">
|
||||
<label class="label" for="username">Username</label>
|
||||
<div class="control has-icons-left has-icons-right">
|
||||
<input disabled="" type="text" class="input" name="username" id="username"
|
||||
<input disabled="disabled" type="text" class="input" name="username" id="username"
|
||||
style="cursor:not-allowed;"
|
||||
placeholder="<?php echo pp_html_escape($current_user->username); ?>">
|
||||
placeholder="<?= pp_html_escape($current_user->username); ?>">
|
||||
<span class="icon is-small is-left">
|
||||
<i class="fas fa-user"></i>
|
||||
</span>
|
||||
|
|
@ -84,6 +86,9 @@
|
|||
</div>
|
||||
</div>
|
||||
<div class="field">
|
||||
<?php if (isset($csrf_token)): ?>
|
||||
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>" />
|
||||
<?php endif; ?>
|
||||
<button type="submit" name="submit" class="button is-info">Submit</button>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -94,4 +99,4 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</main>
|
||||
</main>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
<?php
|
||||
use PonePaste\Models\Paste;
|
||||
|
||||
$public_paste_badges = [
|
||||
50 => '[ProbablyAutistic] Have more than Fifty pastes',
|
||||
25 => '[Writefag] Have Twenty Five or more pastes',
|
||||
|
|
@ -127,14 +129,22 @@
|
|||
['visibility' => $p_visible]
|
||||
);
|
||||
?>
|
||||
<?php if ($is_current_user || $row['visible'] == Paste::VISIBILITY_PUBLIC): ?>
|
||||
<?php if ($is_current_user || $paste->visible == Paste::VISIBILITY_PUBLIC): ?>
|
||||
<tr data-paste-info="<?= pp_html_escape(json_encode($pasteJson)); ?>">
|
||||
<td><a href="<?= urlForPaste($paste) ?>" title="<?= $escaped_title ?>"><?= $escaped_title ?></a></td>
|
||||
<td data-sort="<?= $p_date->format('U') ?>" class="td-center"><?= $p_date->format('d F Y') ?></td>
|
||||
<td class="td-center"><?= $p_visible; ?></td>
|
||||
<td class="td-center"><?= $paste->views ?></td>
|
||||
<td class="td-left"><?= tagsToHtmlUser($paste->tags, $profile_username); ?></td>
|
||||
<!-- Delete button here? -->
|
||||
<?php if ($is_current_user): ?>
|
||||
<td class="td-center">
|
||||
<form action="<?= urlForPaste($paste) ?>" method="POST">
|
||||
<input type="hidden" name="delete" value="delete" />
|
||||
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>" />
|
||||
<input type="submit" value="Delete" />
|
||||
</form>
|
||||
</td>
|
||||
<?php endif; ?>
|
||||
</tr>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
|
|
|
|||
|
|
@ -64,7 +64,8 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
|
||||
<div class="message-body">
|
||||
<div class="columns">
|
||||
<div class="column">
|
||||
<p>Reporting is currently non-functional. Please email admin ( a t ) ponepaste (.) org if this is a serious violation.</p>
|
||||
<!--<div class="column">
|
||||
<p>Please select how this paste violates a rule:</p>
|
||||
</div>
|
||||
<div class="column">
|
||||
|
|
@ -78,10 +79,10 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
<option value="2">Paste has personal information (Dox)</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</div>-->
|
||||
</div>
|
||||
</div>
|
||||
<div class="column">
|
||||
<!--<div class="column">
|
||||
<input type="hidden" name="reppasteid" value="<?php echo($paste_id); ?>">
|
||||
<div>
|
||||
<div style="text-align: center;">
|
||||
|
|
@ -92,7 +93,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</form>-->
|
||||
</article>
|
||||
|
||||
<div class="columns is-multiline">
|
||||
|
|
@ -128,6 +129,9 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
<div class="panel-tools">
|
||||
<?php if ($current_user !== null): ?>
|
||||
<form action="" method="POST" class="form--inline">
|
||||
<?php if (isset($csrf_token)): ?>
|
||||
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>" />
|
||||
<?php endif; ?>
|
||||
<input type="hidden" name="fave" value="1" />
|
||||
<button type="submit" class="icon tool-icon button--no-style"><i class="fas fa-star fa-lg <?= $paste_is_favourited ? '' : 'has-text-grey' ?>" title="Favourite"></i></button>
|
||||
</form>
|
||||
|
|
@ -349,26 +353,17 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
|
|||
<div class="level-left">
|
||||
<!-- Encrypted -->
|
||||
<div class="b-checkbox is-info is-inline">
|
||||
<?php
|
||||
$encrypted_checked = "";
|
||||
if ($_POST) {
|
||||
// We came here from an error, carry the checkbox setting forward
|
||||
if (isset($_POST['encrypted'])) {
|
||||
$encrypted_checked = "checked";
|
||||
}
|
||||
} else {
|
||||
// Fresh paste. Default to encrypted on
|
||||
$encrypted_checked = "checked";
|
||||
}
|
||||
?>
|
||||
<input class="is-checkradio is-info" id="encrypt" name="encrypted"
|
||||
type="checkbox" <?php echo $encrypted_checked; ?>>
|
||||
type="checkbox" disabled="disabled" checked="checked" />
|
||||
<label for="encrypt">
|
||||
Encrypt on Server
|
||||
Encrypt on server (always enabled)
|
||||
</label>
|
||||
<?php
|
||||
if ($current_user->id == $paste['user_id']) {
|
||||
if ($current_user->id === $paste['user_id']) {
|
||||
?>
|
||||
<?php if (isset($csrf_token)): ?>
|
||||
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>" />
|
||||
<?php endif; ?>
|
||||
<input class="button is-info" type="submit" name="edit" id="edit"
|
||||
value="Edit"/>
|
||||
<?php
|
||||
|
|
|
|||
19
user.php
19
user.php
|
|
@ -28,6 +28,7 @@ if (!$profile_info) {
|
|||
$p_title = $profile_username . "'s Public Pastes";
|
||||
|
||||
// FIXME: This should be incoming faves
|
||||
//$total_pfav = Paste::where('user_id', $profile_info->id)->sum('faves');
|
||||
$total_pfav = $profile_info->favourites->count();
|
||||
$total_yfav = $profile_info->favourites->count();
|
||||
|
||||
|
|
@ -55,23 +56,7 @@ $is_current_user = ($current_user !== null) && ($profile_info->id == $current_us
|
|||
|
||||
updatePageViews();
|
||||
|
||||
if (isset($_GET['del'])) {
|
||||
if ($current_user !== null) { // Prevent unauthorized deletes
|
||||
$paste_id = intval(trim($_GET['id']));
|
||||
$paste = Paste::find($paste_id);
|
||||
|
||||
if (!$paste || $paste->user_id !== $current_user->id) {
|
||||
$error = 'That paste does not exist, or you are not the owner of it.';
|
||||
} else {
|
||||
$paste->delete();
|
||||
$success = 'Paste deleted successfully.';
|
||||
}
|
||||
} else {
|
||||
$error = 'You must be logged in to do that.';
|
||||
}
|
||||
}
|
||||
|
||||
// Theme
|
||||
$csrf_token = setupCsrfToken();
|
||||
$page_template = 'user_profile';
|
||||
array_push($script_bundles, 'user_profile');
|
||||
require_once('theme/' . $default_theme . '/common.php');
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue