From e95238ed1701b1eb0545fc477657464e2a1b0b9f Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Sat, 10 Jul 2021 16:51:15 -0400
Subject: [PATCH] Admin works well enough to update the site settings at least;
 removed a bunch of duplicate code.

---
 admin/admin.php         |  74 +-----------
 admin/common.php        |  49 ++++++++
 admin/configuration.php | 258 +++++++++++++++-------------------------
 admin/dashboard.php     |  48 +-------
 admin/pages.php         |  62 +---------
 admin/pastes.php        |  59 +--------
 6 files changed, 159 insertions(+), 391 deletions(-)
 create mode 100644 admin/common.php

diff --git a/admin/admin.php b/admin/admin.php
index 9cf94c0..db21e4c 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -14,77 +14,13 @@
  */
 
 // PHP <5.5 compatibility
-require_once('../includes/password.php'); 
+require_once('../includes/password.php');
+define('IN_ADMIN', 1);
+require_once('common.php');
 
-session_start();
+$query  = $conn->query('SELECT user FROM admin LIMIT 1');
+$adminid = $query->fetch()['user'];
 
-if (isset($_SESSION['login'])) {
-// Do nothing	
-} else {
-    header("Location: .");
-    exit();
-}
-
-if (isset($_GET['logout'])) {
-    if (isset($_SESSION['login']))
-        unset($_SESSION['login']);
-    
-    session_destroy();
-    header("Location: .");
-    exit();
-}
-
-$date = date('jS F Y');
-$ip   = $_SERVER['REMOTE_ADDR'];
-require_once('../config.php');
-
-$conn = new PDO(
-    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    $db_user,
-    $db_pass,
-    $db_opts
-);
-
-$query = "SELECT @last_id := MAX(id) FROM admin_history";
-
-$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
-
-while ($row = $query->fetch()) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
-$query->execute([$last_id]);
-
-while ($row = $query->fetch()) {
-    $last_date = $row['last_date'];
-    $last_ip   = $row['ip'];
-}
-
-/* This seems to take the same path in both cases and be overly convoluted, so I rewrote it below but kept this in case I
- * am missing something...
-if ($last_ip == $ip) {
-    if ($last_date == $date) {
-
-    } else {
-        $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-        mysqli_query($con, $query);
-    }
-} else {
-    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-    mysqli_query($con, $query);
-}*/
-
-if ($last_ip !== $ip || $last_date !== $date) {
-    $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
-}
-
-$query  = $conn->query('SELECT user, pass FROM admin');
-
-while ($row = $query->fetch()) {
-    $adminid  = Trim($row['user']);
-    $password = Trim($row['pass']);
-}
 ?>
 
 <!DOCTYPE html>
diff --git a/admin/common.php b/admin/common.php
new file mode 100644
index 0000000..271eea3
--- /dev/null
+++ b/admin/common.php
@@ -0,0 +1,49 @@
+<?php
+if (!defined('IN_ADMIN')) {
+    die();
+}
+
+require_once('../config.php');
+
+function updateAdminHistory($conn) {
+    $last_date = null;
+    $last_ip = null;
+    $ip = $_SERVER['REMOTE_ADDR'];
+    $date = date('jS F Y');
+
+    $query = $conn->query('SELECT ip, last_date FROM admin_history ORDER BY ID DESC LIMIT 1');
+
+    if ($row = $query->fetch()) {
+        $last_date = $row['last_date'];
+        $last_ip   = $row['ip'];
+    }
+
+    if ($last_ip !== $ip || $last_date !== $date) {
+        $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
+    }
+}
+
+session_start();
+
+if (!isset($_SESSION['login'])) {
+    header('Location: .');
+    exit();
+}
+
+if (isset($_GET['logout'])) {
+    if (isset($_SESSION['login']))
+        unset($_SESSION['login']);
+
+    session_destroy();
+    header("Location: .");
+    exit();
+}
+
+$conn = new PDO(
+    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
+    $db_user,
+    $db_pass,
+    $db_opts
+);
+
+
diff --git a/admin/configuration.php b/admin/configuration.php
index 9867476..44406a2 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -12,67 +12,14 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
+define('IN_ADMIN', 1);
+require_once('common.php');
 
-if (isset($_SESSION['login'])) {
-// Do nothing	
-} else {
-    header("Location: .");
-    exit();
-}
+updateAdminHistory($conn);
 
-if (isset($_GET['logout'])) {
-    if (isset($_SESSION['login']))
-        unset($_SESSION['login']);
-    
-    session_destroy();
-    header("Location: .");
-    exit();
-}
+$query  = $conn->query('SELECT * FROM site_info');
 
-$date = date('jS F Y');
-$ip   = $_SERVER['REMOTE_ADDR'];
-require_once('../config.php');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-
-if (mysqli_connect_errno()) {
-    $sql_error = mysqli_connect_error();
-    die("Unable connect to database");
-}
-
-$query = "SELECT @last_id := MAX(id) FROM admin_history";
-
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query  = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_date = $row['last_date'];
-    $last_ip   = $row['ip'];
-}
-
-if ($last_ip == $ip) {
-    if ($last_date == $date) {
-        
-    } else {
-        $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-        mysqli_query($con, $query);
-    }
-} else {
-    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-    mysqli_query($con, $query);
-}
-
-
-$query  = "SELECT * FROM site_info";
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
+if ($row = $query->fetch()) {
     $title				= Trim($row['title']);
     $des				= Trim($row['des']);
     $baseurl		    = Trim($row['baseurl']);
@@ -85,10 +32,11 @@ while ($row = mysqli_fetch_array($result)) {
     $ga					= Trim($row['ga']);
     $additional_scripts = Trim($row['additional_scripts']);
 }
-$query  = "SELECT * FROM captcha WHERE id='1'";
-$result = mysqli_query($con, $query);
 
-while ($row = mysqli_fetch_array($result)) {
+$query  = "SELECT * FROM captcha WHERE id = '1'";
+$result = $conn->query('SELECT * FROM captcha WHERE id = 1');
+
+if ($row = $result->fetch()) {
     $cap_e					= $row['cap_e'];
     $mode					= $row['mode'];
     $mul					= $row['mul'];
@@ -98,18 +46,16 @@ while ($row = mysqli_fetch_array($result)) {
     $recaptcha_secretkey	= $row['recaptcha_secretkey'];
 }
 
-$query  = "SELECT * FROM site_permissions WHERE id='1'";
-$result = mysqli_query($con, $query);
+$result = $conn->query("SELECT * FROM site_permissions WHERE id='1'");
 
-while ($row = mysqli_fetch_array($result)) {
+if ($row = $result->fetch()) {
     $disableguest   = Trim($row['disableguest']);
     $siteprivate	= Trim($row['siteprivate']);
 }
 
-$query  = "SELECT * FROM mail WHERE id='1'";
-$result = mysqli_query($con, $query);
+$result = $conn->query("SELECT * FROM mail WHERE id='1'");
 
-while ($row = mysqli_fetch_array($result)) {
+if ($row = $result->fetch()) {
 	$verification	= Trim($row['verification']);
     $smtp_host		= Trim($row['smtp_host']);
     $smtp_username	= Trim($row['smtp_username']);
@@ -119,6 +65,85 @@ while ($row = mysqli_fetch_array($result)) {
     $auth			= Trim($row['auth']);
     $socket			= Trim($row['socket']);
 }
+
+/* Update the configuration if necessary */
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (isset($_POST['manage'])) {
+        $query = $conn->prepare(
+                'UPDATE site_info SET title = ?, des = ?, baseurl = ?, keyword = ?, site_name = ?, email = ?, twit = ?, face = ?, gplus = ?, ga = ?, additional_scripts = ? WHERE id = 1'
+        );
+        $query->execute([
+                trim($_POST['title']),
+                trim($_POST['des']),
+                trim($_POST['baseurl']),
+                trim($_POST['keyword']),
+                trim($_POST['site_name']),
+                trim($_POST['email']),
+                trim($_POST['twit']),
+                trim($_POST['face']),
+                trim($_POST['gplus']),
+                trim($_POST['ga']),
+                trim($_POST['additional_scripts'])
+        ]);
+
+        $msg = '<div class="paste-alert alert3" style="text-align: center;">
+											Configuration saved
+											</div>';
+    }
+
+    if (isset($_POST['cap'])) {
+        $query = $conn->prepare(
+                'UPDATE captcha SET cap_e = ?, mode = ?, mul = ?, allowed = ?, color = ?, recaptcha_sitekey = ?, recaptcha_secretkey = ? WHERE id = 1'
+        );
+        $query->execute([
+            trim($_POST['cap_e']),
+            trim($_POST['mode']),
+            trim($_POST['mul']),
+            trim($_POST['allowed']),
+            trim($_POST['color']),
+            trim($_POST['recaptcha_sitekey']),
+            trim($_POST['recaptcha_secretkey'])
+        ]);
+        $msg = '<div class="paste-alert alert3" style="text-align: center;">
+									Captcha settings saved
+									</div>';
+
+    }
+
+    if (isset($_POST['permissions'])) {
+        $query = $conn->prepare('UPDATE site_permissions SET disableguest = ?, siteprivate = ? WHERE id = 1');
+        $query->execute([
+            trim($_POST['disableguest']),
+            trim($_POST['siteprivate'])
+        ]);
+
+        $msg = '<div class="paste-alert alert3" style="text-align: center;">
+									Site permissions saved.
+									</div>';
+    }
+
+}
+
+if (isset($_POST['smtp_code'])) {
+    $query = $conn->prepare(
+            'UPDATE mail SET verification = ?, smtp_host = ?, smtp_port = ?, smtp_username = ?, smtp_password = ?, socket = ?, protocol = ?, auth = ? WHERE id = 1'
+    );
+
+    $query->execute([
+        trim($_POST['verification']),
+        trim($_POST['smtp_host']),
+        trim($_POST['smtp_port']),
+        trim($_POST['smtp_user']),
+        trim($_POST['socket']),
+        trim($_POST['auth']),
+        trim($_POST['protocol'])
+    ]);
+    $msg = '
+							<div class="paste-alert alert3" style="text-align: center;">
+							Mail settings updated
+							</div>';
+}
 ?>
 
 <!DOCTYPE html>
@@ -165,104 +190,7 @@ while ($row = mysqli_fetch_array($result)) {
 				<div class="col-md-12">
 				  <div class="panel panel-widget">
 						<div class="panel-body">
-						<?php
-						if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-							if (isset($_POST['manage'])) {
-								$site_name	= mysqli_real_escape_string( $con, Trim($_POST['site_name']) );
-								$title		= mysqli_real_escape_string( $con, Trim($_POST['title']) );
-								$baseurl	= mysqli_real_escape_string( $con, Trim($_POST['baseurl']) );
-								$des		= mysqli_real_escape_string( $con, Trim($_POST['des']) );
-								$keyword	= htmlentities(Trim($_POST['keyword']));
-								$email		= mysqli_real_escape_string( $con, Trim($_POST['email']) );
-								$twit		= htmlentities(Trim($_POST['twit']));
-								$face		= htmlentities(Trim($_POST['face']));
-								$gplus		= htmlentities(Trim($_POST['gplus']));
-								$ga			= htmlentities(Trim($_POST['ga']));
-								$additional_scripts        = mysqli_real_escape_string( $con, $_POST['additional_scripts'] );
-                                
-								$query = "UPDATE site_info SET title='$title', des='$des', baseurl='$baseurl', keyword='$keyword', site_name='$site_name', email='$email', twit='$twit', face='$face', gplus='$gplus', ga='$ga', additional_scripts='$additional_scripts' WHERE id='1'";
-								mysqli_query($con, $query);
-								
-								if (mysqli_errno($con)) {
-									$msg = '<div class="paste-alert alert6" style="text-align: center;">
-											' . mysqli_error($con) . '
-											</div>';
-								} else {
-									$msg = '<div class="paste-alert alert3" style="text-align: center;">
-											Configuration saved
-											</div>';
-								}
-							}
-							if (isset($_POST['cap'])) {
-								$cap_e   = Trim($_POST['cap_e']);
-								$mode    = Trim($_POST['mode']);
-								$mul     = Trim($_POST['mul']);
-								$allowed = Trim($_POST['allowed']);
-								$color   = Trim($_POST['color']);
-                                $recaptcha_sitekey = Trim($_POST['recaptcha_sitekey']);
-								$recaptcha_secretkey   = Trim($_POST['recaptcha_secretkey']);
-								
-								$query = "UPDATE captcha SET cap_e='$cap_e', mode='$mode', mul='$mul', allowed='$allowed', color='$color', recaptcha_sitekey='$recaptcha_sitekey', recaptcha_secretkey='$recaptcha_secretkey' WHERE id='1'";
-								mysqli_query($con, $query);
-								
-								if (mysqli_errno($con)) {
-									$msg = '<div class="paste-alert alert6" style="text-align: center;">
-											' . mysqli_error($con) . '
-											</div>';
-								} else {
-									$msg = '<div class="paste-alert alert3" style="text-align: center;">
-									Captcha settings saved
-									</div>';
-								}
-							}
-							
-							if (isset($_POST['permissions'])) {
-								$disableguest = Trim($_POST['disableguest']);
-								$siteprivate  = Trim($_POST['siteprivate']);
-								
-								$query = "UPDATE site_permissions SET disableguest='$disableguest', siteprivate='$siteprivate' WHERE id='1'";
-								mysqli_query($con, $query);
-								
-								if (mysqli_errno($con)) {
-									$msg = '<div class="paste-alert alert6" style="text-align: center;">
-											' . mysqli_error($con) . '
-											</div>';
-								} else {
-									$msg = '<div class="paste-alert alert3" style="text-align: center;">
-									Site permissions saved.
-									</div>';
-								}
-							}
-
-						}
-
-						if (isset($_POST['smtp_code'])) {
-							$verification	= Trim($_POST['verification']);
-							$smtp_host		= Trim($_POST['smtp_host']);
-							$smtp_port		= Trim($_POST['smtp_port']);
-							$smtp_username	= Trim($_POST['smtp_user']);
-							$smtp_password	= Trim($_POST['smtp_pass']);
-							$socket			= Trim($_POST['socket']);
-							$auth			= Trim($_POST['auth']);
-							$protocol		= Trim($_POST['protocol']);
-							
-							$query = "UPDATE mail SET verification='$verification', smtp_host='$smtp_host', smtp_port='$smtp_port', smtp_username='$smtp_username', smtp_password='$smtp_password', socket='$socket', protocol='$protocol', auth='$auth' WHERE id='1'";
-							mysqli_query($con, $query);
-							
-							if (mysqli_errno($con)) {
-								$msg = '<div class="paste-alert alert6" style="text-align: center;">
-										' . mysqli_error($con) . '
-										</div>';
-								
-							} else {
-									$msg = '
-							<div class="paste-alert alert3" style="text-align: center;">
-							Mail settings updated
-							</div>';
-							}
-						}
-						if (isset($msg)) echo $msg;
-						?>
+						<?php if (isset($msg)) echo $msg; ?>
 						
 							<div role="tabpanel">
 							  <!-- Nav tabs -->
diff --git a/admin/dashboard.php b/admin/dashboard.php
index f311a58..3d170ac 100644
--- a/admin/dashboard.php
+++ b/admin/dashboard.php
@@ -13,57 +13,15 @@
  * GNU General Public License in GPL.txt for more details.
  */
 
-session_start();
-
-if (!isset($_SESSION['login'])) {
-    header('Location: .');
-    exit();
-}
-
-if (isset($_GET['logout'])) {
-    if (isset($_SESSION['login']))
-        unset($_SESSION['login']);
-    
-    session_destroy();
-    header("Location: .");
-    exit();
-}
+define('IN_ADMIN', 1);
+require_once('common.php');
 
 $today_users_count  = 0;
 $today_pastes_count = 0;
 
-$date = date('jS F Y');
-$ip   = $_SERVER['REMOTE_ADDR'];
-require_once('../config.php');
 require_once('../includes/functions.php');
 
-$conn = new PDO(
-    "mysql:host=$db_host;dbname=$db_schema;charset=utf8",
-    $db_user,
-    $db_pass,
-    $db_opts
-);
-
-$query = $conn->query('SELECT @last_id := MAX(id) FROM admin_history');
-
-while ($row = $query->fetch()) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query = $conn->prepare('SELECT ip, last_date FROM admin_history WHERE id = ?');
-$query->execute([$last_id]);
-
-while ($row = $query->fetch()) {
-    $last_date = $row['last_date'];
-    $last_ip   = $row['ip'];
-}
-
-
-if ($last_ip !== $ip || $last_date !== $date) {
-    $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
-}
-
-
+updateAdminHistory($conn);
 
 $query = $conn->query("SELECT @last_id := MAX(id) FROM page_view");
 $row = $query->fetch(PDO::FETCH_NUM);
diff --git a/admin/pages.php b/admin/pages.php
index 361cca5..93cce13 100644
--- a/admin/pages.php
+++ b/admin/pages.php
@@ -12,61 +12,11 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
+define('IN_ADMIN', 1);
+require_once('common.php');
 
-if (isset($_SESSION['login'])) {
-// Do nothing	
-} else {
-    header("Location: .");
-    exit();
-}
+updateAdminHistory($conn);
 
-if (isset($_GET['logout'])) {
-    if (isset($_SESSION['login']))
-        unset($_SESSION['login']);
-    
-    session_destroy();
-    header("Location: .");
-    exit();
-}
-
-$date = date('jS F Y');
-$ip   = $_SERVER['REMOTE_ADDR'];
-require_once('../config.php');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-
-if (mysqli_connect_errno()) {
-    $sql_error = mysqli_connect_error();
-    die("Unable connect to database");
-}
-
-$query = "SELECT @last_id := MAX(id) FROM admin_history";
-
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query  = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_date = $row['last_date'];
-    $last_ip   = $row['ip'];
-}
-
-if ($last_ip == $ip) {
-    if ($last_date == $date) {
-        
-    } else {
-        $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-        mysqli_query($con, $query);
-    }
-} else {
-    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-    mysqli_query($con, $query);
-}
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     if (isset($_POST{'editme'})) {
         $edit_me_id   = htmlentities(Trim($_POST['editme']));
@@ -167,7 +117,7 @@ if (isset($_GET{'edit'})) {
 								<br />
 								<?php
 								if (isset($_GET{'edit'})) {
-									echo '<input type="hidden" value=' . $_GET{'edit'} . 'id="editme" name="editme" />';
+									echo '<input type="hidden" value=' . $_GET['edit'] . 'id="editme" name="editme" />';
 								}
 								?>
 								<div class='control-group'>
@@ -221,8 +171,8 @@ if (isset($_GET{'edit'})) {
 
 
 
-								if (isset($_GET{'page'})) { // Get the current page
-									$page   = $_GET{'page'} + 1;
+								if (isset($_GET['page'])) { // Get the current page
+									$page   = $_GET['page'] + 1;
 									$offset = $rec_limit * $page;
 								} else {
 									// Show first set of results
diff --git a/admin/pastes.php b/admin/pastes.php
index 5e9e735..5f33bc3 100644
--- a/admin/pastes.php
+++ b/admin/pastes.php
@@ -12,63 +12,10 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License in GPL.txt for more details.
  */
-session_start();
-
-if (isset($_SESSION['login'])) {
-// Do nothing	
-} else {
-    header("Location: .");
-    exit();
-}
-
-if (isset($_GET['logout'])) {
-    if (isset($_SESSION['login']))
-        unset($_SESSION['login']);
-    
-    session_destroy();
-    header("Location: .");
-    exit();
-}
-
-$date = date('jS F Y');
-$ip   = $_SERVER['REMOTE_ADDR'];
-require_once('../config.php');
-$con = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname);
-
-if (mysqli_connect_errno()) {
-    $sql_error = mysqli_connect_error();
-    die("Unable connect to database");
-}
-
-$query = "SELECT @last_id := MAX(id) FROM admin_history";
-
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_id = $row['@last_id := MAX(id)'];
-}
-
-$query  = "SELECT * FROM admin_history WHERE id=" . Trim($last_id);
-$result = mysqli_query($con, $query);
-
-while ($row = mysqli_fetch_array($result)) {
-    $last_date = $row['last_date'];
-    $last_ip   = $row['ip'];
-}
-
-if ($last_ip == $ip) {
-    if ($last_date == $date) {
-        
-    } else {
-        $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-        mysqli_query($con, $query);
-    }
-} else {
-    $query = "INSERT INTO admin_history (last_date,ip) VALUES ('$date','$ip')";
-    mysqli_query($con, $query);
-}
-
+define('IN_ADMIN', 1);
+require_once('common.php');
 
+updateAdminHistory($conn);
 ?>
 
 <!DOCTYPE html>