From f6cddef9aa3fb0e81b746f2d05072c6a12c0dff4 Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Tue, 2 Nov 2021 08:46:40 -0400
Subject: [PATCH] More Eloquent moves

---
 admin/admin.php                   |  29 ++-----
 admin/ads.php                     | 127 ------------------------------
 admin/common.php                  |  31 ++++----
 admin/configuration.php           |   8 +-
 admin/dashboard.php               |  21 ++---
 admin/index.php                   |  31 ++++----
 admin/pastes.php                  |   2 -
 admin/users.php                   |  39 +++------
 api/tags_autocomplete.php         |   7 +-
 fav.php                           |  23 ------
 includes/DatabaseHandle.class.php |   6 --
 includes/Models/AdminLog.php      |  12 +++
 includes/Models/Paste.php         |   4 +
 includes/common.php               |   1 +
 includes/functions.php            |  44 +----------
 index.php                         |  20 +++--
 pages.php                         |   1 +
 paste.php                         |  37 +++++----
 profile.php                       |   7 +-
 theme/bulma/common.php            |   2 +-
 theme/bulma/main.php              |  16 +---
 theme/bulma/view.php              |  33 +++-----
 user.php                          |  14 +---
 23 files changed, 139 insertions(+), 376 deletions(-)
 delete mode 100644 admin/ads.php
 delete mode 100644 fav.php
 create mode 100644 includes/Models/AdminLog.php

diff --git a/admin/admin.php b/admin/admin.php
index 3648b17..700e07a 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -1,10 +1,6 @@
 <?php
 define('IN_PONEPASTE', 1);
 require_once('common.php');
-
-$query = $conn->query('SELECT user FROM admin LIMIT 1');
-$adminid = $query->fetch()['user'];
-
 ?>
 
 <!DOCTYPE html>
@@ -48,23 +44,13 @@ $adminid = $query->fetch()['user'];
         <!-- End Menu -->
 
         <?php
-        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-            $adminid = htmlentities(Trim($_POST['adminid']));
+        if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['password'])) {
             $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
-
-            $query = "UPDATE admin SET user='$adminid', pass='$password' WHERE id='1'";
-            mysqli_query($con, $query);
-
-            if (mysqli_errno($con)) {
-                $msg = '<div class="paste-alert alert6" style="text-align: center;">
-				 ' . mysqli_error($con) . '
-				 </div>';
-
-            } else {
-                $msg = '<div class="paste-alert alert3" style="text-align: center;">
+            $current_user->admin_password_hash = $password;
+            $current_user->save();
+            $msg = '<div class="paste-alert alert3" style="text-align: center;">
 					 Account details updated.
 					 </div>';
-            }
         }
         ?>
 
@@ -90,14 +76,9 @@ $adminid = $query->fetch()['user'];
                                         <form action="<?php echo $_SERVER['PHP_SELF']; ?>" class="form-area"
                                               method="POST">
                                             <div class="form-area">
-                                                <div class="group">
-                                                    <input type="text" id="adminid" name="adminid" class="form-control"
-                                                           placeholder="Username" value="<?php echo $adminid; ?>">
-                                                    <i class="fa fa-user"></i>
-                                                </div>
                                                 <div class="group">
                                                     <input type="password" id="password" name="password"
-                                                           class="form-control" placeholder="Password">
+                                                           class="form-control" placeholder="Admin Password">
                                                     <i class="fa fa-key"></i>
                                                 </div>
                                                 <button type="submit" class="btn btn-default btn-block">Save</button>
diff --git a/admin/ads.php b/admin/ads.php
deleted file mode 100644
index c77093f..0000000
--- a/admin/ads.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-define('IN_PONEPASTE', 1);
-require_once('common.php');
-
-updateAdminHistory($conn);
-
-$row = $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();
-
-if ($row) {
-    $text_ads = trim($row['text_ads']);
-    $ads_1 = trim($row['ads_1']);
-    $ads_2 = trim($row['ads_2']);
-} else {
-    $text_ads = '';
-    $ads_1 = '';
-    $ads_2 = '';
-}
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $text_ads = trim($_POST['text_ads']);
-    $ads_1 = trim($_POST['ads_1']);
-    $ads_2 = trim($_POST['ads_2']);
-
-    $conn->prepare('UPDATE ads SET text_ads = ?, ads_1 = ?, ads_2 = ? WHERE id = 1')->execute([$text_ads, $ads_1, $ads_2]);
-    $msg = '<div class="paste-alert alert3">
-					 Ads saved
-					 </div>';
-}
-?>
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Paste - Ads</title>
-    <link rel="shortcut icon" href="favicon.ico">
-    <link href="css/paste.css" rel="stylesheet" type="text/css"/>
-</head>
-<body>
-
-<div id="top" class="clearfix">
-    <!-- Start App Logo -->
-    <div class="applogo">
-        <a href="../" class="logo">Paste</a>
-    </div>
-    <!-- End App Logo -->
-
-    <!-- Start Top Right -->
-    <ul class="top-right">
-        <li class="dropdown link">
-            <a href="#" data-toggle="dropdown" class="dropdown-toggle profilebox"><b>Admin</b><span
-                        class="caret"></span></a>
-            <ul class="dropdown-menu dropdown-menu-list dropdown-menu-right">
-                <li><a href="admin.php">Settings</a></li>
-                <li><a href="?logout">Logout</a></li>
-            </ul>
-        </li>
-    </ul>
-    <!-- End Top Right -->
-</div>
-<!-- END TOP -->
-
-<div class="content">
-    <!-- START CONTAINER -->
-    <div class="container-widget">
-        <!-- Start Menu -->
-        <?php include 'menu.php'; ?>
-        <!-- End Menu -->
-        <!-- Start Ads -->
-        <div class="row">
-            <div class="col-md-12">
-                <div class="panel panel-widget">
-                    <div class="panel-body">
-                        <div class="panel-title">Manage Ads</a></div>
-                        <?php if (isset($msg)) echo $msg; ?>
-                        <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
-                            <div class="control-group">
-                                <label class="control-label" for="text_ads">Text Ads</label>
-                                <div class="controls">
-                                    <textarea placeholder="Ad code" name="text_ads" rows="3"
-                                              class="span6"><?php echo $text_ads; ?></textarea>
-                                </div>
-                            </div>
-                            <div class="control-group">
-                                <label class="control-label" for="ads_1">Image Ad - (Sidebar)</label>
-                                <div class="controls">
-                                    <textarea placeholder="Ad code" name="ads_1" id="ads_1" rows="3"
-                                              class="span6"><?php echo $ads_1; ?></textarea>
-                                </div>
-                            </div>
-
-                            <div class="control-group">
-                                <label class="control-label" for="ads_2">Image Ad (Footer)</label>
-                                <div class="controls">
-                                    <textarea placeholder="Ad code" name="ads_2" id="ads_2" rows="3"
-                                              class="span6"><?php echo $ads_2; ?></textarea>
-                                </div>
-                            </div>
-                            <button type="submit" class="btn btn-default">Save</button>
-                        </form>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <!-- End Ads -->
-    </div>
-    <!-- END CONTAINER -->
-
-    <!-- Start Footer -->
-    <div class="row footer">
-        <div class="col-md-6 text-left">
-            <a href="https://github.com/jordansamuel/PASTE" target="_blank">Updates</a> &mdash; <a
-                    href="https://github.com/jordansamuel/PASTE/issues" target="_blank">Bugs</a>
-        </div>
-        <div class="col-md-6 text-right">
-            Powered by <a href="https://phpaste.sourceforge.io" target="_blank">Paste</a>
-        </div>
-    </div>
-    <!-- End Footer -->
-</div>
-<!-- End content -->
-
-<script type="text/javascript" src="js/jquery.min.js"></script>
-<script type="text/javascript" src="js/bootstrap.min.js"></script>
-</body>
-</html>
\ No newline at end of file
diff --git a/admin/common.php b/admin/common.php
index 7076f49..55d7f54 100644
--- a/admin/common.php
+++ b/admin/common.php
@@ -2,27 +2,28 @@
 if (!defined('IN_PONEPASTE')) {
     die('This file may not be accessed directly.');
 }
+
 require_once('../includes/common.php');
 
-function updateAdminHistory($conn) {
-    $last_date = null;
-    $last_ip = null;
-    $ip = $_SERVER['REMOTE_ADDR'];
-    $date = date('jS F Y');
+use PonePaste\Models\AdminLog;
+use PonePaste\Models\User;
 
-    $query = $conn->query('SELECT ip, last_date FROM admin_history ORDER BY ID DESC LIMIT 1');
+function updateAdminHistory(User $admin, int $action) {
+    $log = new AdminLog([
+        'user_id' => $admin->user_id,
+        'action' => $action,
+        'ip' => $_SERVER['REMOTE_ADDR']
+    ]);
 
-    if ($row = $query->fetch()) {
-        $last_date = $row['last_date'];
-        $last_ip = $row['ip'];
-    }
-
-    if ($last_ip !== $ip || $last_date !== $date) {
-        $conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
-    }
+    $log->save();
 }
 
-if (!isset($_SESSION['login'])) {
+if ($current_user === null || !$current_user->admin) {
+    header('Location: ..');
+    die();
+}
+
+if (!isset($_SESSION['admin_login'])) {
     header('Location: .');
     exit();
 }
diff --git a/admin/configuration.php b/admin/configuration.php
index f6480d6..5ac8beb 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -1,12 +1,12 @@
 <?php
+
+use PonePaste\Models\AdminLog;
+
 define('IN_PONEPASTE', 1);
 require_once('common.php');
 
 const CONFIG_FILE_PATH = '../config/site.php';
 
-
-updateAdminHistory($conn);
-
 function updateConfiguration(string $path, array $new_config) {
     $fp = fopen($path, 'w');
 
@@ -75,6 +75,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 									Captcha settings saved
 									</div>';
     }
+
+    updateAdminHistory($current_user, AdminLog::ACTION_EDIT_CONFIG);
 }
 ?>
 
diff --git a/admin/dashboard.php b/admin/dashboard.php
index d96a8c6..10af938 100644
--- a/admin/dashboard.php
+++ b/admin/dashboard.php
@@ -8,8 +8,6 @@ $today_pastes_count = 0;
 require_once('../includes/common.php');
 require_once('../includes/functions.php');
 
-updateAdminHistory($conn);
-
 $query = $conn->query("SELECT @last_id := MAX(id) FROM page_view");
 $row = $query->fetch(PDO::FETCH_NUM);
 $page_last_id = intval($row[0]);
@@ -58,6 +56,12 @@ for ($loop = 0; $loop <= 6; $loop++) {
         $tvisit[$loop] = $row['tvisit'];
     }
 }
+
+function getRecentadmin($count = 5) {
+    return Paste::with('user')
+                ->orderBy('id')
+                ->limit($count)->get();
+}
 ?>
 
 <!DOCTYPE html>
@@ -200,18 +204,15 @@ for ($loop = 0; $loop <= 6; $loop++) {
                             </thead>
                             <tbody>
                             <?php
-                            $most_recent_users = $conn->query('SELECT id, username, date, ip FROM users ORDER BY id DESC LIMIT 7')->fetchAll();
-                            $last_id = intval(
-                                $conn->query('SELECT MAX(id) FROM users')->fetch(PDO::FETCH_NUM)[0]
-                            );
+                            $most_recent_users = User::select('id', 'username', 'date', 'ip')->orderBy('id', 'desc')->limit(7);
 
                             foreach ($most_recent_users as $user) {
                                 echo "
 										  <tr>
-											<td>${user['id']}</td>
-											<td>${user['username']}</td>
-											<td>${user['date']}</td>
-											<td><span class='label label-default'>${user['ip']}</span></td>
+											<td>$user->id</td>
+											<td>" . pp_html_escape($user->username) . "</td>
+											<td>$user->date</td>
+											<td><span class='label label-default'>$user->ip</span></td>
 										  </tr> ";
                             }
 
diff --git a/admin/index.php b/admin/index.php
index 7f6da00..3171699 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -2,18 +2,23 @@
 define('IN_PONEPASTE', 1);
 require_once(__DIR__ . '/../includes/common.php');
 
-$row = $conn->querySelectOne('SELECT user, pass FROM admin LIMIT 1');
-$adminid = $row['user'];
-$password = $row['pass'];
+use PonePaste\Models\AdminLog;
+
+if ($current_user === null || !$current_user->admin) {
+    header('Location: ..');
+    die();
+}
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-    if ($adminid === trim($_POST['username']) && password_verify($_POST['password'], $password)) {
-        $_SESSION['login'] = true;
+    if (password_verify($_POST['password'], $current_user->admin_password_hash)) {
+        updateAdminHistory($current_user, AdminLog::ACTION_LOGIN);
+        $_SESSION['admin_login'] = true;
         header("Location: dashboard.php");
         exit();
     } else {
+        updateAdminHistory($current_user, AdminLog::ACTION_FAIL_LOGIN);
         $msg = '<div class="paste-alert alert6" style="text-align:center;">
-						Wrong User/Password
+						Wrong Password
 					</div>';
     }
 }
@@ -25,7 +30,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Paste - Login</title>
+    <title>PonePaste - Authenticate</title>
     <link href="css/paste.css" rel="stylesheet">
     <style>
         body {
@@ -42,11 +47,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     ?>
     <form action="." method="post">
         <div class="top">
-            <h1>Paste</h1>
+            <h1>PonePaste Admin Authentication</h1>
         </div>
         <div class="form-area">
             <div class="group">
-                <input type="text" class="form-control" id="username" name="username" placeholder="Username" value="">
+                <input type="text" class="form-control" id="username" name="username" disabled="disabled" value="<?= pp_html_escape($current_user->username); ?>">
                 <i class="fa fa-user"></i>
             </div>
             <div class="group">
@@ -54,13 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                        value="">
                 <i class="fa fa-key"></i>
             </div>
-            <!-- Not yet implemented
-              <div class="checkbox checkbox-primary">
-                      <input id="rememberme" type="checkbox" checked="">
-                      <label for="rememberme"> Remember Me</label>
-              </div>
-            -->
-            <button type="submit" class="btn btn-default btn-block">LOGIN</button>
+            <button type="submit" class="btn btn-default btn-block">Authenticate</button>
         </div>
     </form>
 </div>
diff --git a/admin/pastes.php b/admin/pastes.php
index 083738d..6a3eba7 100644
--- a/admin/pastes.php
+++ b/admin/pastes.php
@@ -1,8 +1,6 @@
 <?php
 define('IN_PONEPASTE', 1);
 require_once('common.php');
-
-updateAdminHistory($conn);
 ?>
 
 <!DOCTYPE html>
diff --git a/admin/users.php b/admin/users.php
index e502add..efe858d 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -96,56 +96,42 @@ require_once(__DIR__ . '/common.php');
                 <div class="panel panel-widget">
                     <?php
                     if (isset($_GET['details'])) {
-                        $row = $conn->querySelectOne('SELECT username, platform, verified, banned, date, ip FROM users WHERE id = ?', [$_GET['details']]);
-                        $user_username = $row['username'];
-                        $user_full_name = $row['full_name'];
-                        $user_platform = Trim($row['platform']);
+                        $user = User::find($_GET['details']);
                         $user_date = $row['date'];
-                        $user_ip = $row['ip'];
-                        $detail_id = htmlentities(Trim($_GET['details']));
-                        if ($row['banned']) {
+
+                        if ($user->banned) {
                             $user_verified = 'Banned';
-                        } elseif ($row['verified']) {
+                        } elseif ($user->verified) {
                             $user_verified = 'Verified';
                         } else {
                             $user_verified = 'Unverified';
                         }
+
                         ?>
                         <div class="panel-body">
                             <div class="panel-title">
-                                <?php echo $user_username . ' Details'; ?>
+                                <?= pp_html_escape($user->username) . ' Details'; ?>
                             </div>
 
                             <table class="table table-striped table-bordered">
                                 <tbody>
                                 <tr>
                                     <td> Username</td>
-                                    <td> <?php echo $user_username; ?> </td>
+                                    <td><?= pp_html_escape($user->username) ?> </td>
                                 </tr>
-
                                 <tr>
-                                    <td> Platform</td>
-                                    <td> <?php echo $user_platform; ?> </td>
-                                </tr>
-
-                                <tr>
-                                    <td> Status</td>
-                                    <td> <?php echo $user_verified; ?> </td>
+                                    <td>Status</td>
+                                    <td><?= $user_verified ?></td>
                                 </tr>
 
                                 <tr>
                                     <td> User IP</td>
-                                    <td> <?php echo $user_ip; ?> </td>
+                                    <td><?= $user->ip ?> </td>
                                 </tr>
 
                                 <tr>
-                                    <td> Date Registered</td>
-                                    <td> <?php echo $user_date; ?> </td>
-                                </tr>
-
-                                <tr>
-                                    <td> Full Name</td>
-                                    <td> <?php echo $user_full_name; ?> </td>
+                                    <td>Date Registered</td>
+                                    <td><?php echo $user_date; ?> </td>
                                 </tr>
                                 </tbody>
                             </table>
@@ -166,7 +152,6 @@ require_once(__DIR__ . '/common.php');
                                     <th>ID</th>
                                     <th>Username</th>
                                     <th>Date Registered</th>
-                                    <th>Platform</th>
                                     <th>Ban User</th>
                                     <th>Profile</th>
                                     <th>Delete</th>
diff --git a/api/tags_autocomplete.php b/api/tags_autocomplete.php
index 49bbcae..606afe9 100644
--- a/api/tags_autocomplete.php
+++ b/api/tags_autocomplete.php
@@ -17,8 +17,11 @@ if (empty($_GET['tag'])) {
 
 $tag_name = Tag::cleanTagName($_GET['tag']);
 
-$results = $conn->query('SELECT name FROM tags WHERE name LIKE ? AND name != ?', [escapeLikeQuery($tag_name) . '%', $tag_name]);
-$tags = $results->fetchAll(PDO::FETCH_ASSOC);
+$results = Tag::select('name')
+                ->where('name', 'LIKE', escapeLikeQuery($tag_name))
+                ->andWhere('name', '!=', $tag_name)
+                ->fetchAll()
+                ->toArray();
 
 array_push($tags, ['name' => $tag_name]);
 
diff --git a/fav.php b/fav.php
deleted file mode 100644
index be8b7f6..0000000
--- a/fav.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-define('IN_PONEPASTE', 1);
-require_once('includes/common.php');
-require_once('includes/functions.php');
-
-if ($current_user && !empty($_POST['fid'])) {
-    $paste_id = intval($_POST['fid']);
-    $query = $conn->prepare('SELECT 1 FROM pins WHERE paste_id = ? AND user_id = ?');
-    $query->execute([$paste_id, $current_user->user_id]);
-
-    if ($query->fetch()) { /* Already favorited */
-        $query = $conn->prepare('DELETE FROM pins WHERE paste_id = ? AND user_id = ?');
-    } else {
-        $query = $conn->prepare('INSERT INTO pins (paste_id, user_id, f_time) VALUES (?, ?, NOW())');
-    }
-
-    $query->execute([$paste_id, $current_user->user_id]);
-    $error = 'Paste has been favorited.';
-}
-
-// Theme
-$page_template = 'report';
-require_once('theme/' . $default_theme . '/common.php');
diff --git a/includes/DatabaseHandle.class.php b/includes/DatabaseHandle.class.php
index e7c8dc6..1a5974b 100644
--- a/includes/DatabaseHandle.class.php
+++ b/includes/DatabaseHandle.class.php
@@ -35,10 +35,4 @@ class DatabaseHandle {
 
         return null;
     }
-
-    public function queryInsert(string $query, array $params = null) : int {
-        $this->query($query, $params);
-
-        return (int) $this->conn->lastInsertId();
-    }
 }
diff --git a/includes/Models/AdminLog.php b/includes/Models/AdminLog.php
new file mode 100644
index 0000000..290fae3
--- /dev/null
+++ b/includes/Models/AdminLog.php
@@ -0,0 +1,12 @@
+<?php
+namespace PonePaste\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class AdminLog extends Model {
+    public const ACTION_LOGIN = 0;
+    public const ACTION_FAIL_LOGIN = 1;
+    public const ACTION_EDIT_CONFIG = 2;
+    protected $table = 'admin_logs';
+    protected $fillable = ['user_id', 'action', 'ip', 'time'];
+}
diff --git a/includes/Models/Paste.php b/includes/Models/Paste.php
index c400fd5..df2a1b9 100644
--- a/includes/Models/Paste.php
+++ b/includes/Models/Paste.php
@@ -21,6 +21,10 @@ class Paste extends Model {
         return $this->belongsToMany(Tag::class, 'paste_taggings');
     }
 
+    public function favouriters() {
+        return $this->belongsToMany(User::class, 'user_favourites');
+    }
+
     public function replaceTags(array $tags) {
         $this->tags()->detach();
 
diff --git a/includes/common.php b/includes/common.php
index bf0052a..cc721b0 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -112,6 +112,7 @@ function pp_html_escape(string $unescaped) : string {
     return htmlspecialchars($unescaped, ENT_QUOTES, 'UTF-8', false);
 }
 
+/* I think there is one row for each day, and in that row, tpage = non-unique, tvisit = unique page views for that day */
 function updatePageViews(DatabaseHandle $conn) : void {
     $ip = $_SERVER['REMOTE_ADDR'];
     $date = date('jS F Y');
diff --git a/includes/functions.php b/includes/functions.php
index 78d1611..e9e5d99 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -104,35 +104,14 @@ function linkify($value, $protocols = array('http', 'mail'), array $attributes =
     }, $value);
 }
 
-function getUserRecom(DatabaseHandle $conn, int $user_id) : array {
-    $query = $conn->prepare(
-        "SELECT pastes.id AS id, users.username AS member, title, visible
-            FROM pastes
-            INNER JOIN users ON pastes.user_id = users.id
-            WHERE pastes.visible = '0' AND users.id = ?
-            ORDER BY id DESC
-            LIMIT 0, 5");
-    $query->execute([$user_id]);
-    return $query->fetchAll();
-}
-
 function formatBytes($size, $precision = 2) {
     $base = log($size, 1024);
-    $suffixes = array('B', 'KB', 'MB', 'GB', 'TB');
+    $suffixes = ['B', 'KB', 'MB', 'GB', 'TB'];
 
     return round(pow(1024, $base - floor($base)), $precision) . ' ' . $suffixes[floor($base)];
 }
 
-function getRecentadmin($conn, $count = 5) {
-    $query = $conn->prepare(
-        'SELECT pastes.id AS id, pastes.ip AS ip, title, created_at, views, users.username AS member
-            FROM pastes
-            INNER JOIN users ON users.id = pastes.user_id
-            ORDER BY id DESC LIMIT 0, ?');
-    $query->execute([$count]);
 
-    return $query->fetchAll();
-}
 
 
 function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string {
@@ -182,27 +161,6 @@ function truncate(string $input, int $maxWords, int $maxChars) : string {
     return $result . ($input == $result ? '' : '[...]');
 }
 
-function doDownload($paste_id, $p_title, $p_member, $p_conntent, $p_code) {
-    $stats = false;
-    if ($p_code) {
-        // Figure out extensions.
-        $ext = match ($p_code) {
-            default => 'txt',
-        };
-
-        // Download
-        $p_title = stripslashes($p_title);
-        header('content-type: text/plain');
-        header('content-Disposition: attachment; filename="' . $paste_id . '_' . $p_title . '_' . $p_member . '.' . $ext . '"');
-        echo $p_conntent;
-        $stats = true;
-    } else {
-        // 404
-        header('HTTP/1.1 404 Not Found');
-    }
-    return $stats;
-}
-
 function embedView($paste_id, $p_title, $content, $p_code, $title, $baseurl, $lang) {
     $stats = false;
     if ($content) {
diff --git a/index.php b/index.php
index e90eda7..beb88dd 100644
--- a/index.php
+++ b/index.php
@@ -46,7 +46,6 @@ function calculatePasteExpiry(string $expiry) {
 }
 
 function validatePasteFields() : string|null {
-
     if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
         return 'You cannot post an empty paste.';
     } elseif (!isset($_POST['title'])) { /* No paste title POSTed */
@@ -104,7 +103,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $paste_visibility = $_POST['visibility'];
     $paste_code = $_POST['format'];
     $paste_password = $_POST['pass'];
-    $paste_encrypt = $_POST['encrypted'] === 'on'; // TODO: Make sure this works!
 
     $p_expiry = trim(htmlspecialchars($_POST['paste_expire_date']));
     $tag_input = $_POST['tag_input'];
@@ -115,20 +113,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $paste_password = password_hash($paste_password, PASSWORD_DEFAULT);
     }
 
-    if ($paste_encrypt) {
-        $paste_content = openssl_encrypt($paste_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);
-    }
+    $paste_content = openssl_encrypt(
+        $_POST['paste_data'],
+        PP_ENCRYPTION_ALGO,
+        PP_ENCRYPTION_KEY
+    );
 
     // Set expiry time
     $expires = calculatePasteExpiry($p_expiry);
 
     // Edit existing paste or create new?
     if ($editing) {
+        $paste = Paste::find($_POST['paste_id']);
         if ($current_user &&
-            $current_user->user_id === (int) $conn->querySelectOne('SELECT user_id FROM pastes WHERE id = ?', [$_POST['paste_id']])['user_id']) {
-            $paste_id = intval($_POST['paste_id']);
-
-            $paste = Paste::find(intval($_POST['paste_id']));
+            $current_user->user_id === $paste->user_id) {
+            $paste_id = $paste->id;
             $paste->update([
                     'title' => $paste_title,
                     'content' => $paste_content,
@@ -136,7 +135,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     'code' => $paste_code,
                     'expiry' => $expires,
                     'password' => $paste_password,
-                    'encrypt' => $paste_encrypt,
                     'ip' => $ip
             ]);
 
@@ -153,7 +151,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             'visible' => $paste_visibility,
             'expiry' => $expires,
             'password' => $paste_password,
-            'encrypt' => $paste_encrypt,
+            'encrypt' => true,
             'created_at' => date_create(),
             'ip' => $ip
         ]);
diff --git a/pages.php b/pages.php
index 1bd1422..02582cc 100644
--- a/pages.php
+++ b/pages.php
@@ -18,6 +18,7 @@ if (isset($_GET['page'])) {
         $p_title = $page_title;
     }
 }
+
 // Theme
 $page_template = 'pages';
 require_once('theme/' . $default_theme . '/common.php');
diff --git a/paste.php b/paste.php
index 21cb362..81414bf 100644
--- a/paste.php
+++ b/paste.php
@@ -6,6 +6,7 @@ require_once('includes/passwords.php');
 
 use Highlight\Highlighter;
 use PonePaste\Models\Paste;
+use PonePaste\Models\User;
 
 function rawView($content, $p_code) {
     if ($p_code) {
@@ -16,6 +17,22 @@ function rawView($content, $p_code) {
     }
 }
 
+function getUserRecommended(User $user) {
+    return Paste::where('visible', '0')
+                ->where('user_id', $user->id)
+                ->orderBy('id')->limit(5)
+                ->get();
+    /*$query = $conn->prepare(
+        "SELECT pastes.id AS id, users.username AS member, title, visible
+            FROM pastes
+            INNER JOIN users ON pastes.user_id = users.id
+            WHERE pastes.visible = '0' AND users.id = ?
+            ORDER BY id DESC
+            LIMIT 0, 5");
+    $query->execute([$user_id]);
+    return $query->fetchAll();*/
+}
+
 $paste_id = intval(trim($_REQUEST['id']));
 
 updatePageViews($conn);
@@ -23,20 +40,8 @@ updatePageViews($conn);
 // This is used in the theme files.
 $totalpastes = Paste::count();
 
-// Get paste favorite count
-$fav_count = $conn->querySelectOne('SELECT COUNT(*) FROM user_favourites WHERE paste_id = ?', [$paste_id], PDO::FETCH_NUM)[0];
-
-// Get paste info
-/*$row = $conn->querySelectOne(
-    'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, users.username AS member, users.id AS user_id
-        FROM pastes
-        INNER JOIN users ON users.id = pastes.user_id
-        WHERE pastes.id = ?', [$paste_id]);*/
-
-
 $paste = Paste::find($paste_id);
 
-
 $notfound = null;
 $is_private = false;
 
@@ -50,6 +55,8 @@ $paste_owner_id = $paste->user->id;
 $paste_title = $paste->title;
 $paste_code = $paste->code;
 $using_highlighter = $paste_code !== 'pastedown';
+$fav_count = $paste->favouriters()->count();
+
 
 /*$paste = [
     'title' => $paste_title,
@@ -126,7 +133,9 @@ $op_content = trim(htmlspecialchars_decode($p_content));
 
 // Download the paste
 if (isset($_GET['download'])) {
-    doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code);
+    header('Content-Type: text/plain');
+    header('Content-Disposition: attachment; filename="' . $paste->id . '_' . pp_html_escape($paste->title) . '_' . pp_html_escape($paste->user->username) . '.txt"');
+    echo $op_content;
     exit();
 }
 
@@ -208,6 +217,7 @@ if (@$_SESSION['not_unique'] !== $paste_id) {
 }
 
 $page_template = 'view';
+$recommended_pastes = getUserRecommended($paste->user);
 
 Not_Valid_Paste:
 
@@ -216,6 +226,5 @@ if ($is_private || $notfound || !$password_valid) {
     // Display errors
     $page_template = 'errors';
 }
-
 require_once('theme/' . $default_theme . '/common.php');
 
diff --git a/profile.php b/profile.php
index 0fcff21..39cdc5f 100644
--- a/profile.php
+++ b/profile.php
@@ -13,7 +13,6 @@ if ($current_user === null) {
 }
 
 $user_username = $current_user->username;
-$row = $query->fetch();
 $user_id = $current_user->id;
 $user_date = $current_user->date;
 $user_ip = $current_user->ip;
@@ -26,8 +25,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         if (pp_password_verify($user_old_pass, $user_password)) {
             $user_new_cpass = pp_password_hash($_POST['password']);
 
-            $conn->prepare('UPDATE users SET password = ? WHERE id = ?')
-                ->execute([$user_new_cpass, $user_id]);
+            $current_user->password = $user_new_cpass;
+            $current_user->save();
 
             $success = 'Your profile has been updated.';
         } else {
@@ -40,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
 updatePageViews($conn);
 
-$total_user_pastes = Paste::where('user_id', $current_user->user_id)->count();
+$total_user_pastes = Paste::where('user_id', $current_user->id)->count();
 
 // Theme
 $page_template = 'profile';
diff --git a/theme/bulma/common.php b/theme/bulma/common.php
index 2448076..c46d0c8 100644
--- a/theme/bulma/common.php
+++ b/theme/bulma/common.php
@@ -367,7 +367,7 @@ $flashes = getFlashes();
 
 
 <!-- Additional Scripts -->
-<?php echo $additional_scripts; ?>
+<?php /* echo $additional_scripts; */ ?>
 
 </body>
 </html>
\ No newline at end of file
diff --git a/theme/bulma/main.php b/theme/bulma/main.php
index 4e43a86..63319a1 100644
--- a/theme/bulma/main.php
+++ b/theme/bulma/main.php
@@ -280,22 +280,10 @@
                                     <div class="level-left">
                                         <!-- Encrypted -->
                                         <div class="field">
-                                            <?php
-                                            $encrypted_checked = "";
-                                            if ($_POST) {
-                                                // We came here from an error, carry the checkbox setting forward
-                                                if (isset($_POST['encrypted'])) {
-                                                    $encrypted_checked = "checked";
-                                                }
-                                            } else {
-                                                // Fresh paste. Default to encrypted on
-                                                $encrypted_checked = "checked";
-                                            }
-                                            ?>
                                             <input class="is-checkradio is-info has-background-color" id="encrypt"
-                                                   name="encrypted" type="checkbox" <?php echo $encrypted_checked; ?>>
+                                                   checked="checked" disabled="disabled" type="checkbox">
                                             <label for="encrypt">
-                                                Encrypt on Server
+                                                Encrypt on Server (always enabled)
                                             </label>
                                         </div>
                                     </div>
diff --git a/theme/bulma/view.php b/theme/bulma/view.php
index 36c88b7..580e3b5 100644
--- a/theme/bulma/view.php
+++ b/theme/bulma/view.php
@@ -243,40 +243,25 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                     <?php endif; ?>
                 </div>
                 <!-- Guests -->
-                <?php if ($current_user === null || $current_user->user_id !== $paste['user_id']) { ?>
+                <?php if ($totalpastes !== 0 && ($current_user === null || $current_user->user_id !== $paste['user_id'])) { ?>
                     <hr>
                     <label class="label">More from this Author </label>
                     <?php
-                    $rec = getUserRecom($conn, $paste['user_id']);
-                    foreach ($rec as $index => $row) {
+                    foreach ($recommended_pastes as $paste) {
                         $title = Trim($row['title']);
-                        $p_id = Trim($row['id']);
                         $titlehov = ($row['title']);
                         $long_title = pp_html_escape($row['title']);
                         $title = pp_html_escape(truncate($row['title'], 24, 60));
                         ?>
 
                         <p class="no-margin">
-                        <?php
-                        if (PP_MOD_REWRITE) {
-                            echo '<header class="bd-category-header my-1">
-									<a href="' . $p_id . '" title="' . $long_title . '">' . $title . ' </a>
-									<p class="subtitle is-7">' . 'by ' . '
-										<i>' . $row['member'] . '</i>' . '
-									</p>' .
-                                '</header>';
-                        } else {
-                            echo '<a href="' . $p_id . '" title="' . $titlehov . '">' . ucfirst($title) . '</a>';
-                        }
-                    }
-
-
-                    // Display a message if the pastebin is empty
-                    if ($totalpastes === 0) {
-                        echo 'There are no pastes to show.';
-                    } ?>
-                    </p>
-
+                        <header class="bd-category-header my-1">
+                            <a href="<?= urlForPaste($paste) ?>" title="<?= pp_html_escape($paste->title) ?>">
+                                <?= pp_html_escape(truncate($paste->title, 24, 60)) ?>
+                            </a>
+                            <p class="subtitle is-7">by <i><?= pp_html_escape($paste->user->username) ?></i></p>
+                        </header>
+                    <?php } ?>
                 <?php } else { ?>
                     <!-- Paste Panel -->
                     <hr>
diff --git a/user.php b/user.php
index b991298..bf11026 100644
--- a/user.php
+++ b/user.php
@@ -42,9 +42,7 @@ $profile_total_unlisted = $profile_info->pastes->where('visible', 1)->count();
 $profile_total_private = $profile_info->pastes->where('visible', 2)->count();
 
 
-$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE user_id = ?');
-$query->execute([$profile_info['id']]);
-$profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);
+$profile_total_paste_views = Paste::select('views')->where('user_id', $profile_info->id)->sum('views');
 
 $profile_join_date = $profile_info['date'];
 
@@ -57,16 +55,12 @@ updatePageViews($conn);
 if (isset($_GET['del'])) {
     if ($current_user !== null) { // Prevent unauthorized deletes
         $paste_id = intval(trim($_GET['id']));
+        $paste = Paste::find($paste_id);
 
-        $query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?');
-        $query->execute([$paste_id]);
-        $result = $query->fetch();
-
-        if (empty($result) || $result['user_id'] !== $current_user->user_id) {
+        if (!$paste || $paste->user_id !== $current_user->user_id) {
             $error = 'That paste does not exist, or you are not the owner of it.';
         } else {
-            $query = $conn->prepare('DELETE FROM pastes WHERE id = ?');
-            $query->execute([$paste_id]);
+            $paste->delete();
             $success = 'Paste deleted successfully.';
         }
     } else {