PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

More Eloquent moves

Browse source
This commit is contained in:
Floorb 2021-11-02 08:46:40 -04:00
parent ab632347b6
commit f6cddef9aa
23 changed files with 139 additions and 376 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
admin/admin.php
View file

@ -1,10 +1,6 @@
<?php <?php
define('IN_PONEPASTE', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
$query = $conn->query('SELECT user FROM admin LIMIT 1');
$adminid = $query->fetch()['user'];
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -48,23 +44,13 @@ $adminid = $query->fetch()['user'];
<!-- End Menu --> <!-- End Menu -->
<?php <?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['password'])) {
$adminid = htmlentities(Trim($_POST['adminid']));
$password = password_hash($_POST['password'], PASSWORD_DEFAULT); $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$current_user->admin_password_hash = $password;
$query = "UPDATE admin SET user='$adminid', pass='$password' WHERE id='1'"; $current_user->save();
mysqli_query($con, $query); $msg = '<div class="paste-alert alert3" style="text-align: center;">
if (mysqli_errno($con)) {
$msg = '<div class="paste-alert alert6" style="text-align: center;">
' . mysqli_error($con) . '
</div>';
} else {
$msg = '<div class="paste-alert alert3" style="text-align: center;">
Account details updated. Account details updated.
</div>'; </div>';
}
} }
?> ?>
@ -90,14 +76,9 @@ $adminid = $query->fetch()['user'];
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" class="form-area" <form action="<?php echo $_SERVER['PHP_SELF']; ?>" class="form-area"
method="POST"> method="POST">
<div class="form-area"> <div class="form-area">
<div class="group">
<input type="text" id="adminid" name="adminid" class="form-control"
placeholder="Username" value="<?php echo $adminid; ?>">
<i class="fa fa-user"></i>
</div>
<div class="group"> <div class="group">
<input type="password" id="password" name="password" <input type="password" id="password" name="password"
class="form-control" placeholder="Password"> class="form-control" placeholder="Admin Password">
<i class="fa fa-key"></i> <i class="fa fa-key"></i>
</div> </div>
<button type="submit" class="btn btn-default btn-block">Save</button> <button type="submit" class="btn btn-default btn-block">Save</button>

127
admin/ads.php
View file

@ -1,127 +0,0 @@
<?php
define('IN_PONEPASTE', 1);
require_once('common.php');
updateAdminHistory($conn);
$row = $conn->query('SELECT text_ads, ads_1, ads_2 FROM ads LIMIT 1')->fetch();
if ($row) {
$text_ads = trim($row['text_ads']);
$ads_1 = trim($row['ads_1']);
$ads_2 = trim($row['ads_2']);
} else {
$text_ads = '';
$ads_1 = '';
$ads_2 = '';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$text_ads = trim($_POST['text_ads']);
$ads_1 = trim($_POST['ads_1']);
$ads_2 = trim($_POST['ads_2']);
$conn->prepare('UPDATE ads SET text_ads = ?, ads_1 = ?, ads_2 = ? WHERE id = 1')->execute([$text_ads, $ads_1, $ads_2]);
$msg = '<div class="paste-alert alert3">
Ads saved
</div>';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Paste - Ads</title>
<link rel="shortcut icon" href="favicon.ico">
<link href="css/paste.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="top" class="clearfix">
<!-- Start App Logo -->
<div class="applogo">
<a href="../" class="logo">Paste</a>
</div>
<!-- End App Logo -->
<!-- Start Top Right -->
<ul class="top-right">
<li class="dropdown link">
<a href="#" data-toggle="dropdown" class="dropdown-toggle profilebox"><b>Admin</b><span
class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-list dropdown-menu-right">
<li><a href="admin.php">Settings</a></li>
<li><a href="?logout">Logout</a></li>
</ul>
</li>
</ul>
<!-- End Top Right -->
</div>
<!-- END TOP -->
<div class="content">
<!-- START CONTAINER -->
<div class="container-widget">
<!-- Start Menu -->
<?php include 'menu.php'; ?>
<!-- End Menu -->
<!-- Start Ads -->
<div class="row">
<div class="col-md-12">
<div class="panel panel-widget">
<div class="panel-body">
<div class="panel-title">Manage Ads</a></div>
<?php if (isset($msg)) echo $msg; ?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div class="control-group">
<label class="control-label" for="text_ads">Text Ads</label>
<div class="controls">
<textarea placeholder="Ad code" name="text_ads" rows="3"
class="span6"><?php echo $text_ads; ?></textarea>
</div>
</div>
<div class="control-group">
<label class="control-label" for="ads_1">Image Ad - (Sidebar)</label>
<div class="controls">
<textarea placeholder="Ad code" name="ads_1" id="ads_1" rows="3"
class="span6"><?php echo $ads_1; ?></textarea>
</div>
</div>
<div class="control-group">
<label class="control-label" for="ads_2">Image Ad (Footer)</label>
<div class="controls">
<textarea placeholder="Ad code" name="ads_2" id="ads_2" rows="3"
class="span6"><?php echo $ads_2; ?></textarea>
</div>
</div>
<button type="submit" class="btn btn-default">Save</button>
</form>
</div>
</div>
</div>
</div>
<!-- End Ads -->
</div>
<!-- END CONTAINER -->
<!-- Start Footer -->
<div class="row footer">
<div class="col-md-6 text-left">
<a href="https://github.com/jordansamuel/PASTE" target="_blank">Updates</a> &mdash; <a
href="https://github.com/jordansamuel/PASTE/issues" target="_blank">Bugs</a>
</div>
<div class="col-md-6 text-right">
Powered by <a href="https://phpaste.sourceforge.io" target="_blank">Paste</a>
</div>
</div>
<!-- End Footer -->
</div>
<!-- End content -->
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/bootstrap.min.js"></script>
</body>
</html>

31
admin/common.php
View file

@ -2,27 +2,28 @@
if (!defined('IN_PONEPASTE')) { if (!defined('IN_PONEPASTE')) {
die('This file may not be accessed directly.'); die('This file may not be accessed directly.');
} }
require_once('../includes/common.php'); require_once('../includes/common.php');
function updateAdminHistory($conn) { use PonePaste\Models\AdminLog;
$last_date = null; use PonePaste\Models\User;
$last_ip = null;
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('jS F Y');
$query = $conn->query('SELECT ip, last_date FROM admin_history ORDER BY ID DESC LIMIT 1'); function updateAdminHistory(User $admin, int $action) {
$log = new AdminLog([
'user_id' => $admin->user_id,
'action' => $action,
'ip' => $_SERVER['REMOTE_ADDR']
]);
if ($row = $query->fetch()) { $log->save();
$last_date = $row['last_date'];
$last_ip = $row['ip'];
}
if ($last_ip !== $ip || $last_date !== $date) {
$conn->prepare('INSERT INTO admin_history (ip, last_date) VALUES (?, ?)')->execute([$date, $ip]);
}
} }
if (!isset($_SESSION['login'])) { if ($current_user === null || !$current_user->admin) {
header('Location: ..');
die();
}
if (!isset($_SESSION['admin_login'])) {
header('Location: .'); header('Location: .');
exit(); exit();
} }

8
admin/configuration.php
View file

@ -1,12 +1,12 @@
<?php <?php
use PonePaste\Models\AdminLog;
define('IN_PONEPASTE', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
const CONFIG_FILE_PATH = '../config/site.php'; const CONFIG_FILE_PATH = '../config/site.php';
updateAdminHistory($conn);
function updateConfiguration(string $path, array $new_config) { function updateConfiguration(string $path, array $new_config) {
$fp = fopen($path, 'w'); $fp = fopen($path, 'w');
@ -75,6 +75,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
Captcha settings saved Captcha settings saved
</div>'; </div>';
} }
updateAdminHistory($current_user, AdminLog::ACTION_EDIT_CONFIG);
} }
?> ?>

21
admin/dashboard.php
View file

@ -8,8 +8,6 @@ $today_pastes_count = 0;
require_once('../includes/common.php'); require_once('../includes/common.php');
require_once('../includes/functions.php'); require_once('../includes/functions.php');
updateAdminHistory($conn);
$query = $conn->query("SELECT @last_id := MAX(id) FROM page_view"); $query = $conn->query("SELECT @last_id := MAX(id) FROM page_view");
$row = $query->fetch(PDO::FETCH_NUM); $row = $query->fetch(PDO::FETCH_NUM);
$page_last_id = intval($row[0]); $page_last_id = intval($row[0]);
@ -58,6 +56,12 @@ for ($loop = 0; $loop <= 6; $loop++) {
$tvisit[$loop] = $row['tvisit']; $tvisit[$loop] = $row['tvisit'];
} }
} }
function getRecentadmin($count = 5) {
return Paste::with('user')
->orderBy('id')
->limit($count)->get();
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -200,18 +204,15 @@ for ($loop = 0; $loop <= 6; $loop++) {
</thead> </thead>
<tbody> <tbody>
<?php <?php
$most_recent_users = $conn->query('SELECT id, username, date, ip FROM users ORDER BY id DESC LIMIT 7')->fetchAll(); $most_recent_users = User::select('id', 'username', 'date', 'ip')->orderBy('id', 'desc')->limit(7);
$last_id = intval(
$conn->query('SELECT MAX(id) FROM users')->fetch(PDO::FETCH_NUM)[0]
);
foreach ($most_recent_users as $user) { foreach ($most_recent_users as $user) {
echo " echo "
<tr> <tr>
<td>${user['id']}</td> <td>$user->id</td>
<td>${user['username']}</td> <td>" . pp_html_escape($user->username) . "</td>
<td>${user['date']}</td> <td>$user->date</td>
<td><span class='label label-default'>${user['ip']}</span></td> <td><span class='label label-default'>$user->ip</span></td>
</tr> "; </tr> ";
} }

31
admin/index.php
View file

@ -2,18 +2,23 @@
define('IN_PONEPASTE', 1); define('IN_PONEPASTE', 1);
require_once(__DIR__ . '/../includes/common.php'); require_once(__DIR__ . '/../includes/common.php');
$row = $conn->querySelectOne('SELECT user, pass FROM admin LIMIT 1'); use PonePaste\Models\AdminLog;
$adminid = $row['user'];
$password = $row['pass']; if ($current_user === null || !$current_user->admin) {
header('Location: ..');
die();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($adminid === trim($_POST['username']) && password_verify($_POST['password'], $password)) { if (password_verify($_POST['password'], $current_user->admin_password_hash)) {
$_SESSION['login'] = true; updateAdminHistory($current_user, AdminLog::ACTION_LOGIN);
$_SESSION['admin_login'] = true;
header("Location: dashboard.php"); header("Location: dashboard.php");
exit(); exit();
} else { } else {
updateAdminHistory($current_user, AdminLog::ACTION_FAIL_LOGIN);
$msg = '<div class="paste-alert alert6" style="text-align:center;"> $msg = '<div class="paste-alert alert6" style="text-align:center;">
Wrong User/Password Wrong Password
</div>'; </div>';
} }
} }
@ -25,7 +30,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>Paste - Login</title> <title>PonePaste - Authenticate</title>
<link href="css/paste.css" rel="stylesheet"> <link href="css/paste.css" rel="stylesheet">
<style> <style>
body { body {
@ -42,11 +47,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
?> ?>
<form action="." method="post"> <form action="." method="post">
<div class="top"> <div class="top">
<h1>Paste</h1> <h1>PonePaste Admin Authentication</h1>
</div> </div>
<div class="form-area"> <div class="form-area">
<div class="group"> <div class="group">
<input type="text" class="form-control" id="username" name="username" placeholder="Username" value=""> <input type="text" class="form-control" id="username" name="username" disabled="disabled" value="<?= pp_html_escape($current_user->username); ?>">
<i class="fa fa-user"></i> <i class="fa fa-user"></i>
</div> </div>
<div class="group"> <div class="group">
@ -54,13 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
value=""> value="">
<i class="fa fa-key"></i> <i class="fa fa-key"></i>
</div> </div>
<!-- Not yet implemented <button type="submit" class="btn btn-default btn-block">Authenticate</button>
<div class="checkbox checkbox-primary">
<input id="rememberme" type="checkbox" checked="">
<label for="rememberme"> Remember Me</label>
</div>
-->
<button type="submit" class="btn btn-default btn-block">LOGIN</button>
</div> </div>
</form> </form>
</div> </div>

2
admin/pastes.php
View file

@ -1,8 +1,6 @@
<?php <?php
define('IN_PONEPASTE', 1); define('IN_PONEPASTE', 1);
require_once('common.php'); require_once('common.php');
updateAdminHistory($conn);
?> ?>
<!DOCTYPE html> <!DOCTYPE html>

39
admin/users.php
View file

@ -96,56 +96,42 @@ require_once(__DIR__ . '/common.php');
<div class="panel panel-widget"> <div class="panel panel-widget">
<?php <?php
if (isset($_GET['details'])) { if (isset($_GET['details'])) {
$row = $conn->querySelectOne('SELECT username, platform, verified, banned, date, ip FROM users WHERE id = ?', [$_GET['details']]); $user = User::find($_GET['details']);
$user_username = $row['username'];
$user_full_name = $row['full_name'];
$user_platform = Trim($row['platform']);
$user_date = $row['date']; $user_date = $row['date'];
$user_ip = $row['ip'];
$detail_id = htmlentities(Trim($_GET['details'])); if ($user->banned) {
if ($row['banned']) {
$user_verified = 'Banned'; $user_verified = 'Banned';
} elseif ($row['verified']) { } elseif ($user->verified) {
$user_verified = 'Verified'; $user_verified = 'Verified';
} else { } else {
$user_verified = 'Unverified'; $user_verified = 'Unverified';
} }
?> ?>
<div class="panel-body"> <div class="panel-body">
<div class="panel-title"> <div class="panel-title">
<?php echo $user_username . ' Details'; ?> <?= pp_html_escape($user->username) . ' Details'; ?>
</div> </div>
<table class="table table-striped table-bordered"> <table class="table table-striped table-bordered">
<tbody> <tbody>
<tr> <tr>
<td> Username</td> <td> Username</td>
<td> <?php echo $user_username; ?> </td> <td><?= pp_html_escape($user->username) ?> </td>
</tr> </tr>
<tr> <tr>
<td> Platform</td> <td>Status</td>
<td> <?php echo $user_platform; ?> </td> <td><?= $user_verified ?></td>
</tr>
<tr>
<td> Status</td>
<td> <?php echo $user_verified; ?> </td>
</tr> </tr>
<tr> <tr>
<td> User IP</td> <td> User IP</td>
<td> <?php echo $user_ip; ?> </td> <td><?= $user->ip ?> </td>
</tr> </tr>
<tr> <tr>
<td> Date Registered</td> <td>Date Registered</td>
<td> <?php echo $user_date; ?> </td> <td><?php echo $user_date; ?> </td>
</tr>
<tr>
<td> Full Name</td>
<td> <?php echo $user_full_name; ?> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -166,7 +152,6 @@ require_once(__DIR__ . '/common.php');
<th>ID</th> <th>ID</th>
<th>Username</th> <th>Username</th>
<th>Date Registered</th> <th>Date Registered</th>
<th>Platform</th>
<th>Ban User</th> <th>Ban User</th>
<th>Profile</th> <th>Profile</th>
<th>Delete</th> <th>Delete</th>

7
api/tags_autocomplete.php
View file

@ -17,8 +17,11 @@ if (empty($_GET['tag'])) {
$tag_name = Tag::cleanTagName($_GET['tag']); $tag_name = Tag::cleanTagName($_GET['tag']);
$results = $conn->query('SELECT name FROM tags WHERE name LIKE ? AND name != ?', [escapeLikeQuery($tag_name) . '%', $tag_name]); $results = Tag::select('name')
$tags = $results->fetchAll(PDO::FETCH_ASSOC); ->where('name', 'LIKE', escapeLikeQuery($tag_name))
->andWhere('name', '!=', $tag_name)
->fetchAll()
->toArray();
array_push($tags, ['name' => $tag_name]); array_push($tags, ['name' => $tag_name]);

23
fav.php
View file

@ -1,23 +0,0 @@
<?php
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
if ($current_user && !empty($_POST['fid'])) {
$paste_id = intval($_POST['fid']);
$query = $conn->prepare('SELECT 1 FROM pins WHERE paste_id = ? AND user_id = ?');
$query->execute([$paste_id, $current_user->user_id]);
if ($query->fetch()) { /* Already favorited */
$query = $conn->prepare('DELETE FROM pins WHERE paste_id = ? AND user_id = ?');
} else {
$query = $conn->prepare('INSERT INTO pins (paste_id, user_id, f_time) VALUES (?, ?, NOW())');
}
$query->execute([$paste_id, $current_user->user_id]);
$error = 'Paste has been favorited.';
}
// Theme
$page_template = 'report';
require_once('theme/' . $default_theme . '/common.php');

6
includes/DatabaseHandle.class.php
View file

@ -35,10 +35,4 @@ class DatabaseHandle {
return null; return null;
} }
public function queryInsert(string $query, array $params = null) : int {
$this->query($query, $params);
return (int) $this->conn->lastInsertId();
}
} }

12
includes/Models/AdminLog.php Normal file
View file

@ -0,0 +1,12 @@
<?php
namespace PonePaste\Models;
use Illuminate\Database\Eloquent\Model;
class AdminLog extends Model {
public const ACTION_LOGIN = 0;
public const ACTION_FAIL_LOGIN = 1;
public const ACTION_EDIT_CONFIG = 2;
protected $table = 'admin_logs';
protected $fillable = ['user_id', 'action', 'ip', 'time'];
}

4
includes/Models/Paste.php
View file

@ -21,6 +21,10 @@ class Paste extends Model {
return $this->belongsToMany(Tag::class, 'paste_taggings'); return $this->belongsToMany(Tag::class, 'paste_taggings');
} }
public function favouriters() {
return $this->belongsToMany(User::class, 'user_favourites');
}
public function replaceTags(array $tags) { public function replaceTags(array $tags) {
$this->tags()->detach(); $this->tags()->detach();

1
includes/common.php
View file

@ -112,6 +112,7 @@ function pp_html_escape(string $unescaped) : string {
return htmlspecialchars($unescaped, ENT_QUOTES, 'UTF-8', false); return htmlspecialchars($unescaped, ENT_QUOTES, 'UTF-8', false);
} }
/* I think there is one row for each day, and in that row, tpage = non-unique, tvisit = unique page views for that day */
function updatePageViews(DatabaseHandle $conn) : void { function updatePageViews(DatabaseHandle $conn) : void {
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$date = date('jS F Y'); $date = date('jS F Y');

44
includes/functions.php
View file

@ -104,35 +104,14 @@ function linkify($value, $protocols = array('http', 'mail'), array $attributes =
}, $value); }, $value);
} }
function getUserRecom(DatabaseHandle $conn, int $user_id) : array {
$query = $conn->prepare(
"SELECT pastes.id AS id, users.username AS member, title, visible
FROM pastes
INNER JOIN users ON pastes.user_id = users.id
WHERE pastes.visible = '0' AND users.id = ?
ORDER BY id DESC
LIMIT 0, 5");
$query->execute([$user_id]);
return $query->fetchAll();
}
function formatBytes($size, $precision = 2) { function formatBytes($size, $precision = 2) {
$base = log($size, 1024); $base = log($size, 1024);
$suffixes = array('B', 'KB', 'MB', 'GB', 'TB'); $suffixes = ['B', 'KB', 'MB', 'GB', 'TB'];
return round(pow(1024, $base - floor($base)), $precision) . ' ' . $suffixes[floor($base)]; return round(pow(1024, $base - floor($base)), $precision) . ' ' . $suffixes[floor($base)];
} }
function getRecentadmin($conn, $count = 5) {
$query = $conn->prepare(
'SELECT pastes.id AS id, pastes.ip AS ip, title, created_at, views, users.username AS member
FROM pastes
INNER JOIN users ON users.id = pastes.user_id
ORDER BY id DESC LIMIT 0, ?');
$query->execute([$count]);
return $query->fetchAll();
}
function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string { function friendlyDateDifference(DateTime $lesser, DateTime $greater) : string {
@ -182,27 +161,6 @@ function truncate(string $input, int $maxWords, int $maxChars) : string {
return $result . ($input == $result ? '' : '[...]'); return $result . ($input == $result ? '' : '[...]');
} }
function doDownload($paste_id, $p_title, $p_member, $p_conntent, $p_code) {
$stats = false;
if ($p_code) {
// Figure out extensions.
$ext = match ($p_code) {
default => 'txt',
};
// Download
$p_title = stripslashes($p_title);
header('content-type: text/plain');
header('content-Disposition: attachment; filename="' . $paste_id . '_' . $p_title . '_' . $p_member . '.' . $ext . '"');
echo $p_conntent;
$stats = true;
} else {
// 404
header('HTTP/1.1 404 Not Found');
}
return $stats;
}
function embedView($paste_id, $p_title, $content, $p_code, $title, $baseurl, $lang) { function embedView($paste_id, $p_title, $content, $p_code, $title, $baseurl, $lang) {
$stats = false; $stats = false;
if ($content) { if ($content) {

20
index.php
View file

@ -46,7 +46,6 @@ function calculatePasteExpiry(string $expiry) {
} }
function validatePasteFields() : string|null { function validatePasteFields() : string|null {
if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */ if (empty($_POST["paste_data"]) || trim($_POST['paste_data'] === '')) { /* Empty paste input */
return 'You cannot post an empty paste.'; return 'You cannot post an empty paste.';
} elseif (!isset($_POST['title'])) { /* No paste title POSTed */ } elseif (!isset($_POST['title'])) { /* No paste title POSTed */
@ -104,7 +103,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$paste_visibility = $_POST['visibility']; $paste_visibility = $_POST['visibility'];
$paste_code = $_POST['format']; $paste_code = $_POST['format'];
$paste_password = $_POST['pass']; $paste_password = $_POST['pass'];
$paste_encrypt = $_POST['encrypted'] === 'on'; // TODO: Make sure this works!
$p_expiry = trim(htmlspecialchars($_POST['paste_expire_date'])); $p_expiry = trim(htmlspecialchars($_POST['paste_expire_date']));
$tag_input = $_POST['tag_input']; $tag_input = $_POST['tag_input'];
@ -115,20 +113,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$paste_password = password_hash($paste_password, PASSWORD_DEFAULT); $paste_password = password_hash($paste_password, PASSWORD_DEFAULT);
} }
if ($paste_encrypt) { $paste_content = openssl_encrypt(
$paste_content = openssl_encrypt($paste_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY); $_POST['paste_data'],
} PP_ENCRYPTION_ALGO,
PP_ENCRYPTION_KEY
);
// Set expiry time // Set expiry time
$expires = calculatePasteExpiry($p_expiry); $expires = calculatePasteExpiry($p_expiry);
// Edit existing paste or create new? // Edit existing paste or create new?
if ($editing) { if ($editing) {
$paste = Paste::find($_POST['paste_id']);
if ($current_user && if ($current_user &&
$current_user->user_id === (int) $conn->querySelectOne('SELECT user_id FROM pastes WHERE id = ?', [$_POST['paste_id']])['user_id']) { $current_user->user_id === $paste->user_id) {
$paste_id = intval($_POST['paste_id']); $paste_id = $paste->id;
$paste = Paste::find(intval($_POST['paste_id']));
$paste->update([ $paste->update([
'title' => $paste_title, 'title' => $paste_title,
'content' => $paste_content, 'content' => $paste_content,
@ -136,7 +135,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
'code' => $paste_code, 'code' => $paste_code,
'expiry' => $expires, 'expiry' => $expires,
'password' => $paste_password, 'password' => $paste_password,
'encrypt' => $paste_encrypt,
'ip' => $ip 'ip' => $ip
]); ]);
@ -153,7 +151,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
'visible' => $paste_visibility, 'visible' => $paste_visibility,
'expiry' => $expires, 'expiry' => $expires,
'password' => $paste_password, 'password' => $paste_password,
'encrypt' => $paste_encrypt, 'encrypt' => true,
'created_at' => date_create(), 'created_at' => date_create(),
'ip' => $ip 'ip' => $ip
]); ]);

1
pages.php
View file

@ -18,6 +18,7 @@ if (isset($_GET['page'])) {
$p_title = $page_title; $p_title = $page_title;
} }
} }
// Theme // Theme
$page_template = 'pages'; $page_template = 'pages';
require_once('theme/' . $default_theme . '/common.php'); require_once('theme/' . $default_theme . '/common.php');

37
paste.php
View file

@ -6,6 +6,7 @@ require_once('includes/passwords.php');
use Highlight\Highlighter; use Highlight\Highlighter;
use PonePaste\Models\Paste; use PonePaste\Models\Paste;
use PonePaste\Models\User;
function rawView($content, $p_code) { function rawView($content, $p_code) {
if ($p_code) { if ($p_code) {
@ -16,6 +17,22 @@ function rawView($content, $p_code) {
} }
} }
function getUserRecommended(User $user) {
return Paste::where('visible', '0')
->where('user_id', $user->id)
->orderBy('id')->limit(5)
->get();
/*$query = $conn->prepare(
"SELECT pastes.id AS id, users.username AS member, title, visible
FROM pastes
INNER JOIN users ON pastes.user_id = users.id
WHERE pastes.visible = '0' AND users.id = ?
ORDER BY id DESC
LIMIT 0, 5");
$query->execute([$user_id]);
return $query->fetchAll();*/
}
$paste_id = intval(trim($_REQUEST['id'])); $paste_id = intval(trim($_REQUEST['id']));
updatePageViews($conn); updatePageViews($conn);
@ -23,20 +40,8 @@ updatePageViews($conn);
// This is used in the theme files. // This is used in the theme files.
$totalpastes = Paste::count(); $totalpastes = Paste::count();
// Get paste favorite count
$fav_count = $conn->querySelectOne('SELECT COUNT(*) FROM user_favourites WHERE paste_id = ?', [$paste_id], PDO::FETCH_NUM)[0];
// Get paste info
/*$row = $conn->querySelectOne(
'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, users.username AS member, users.id AS user_id
FROM pastes
INNER JOIN users ON users.id = pastes.user_id
WHERE pastes.id = ?', [$paste_id]);*/
$paste = Paste::find($paste_id); $paste = Paste::find($paste_id);
$notfound = null; $notfound = null;
$is_private = false; $is_private = false;
@ -50,6 +55,8 @@ $paste_owner_id = $paste->user->id;
$paste_title = $paste->title; $paste_title = $paste->title;
$paste_code = $paste->code; $paste_code = $paste->code;
$using_highlighter = $paste_code !== 'pastedown'; $using_highlighter = $paste_code !== 'pastedown';
$fav_count = $paste->favouriters()->count();
/*$paste = [ /*$paste = [
'title' => $paste_title, 'title' => $paste_title,
@ -126,7 +133,9 @@ $op_content = trim(htmlspecialchars_decode($p_content));
// Download the paste // Download the paste
if (isset($_GET['download'])) { if (isset($_GET['download'])) {
doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code); header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename="' . $paste->id . '_' . pp_html_escape($paste->title) . '_' . pp_html_escape($paste->user->username) . '.txt"');
echo $op_content;
exit(); exit();
} }
@ -208,6 +217,7 @@ if (@$_SESSION['not_unique'] !== $paste_id) {
} }
$page_template = 'view'; $page_template = 'view';
$recommended_pastes = getUserRecommended($paste->user);
Not_Valid_Paste: Not_Valid_Paste:
@ -216,6 +226,5 @@ if ($is_private || $notfound || !$password_valid) {
// Display errors // Display errors
$page_template = 'errors'; $page_template = 'errors';
} }
require_once('theme/' . $default_theme . '/common.php'); require_once('theme/' . $default_theme . '/common.php');

7
profile.php
View file

@ -13,7 +13,6 @@ if ($current_user === null) {
} }
$user_username = $current_user->username; $user_username = $current_user->username;
$row = $query->fetch();
$user_id = $current_user->id; $user_id = $current_user->id;
$user_date = $current_user->date; $user_date = $current_user->date;
$user_ip = $current_user->ip; $user_ip = $current_user->ip;
@ -26,8 +25,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (pp_password_verify($user_old_pass, $user_password)) { if (pp_password_verify($user_old_pass, $user_password)) {
$user_new_cpass = pp_password_hash($_POST['password']); $user_new_cpass = pp_password_hash($_POST['password']);
$conn->prepare('UPDATE users SET password = ? WHERE id = ?') $current_user->password = $user_new_cpass;
->execute([$user_new_cpass, $user_id]); $current_user->save();
$success = 'Your profile has been updated.'; $success = 'Your profile has been updated.';
} else { } else {
@ -40,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
updatePageViews($conn); updatePageViews($conn);
$total_user_pastes = Paste::where('user_id', $current_user->user_id)->count(); $total_user_pastes = Paste::where('user_id', $current_user->id)->count();
// Theme // Theme
$page_template = 'profile'; $page_template = 'profile';

2
theme/bulma/common.php
View file

@ -367,7 +367,7 @@ $flashes = getFlashes();
<!-- Additional Scripts --> <!-- Additional Scripts -->
<?php echo $additional_scripts; ?> <?php /* echo $additional_scripts; */ ?>
</body> </body>
</html> </html>

16
theme/bulma/main.php
View file

@ -280,22 +280,10 @@
<div class="level-left"> <div class="level-left">
<!-- Encrypted --> <!-- Encrypted -->
<div class="field"> <div class="field">
<?php
$encrypted_checked = "";
if ($_POST) {
// We came here from an error, carry the checkbox setting forward
if (isset($_POST['encrypted'])) {
$encrypted_checked = "checked";
}
} else {
// Fresh paste. Default to encrypted on
$encrypted_checked = "checked";
}
?>
<input class="is-checkradio is-info has-background-color" id="encrypt" <input class="is-checkradio is-info has-background-color" id="encrypt"
name="encrypted" type="checkbox" <?php echo $encrypted_checked; ?>> checked="checked" disabled="disabled" type="checkbox">
<label for="encrypt"> <label for="encrypt">
Encrypt on Server Encrypt on Server (always enabled)
</label> </label>
</div> </div>
</div> </div>

33
theme/bulma/view.php
View file

@ -243,40 +243,25 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<?php endif; ?> <?php endif; ?>
</div> </div>
<!-- Guests --> <!-- Guests -->
<?php if ($current_user === null || $current_user->user_id !== $paste['user_id']) { ?> <?php if ($totalpastes !== 0 && ($current_user === null || $current_user->user_id !== $paste['user_id'])) { ?>
<hr> <hr>
<label class="label">More from this Author </label> <label class="label">More from this Author </label>
<?php <?php
$rec = getUserRecom($conn, $paste['user_id']); foreach ($recommended_pastes as $paste) {
foreach ($rec as $index => $row) {
$title = Trim($row['title']); $title = Trim($row['title']);
$p_id = Trim($row['id']);
$titlehov = ($row['title']); $titlehov = ($row['title']);
$long_title = pp_html_escape($row['title']); $long_title = pp_html_escape($row['title']);
$title = pp_html_escape(truncate($row['title'], 24, 60)); $title = pp_html_escape(truncate($row['title'], 24, 60));
?> ?>
<p class="no-margin"> <p class="no-margin">
<?php <header class="bd-category-header my-1">
if (PP_MOD_REWRITE) { <a href="<?= urlForPaste($paste) ?>" title="<?= pp_html_escape($paste->title) ?>">
echo '<header class="bd-category-header my-1"> <?= pp_html_escape(truncate($paste->title, 24, 60)) ?>
<a href="' . $p_id . '" title="' . $long_title . '">' . $title . ' </a> </a>
<p class="subtitle is-7">' . 'by ' . ' <p class="subtitle is-7">by <i><?= pp_html_escape($paste->user->username) ?></i></p>
<i>' . $row['member'] . '</i>' . ' </header>
</p>' . <?php } ?>
'</header>';
} else {
echo '<a href="' . $p_id . '" title="' . $titlehov . '">' . ucfirst($title) . '</a>';
}
}
// Display a message if the pastebin is empty
if ($totalpastes === 0) {
echo 'There are no pastes to show.';
} ?>
</p>
<?php } else { ?> <?php } else { ?>
<!-- Paste Panel --> <!-- Paste Panel -->
<hr> <hr>

14
user.php
View file

@ -42,9 +42,7 @@ $profile_total_unlisted = $profile_info->pastes->where('visible', 1)->count();
$profile_total_private = $profile_info->pastes->where('visible', 2)->count(); $profile_total_private = $profile_info->pastes->where('visible', 2)->count();
$query = $conn->prepare('SELECT SUM(views) FROM pastes WHERE user_id = ?'); $profile_total_paste_views = Paste::select('views')->where('user_id', $profile_info->id)->sum('views');
$query->execute([$profile_info['id']]);
$profile_total_paste_views = intval($query->fetch(PDO::FETCH_NUM)[0]);
$profile_join_date = $profile_info['date']; $profile_join_date = $profile_info['date'];
@ -57,16 +55,12 @@ updatePageViews($conn);
if (isset($_GET['del'])) { if (isset($_GET['del'])) {
if ($current_user !== null) { // Prevent unauthorized deletes if ($current_user !== null) { // Prevent unauthorized deletes
$paste_id = intval(trim($_GET['id'])); $paste_id = intval(trim($_GET['id']));
$paste = Paste::find($paste_id);
$query = $conn->prepare('SELECT user_id FROM pastes WHERE id = ?'); if (!$paste || $paste->user_id !== $current_user->user_id) {
$query->execute([$paste_id]);
$result = $query->fetch();
if (empty($result) || $result['user_id'] !== $current_user->user_id) {
$error = 'That paste does not exist, or you are not the owner of it.'; $error = 'That paste does not exist, or you are not the owner of it.';
} else { } else {
$query = $conn->prepare('DELETE FROM pastes WHERE id = ?'); $paste->delete();
$query->execute([$paste_id]);
$success = 'Paste deleted successfully.'; $success = 'Paste deleted successfully.';
} }
} else { } else {