where('user_id', $user->id) ->orderBy('id')->limit(5) ->get(); /*$query = $conn->prepare( "SELECT pastes.id AS id, users.username AS member, title, visible FROM pastes INNER JOIN users ON pastes.user_id = users.id WHERE pastes.visible = '0' AND users.id = ? ORDER BY id DESC LIMIT 0, 5"); $query->execute([$user_id]); return $query->fetchAll();*/ } updatePageViews(); // This is used in the theme files. $totalpastes = Paste::count(); $paste = Paste::with('user')->find((int) trim($_REQUEST['id'])); $is_private = false; $error = null; if (!$paste) { header('HTTP/1.1 404 Not Found'); $error = 'Not found'; goto Not_Valid_Paste; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!verifyCsrfToken()) { $error = 'Invalid CSRF token (do you have cookies enabled?)'; goto Not_Valid_Paste; } } /* $password_ok_pastes is an array of IDs of pastes for which a correct password has already been entered this session. */ if (isset($_SESSION['password_ok'])) { $password_ok_pastes = json_decode($_SESSION['password_ok']); } else { $password_ok_pastes = []; } $paste_owner_id = $paste->user->id; $paste_title = $paste->title; $paste_code = $paste->code; $using_highlighter = $paste_code !== 'pastedown'; $fav_count = $paste->favouriters()->count(); $p_content = $paste->content; $p_password = $paste->password; $paste_is_favourited = $current_user !== null && $current_user->favourites->where('id', $paste->id)->count() === 1; $is_private = $paste->visible === Paste::VISIBILITY_PRIVATE; if (!can('view', $paste)) { $error = 'This is a private paste. If you created this paste, please log in to view it.'; goto Not_Valid_Paste; } /* Paste deletion */ if (isset($_POST['delete'])) { if (!can('delete', $paste)) { $error = 'You cannot delete someone else\'s paste!'; goto Not_Valid_Paste; } $paste->delete(); flashSuccess('Paste deleted.'); header('Location: ' . urlForMember($current_user)); die(); } /* Verify paste password */ $password_required = $p_password !== null && $p_password !== 'NONE'; $password_valid = true; if ($password_required && !in_array($paste->id, $password_ok_pastes)) { if (empty($_POST['mypass'])) { $password_valid = false; $error = 'This paste is password protected.'; goto Not_Valid_Paste; } elseif (!pp_password_verify($_POST['mypass'], $p_password)) { $password_valid = false; $error = 'The provided password is incorrect.'; goto Not_Valid_Paste; } $password_ok_pastes[] = $paste->id; $_SESSION['password_ok'] = json_encode($password_ok_pastes); } if (PP_MOD_REWRITE) { $p_download = "download/$paste->id"; $p_raw = "raw/$paste->id"; $p_embed = "embed/$paste->id"; } else { $p_download = "paste.php?download&id=$paste->id"; $p_raw = "paste.php?raw&id=$paste->id"; $p_embed = "paste.php?embed&id=$paste->id"; } /* Expiry */ if (!empty($paste->expiry)) { if ($paste->expiry === 'SELF') { $paste->delete(); flashWarning('This paste has self-destructed - if you close this window, you will no longer be able to view it!'); } else if (time() > (int) $paste->expiry) { $paste->delete(); $error = 'This paste has expired.'; goto Not_Valid_Paste; } } /* handle favouriting */ if (isset($_POST['fave']) && $current_user) { if ($paste_is_favourited) { $current_user->favourites()->detach($paste); } else { $current_user->favourites()->attach($paste); } $paste_is_favourited = !$paste_is_favourited; } if ($paste->encrypt) { $p_content = openssl_decrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY); } $op_content = trim(htmlspecialchars_decode($p_content)); // Download the paste if (isset($_GET['download'])) { header('Content-Type: text/plain'); header('Content-Disposition: attachment; filename="' . $paste->id . '_' . pp_html_escape($paste->title) . '_' . pp_html_escape($paste->user->username) . '.txt"'); echo $op_content; exit(); } // Raw view if (isset($_GET['raw'])) { rawView($op_content, $paste_code); exit(); } // Preprocess $highlight = []; $prefix_size = strlen('!highlight!'); $lines = explode("\n", $p_content); $p_content = ""; foreach ($lines as $idx => $line) { if (substr($line, 0, $prefix_size) == '!highlight!') { $highlight[] = $idx + 1; $line = substr($line, $prefix_size); } $p_content .= $line . "\n"; } $p_content = rtrim($p_content); // Apply syntax highlight $p_content = htmlspecialchars_decode($p_content); if ($paste_code === "pastedown") { $parsedown = new Parsedown(); $parsedown->setSafeMode(true); $p_content = $parsedown->text($p_content); } else { Highlighter::registerLanguage('green', 'config/green.lang.json'); $hl = new Highlighter(); $highlighted = $hl->highlight($paste_code == 'text' ? 'plaintext' : $paste_code, $p_content)->value; $lines = HighlightUtilities\splitCodeIntoArray($highlighted); } // Embed view after highlighting is applied so that $p_code is syntax highlighted as it should be. if (isset($_GET['embed'])) { embedView($paste->id, $paste->title, $p_content, $title); exit(); } // View counter if (!isRequesterLikelyBot() && @$_SESSION['not_unique'] !== $paste->id) { $_SESSION['not_unique'] = $paste->id; $paste->views += 1; $paste->save(); } $page_title = $paste->title; $page_template = 'view'; $recommended_pastes = getUserRecommended($paste->user); /* We arrive at this GOTO from various errors */ Not_Valid_Paste: if ($error) { $page_title = 'Error'; $page_template = 'errors'; } $csrf_token = setupCsrfToken(); require_once(__DIR__ . '/../theme/' . $default_theme . '/common.php');