PageRenderTime 1652ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/sticky-notes/show.php

#
PHP | 261 lines | 195 code | 35 blank | 31 comment | 68 complexity | baea4accc1d49d6250394a810feb7658 MD5 | raw file
Possible License(s): BSD-3-Clause 
    

  1. <?php
    2. 

  2. /**
    3. 

  3. * Sticky Notes pastebin
    4. 

  4. * @ver 0.3
    5. 

  5. * @license BSD License - www.opensource.org/licenses/bsd-license.php
    6. 

  6. *
    7. 

  7. * Copyright (c) 2012 Sayak Banerjee <sayakb@kde.org>
    8. 

  8. * All rights reserved. Do not remove this copyright notice.
    9. 

  9. */
    10. 

  10. 

  11. // Invoke required files
    12. 

  12. include_once('init.php');
    13. 

  13. 

  14. // Collect some data
    15. 

  15. $paste_id = $core->variable('id', 0);
    16. 

  16. $hash = $core->variable('hash', 0);
    17. 

  17. $mode = $core->variable('mode', '');
    18. 

  18. $project = $core->variable('project', '');
    19. 

  19. $password = $core->variable('password', '');
    20. 

  20. $sid = $core->variable('session_id_' . $paste_id, '', true);
    21. 

  21. $mode = strtolower($mode);
    22. 

  22. 

  23. // Password exempt
    24. 

  24. $exempt = false;
    25. 

  25. 

  26. // Trim trailing /
    27. 

  27. if (strrpos($password, '/') == strlen($password) - 1)
    28. 

  28. {
    29. 

  29.     $password = substr($password, 0, strlen($password) - 1);
    30. 

  30. }
    31. 

  31. 

  32. if (empty($mode))
    33. 

  33. {
    34. 

  34.     $mode = $core->variable('format', '');
    35. 

  35.     $_GET['mode'] = $mode;
    36. 

  36. }
    37. 

  37. 

  38. // Check for mode validity
    39. 

  39. if ($mode && $mode != 'raw' && $mode != 'xml' && $mode != 'json')
    40. 

  40. {
    41. 

  41.     die;
    42. 

  42. }
    43. 

  43. 

  44. // Initialize the skin file
    45. 

  45. if ($mode != 'raw')
    46. 

  46. {
    47. 

  47.     $skin->init('tpl_show');
    48. 

  48. }
    49. 

  49. 

  50. // We want paste id
    51. 

  51. if ($paste_id == 0)
    52. 

  52. {
    53. 

  53.     $core->redirect($core->path() . 'all/');
    54. 

  54. }
    55. 

  55. 

  56. // Escape the paste id
    57. 

  57. $db->escape($paste_id);
    58. 

  58. 

  59. // Get the paste data
    60. 

  60. $sql = "SELECT * FROM {$db->prefix}main WHERE id = {$paste_id} LIMIT 1";
    61. 

  61. $row = $db->query($sql, true);
    62. 

  62. 

  63. // Check if something was returned
    64. 

  64. if ($row == null)
    65. 

  65. {
    66. 

  66.     if ($mode == 'xml' || $mode == 'json')
    67. 

  67.     {
    68. 

  68.         $skin->assign('error_message', 'err_not_found');
    69. 

  69.         echo $skin->output("api_error.{$mode}");
    70. 

  70.         die;
    71. 

  71.     }
    72. 

  72.     else if ($mode == 'raw')
    73. 

  73.     {
    74. 

  74.         die($lang->get('error_404'));
    75. 

  75.     }
    76. 

  76.     else
    77. 

  77.     {
    78. 

  78.         $skin->assign(array(
    79. 

  79.             'error_text'        => $lang->get('error_404'),
    80. 

  80.             'data_visibility'    => 'hidden',
    81. 

  81.         ));
    82. 

  82. 

  83.         $skin->kill();
    84. 

  84.     }
    85. 

  85. }
    86. 

  86. 

  87. // Is it a private paste?
    88. 

  88. if ($row['private'] == "1")
    89. 

  89. {
    90. 

  90.     if (empty($hash) || $row['hash'] != $hash)
    91. 

  91.     {
    92. 

  92.         if ($mode == 'xml' || $mode == 'json')
    93. 

  93.         {
    94. 

  94.             $skin->assign('error_message', 'err_invalid_hash');
    95. 

  95.             echo $skin->output("api_error.{$mode}");
    96. 

  96.             die;
    97. 

  97.         }
    98. 

  98.         else if ($mode == 'raw')
    99. 

  99.         {
    100. 

  100.             die($lang->get('error_hash'));
    101. 

  101.         }
    102. 

  102.         else
    103. 

  103.         {
    104. 

  104.             $skin->assign(array(
    105. 

  105.                 'error_text'        => $lang->get('error_hash'),
    106. 

  106.                 'data_visibility'   => 'hidden',
    107. 

  107.             ));
    108. 

  108. 

  109.             $skin->kill();
    110. 

  110.         }
    111. 

  111.     }
    112. 

  112. }
    113. 

  113. 

  114. // Check if password cookie is there
    115. 

  115. if (!empty($row['password']) && !empty($sid))
    116. 

  116. {
    117. 

  117.     // Escape the session id
    118. 

  118.     $db->escape($sid);
    119. 

  119.     
    120. 

  120.     // Clean up the session data every 30 seconds
    121. 

  121.     if (time() % 30 == 0)
    122. 

  122.     {
    123. 

  123.         $age = time() - 1200;
    124. 

  124.         $db->query("DELETE FROM {$db->prefix}session " .
    125. 

  125.                    "WHERE timestamp < {$age}");
    126. 

  126.     }
    127. 

  127. 

  128.     $pass_data = $db->query("SELECT sid FROM {$db->prefix}session " .
    129. 

  129.                             "WHERE sid = '{$sid}'", true);
    130. 

  130. 

  131.     if (!empty($pass_data['sid']))
    132. 

  132.     {
    133. 

  133.         $exempt = true;
    134. 

  134.     }
    135. 

  135. }
    136. 

  136. 

  137. // Is it password protected?
    138. 

  138. if (!empty($row['password']) && empty($password) && !$exempt)
    139. 

  139. {
    140. 

  140.     if ($mode == 'xml' || $mode == 'json')
    141. 

  141.     {
    142. 

  142.         $skin->assign('error_message', 'err_password_required');
    143. 

  143.         echo $skin->output("api_error.{$mode}");
    144. 

  144.         die;
    145. 

  145.     }
    146. 

  146.     else if ($mode == 'raw')
    147. 

  147.     {
    148. 

  148.         die($lang->get('err_passreqd'));
    149. 

  149.     }
    150. 

  150.     else
    151. 

  151.     {
    152. 

  152.         $skin->init('tpl_show_password');
    153. 

  153.         $skin->title("#{$row['id']} &bull; " . $lang->get('site_title'));
    154. 

  154.         $skin->output();
    155. 

  155. 

  156.         exit;
    157. 

  157.     }
    158. 

  158. }
    159. 

  159. 

  160. // Check password
    161. 

  161. if (!empty($row['password']) && !empty($password) && !$exempt)
    162. 

  162. {
    163. 

  163.     $check = sha1(sha1($password) . $row['salt']);
    164. 

  164. 

  165.     if ($check != $row['password'])
    166. 

  166.     {
    167. 

  167.         if ($mode == 'xml' || $mode == 'json')
    168. 

  168.         {
    169. 

  169.             $skin->assign('error_message', 'err_invalid_password');
    170. 

  170.             echo $skin->output("api_error.{$mode}");
    171. 

  171.             die;
    172. 

  172.         }
    173. 

  173.         else if ($mode == 'raw')
    174. 

  174.         {
    175. 

  175.             die($lang->get('invalid_password'));
    176. 

  176.         }
    177. 

  177.         else
    178. 

  178.         {
    179. 

  179.             $skin->assign(array(
    180. 

  180.                 'error_text'        => $lang->get('invalid_password'),
    181. 

  181.                 'data_visibility'    => 'hidden',
    182. 

  182.             ));
    183. 

  183. 

  184.             $skin->kill();
    185. 

  185.         }
    186. 

  186.     }
    187. 

  187.     else
    188. 

  188.     {
    189. 

  189.         // Create a session
    190. 

  190.         $sid = sha1(time() . $core->remote_ip());
    191. 

  191. 

  192.         $core->set_cookie('session_id_' . $paste_id, $sid);
    193. 

  193.         $db->query("INSERT INTO {$db->prefix}session " .
    194. 

  194.                    "(sid, timestamp) VALUES ('{$sid}', " . time() . ")");
    195. 

  195.     }
    196. 

  196. }
    197. 

  197. 

  198. // Is it raw? just dump the code then
    199. 

  199. if ($mode == 'raw')
    200. 

  200. {
    201. 

  201.     header('Content-type: text/plain; charset=UTF-8');
    202. 

  202.     header('Content-Disposition: inline; filename="pastedata"');
    203. 

  203.     
    204. 

  204.     echo $row['data'];
    205. 

  205.     exit;
    206. 

  206. }
    207. 

  207. 

  208. // Prepare GeSHi
    209. 

  209. $geshi = new GeSHi($row['data'], $row['language']);
    210. 

  210. $geshi->enable_line_numbers(GESHI_FANCY_LINE_NUMBERS, 2);
    211. 

  211. $geshi->set_header_type(GESHI_HEADER_DIV);
    212. 

  212. $geshi->set_line_style('background: #f7f7f7; text-shadow: 0px 1px #fff; padding: 1px;',
    213. 

  213.                        'background: #fbfbfb; text-shadow: 0px 1px #fff; padding: 1px;');
    214. 

  214. $geshi->set_overall_style('word-wrap:break-word;');
    215. 

  215. 

  216. // Generate the data
    217. 

  217. $user = empty($row['author']) ? $lang->get('anonymous') : htmlentities($row['author']);
    218. 

  218. $time = date('d M Y, h:i:s e', $row['timestamp']);
    219. 

  219. $info = $lang->get('posted_info');
    220. 

  220. 

  221. $info = preg_replace('/\_\_user\_\_/', $user, $info);
    222. 

  222. $info = preg_replace('/\_\_time\_\_/', $time, $info);
    223. 

  223. 

  224. // Before we display, we need to escape the data from the skin/lang parsers
    225. 

  225. $code_data = (empty($mode) ? $geshi->parse_code() : htmlentities($row['data']));
    226. 

  226. 

  227. $lang->escape($code_data);
    228. 

  228. $skin->escape($code_data);
    229. 

  229. 

  230. // Assign template variables
    231. 

  231. $skin->assign(array(
    232. 

  232.     'paste_id'          => $row['id'],
    233. 

  233.     'paste_data'        => $code_data,
    234. 

  234.     'paste_lang'        => htmlentities($row['language']),
    235. 

  235.     'paste_info'        => $info,
    236. 

  236.     'paste_user'        => $user,
    237. 

  237.     'paste_timestamp'   => $row['timestamp'],
    238. 

  238.     'raw_url'           => $nav->get_paste($row['id'], $hash, $project, false, 'raw'),
    239. 

  239.     'share_url'         => urlencode($core->base_uri()),
    240. 

  240.     'share_title'       => urlencode($lang->get('paste') . ' #' . $row['id']),
    241. 

  241.     'error_visibility'  => 'hidden',
    242. 

  242.     'geshi_stylesheet'  => $geshi->get_stylesheet(),
    243. 

  243. ));
    244. 

  244. 

  245. // Let's output the page now
    246. 

  246. $skin->title("#{$row['id']} &bull; " . $lang->get('site_title'));
    247. 

  247. 

  248. if ($mode == 'raw')
    249. 

  249. {
    250. 

  250.     $skin->output(false, true);
    251. 

  251. }
    252. 

  252. else if ($mode)
    253. 

  253. {
    254. 

  254.     echo $skin->output("api_show.{$mode}");
    255. 

  255. }
    256. 

  256. else
    257. 

  257. {
    258. 

  258.     $skin->output();
    259. 

  259. }
    260. 

  260. 

  261. ?>
    262.