pastebin

@@ -23,7 +23,7 @@ $pasteBin->showRecent();

 // Handles the actions.

 if (isset($_POST['submit']))

 	$pasteBin->action_paste();

-if (isset($_GET['view']))

+elseif (isset($_GET['view']))

 	$pasteBin->action_view($_GET['view']);

 else

 	$pasteBin->action_index();

@@ -46,6 +46,8 @@ class pB

 	private $db = null;

 	private $usr = null;

 	private $tpl = null;

+	private $antispam = null;

+	private $warnings = array();

 	/*

 	* Setup the settings when creating the object.

@@ -56,54 +58,55 @@ class pB

 		if (file_exists(dirname(__FILE__) . '/settings-' . pathinfo(basename($_SERVER['SCRIPT_FILENAME']), PATHINFO_FILENAME) . '.php'))

 			require_once(dirname(__FILE__) . '/settings-' . pathinfo(basename($_SERVER['SCRIPT_FILENAME']), PATHINFO_FILENAME). '.php');

-		// Start up our database.

-		require_once(pBS::get('sources') . '/db.php');

-		if (file_exists(pBS::get('sources') . '/db-' . pBS::get('db') . '.php'))

-		{

-			require_once(pBS::get('sources') . '/db-' . pBS::get('db') . '.php');

+		// This will get some of our handler going.

+		$this->startHandler('db', 'db', 'pDB');

+		$this->startHandler('user', 'usr', 'pUser');

+		$this->startHandler('tpl', 'tpl', 'pTPL');

+		$this->startHandler('spam', 'antispam', 'pAS');

-			$class = 'pDB_' . pBS::get('db');

-			if (class_exists($class))

-				$this->db = new $class;

-			else

-				$this->error('Database is defined but no such class exists.');

+		// Start getting things going.

+		$this->loadLanguage();

+		$this->loadGeshi();

 	}

-		else

-			$this->error('No database handler is defined.');

-		// Start up our User handler.

-		require_once(pBS::get('sources') . '/user.php');

-		if (file_exists(pBS::get('sources') . '/user-' . pBS::get('user') . '.php'))

+	/*

+	* Setup a handler for usage.

+	* @param $file String The main name of the handler we are loading.

+	* @param $var String The variable we will store this under.  As well this is the setting name we look for when loading that extra class.

+	* @param $class_name String The name of the class this will load.

+	* @param $extension String When we use this, we ignore using $var as extension of the class we are loading.

+	*/

+	public function startHandler($file, $var, $class_name, $extension = '')

+	{

+		if (!file_exists(pBS::get('sources') . '/'. $file . '.php'))

+			$this->error('Failed to start Handler (' . $var . ') as file (' . $file . ' ) does not exist.');

+

+		if (empty($extension))

+			$extension = pBS::get($var);

+

+		require_once(pBS::get('sources') . '/'. $file . '.php');

+		if (file_exists(pBS::get('sources') . '/'. $file . '-' . $extension . '.php'))

 		{

-			require_once(pBS::get('sources') . '/user-' . pBS::get('user') . '.php');

+			require_once(pBS::get('sources') . '/'. $file . '-' . $extension . '.php');

-			$class = 'pUser_' . pBS::get('user');

+			$class = $class_name . '_' . pBS::get($var);

 			if (class_exists($class))

-				$this->usr = new $class;

-			else

-				$this->error('User is defined but no such class exists.');

-		}

+				$this->{$var} = new $class;

 			else

-			$this->error('No user handler is defined.');

+				$this->error($var . ' Handler is defined but no such class exists.');

-		// Start up our Template handler.

-		require_once(pBS::get('sources') . '/tpl.php');

-		if (file_exists(pBS::get('sources') . '/tpl-' . pBS::get('tpl') . '.php'))

+			// If this had a classActive method, we need to verify this before we go on.

+			if (method_exists($this->{$var}, 'classActive') && ($result = $this->{$var}->classActive()) !== true)

 			{

-			require_once(pBS::get('sources') . '/tpl-' . pBS::get('tpl') . '.php');

+				// If the result returned nothing, we got no fall back.

+				if (empty($result))

+					$this->error('Invalid Handler setup for ' . $file);

-			$class = 'pTPL_' . pBS::get('tpl');

-			if (class_exists($class))

-				$this->tpl = new $class;

-			else

-				$this->error('Template is defined but no such class exists.');

+				$this->startHandler($file, $var, $class_name, $result);

+			}

 		}

 		else

-			$this->error('No template handler is defined.');

-

-		// Start getting things going.

-		$this->loadLanguage();

-		$this->loadGeshi();

+			$this->error('No ' . $var . ' handler is defined.');

 	}

 	/*

@@ -268,6 +271,14 @@ class pB

 		if (is_callable(array($this->tpl, 'htmlHead')))

 			$this->tpl->htmlHead($this->title);

+		// Give admins a hint what the key is.

+		if (!empty($this->warnings))

+			echo '

+			<div class="alert alert-error">

+			<h4 class="alert-heading">This paste has failed to be created because:</h4>

+			', implode('<br />', $this->warnings), '

+			</div>';

+

 		$paste = $this->showPaste($id);

 		// Give admins a hint what the key is.

@@ -296,10 +307,22 @@ class pB

 		$do_create = true;

 		if ($this->usr->id() > 0 && (empty($_POST['name']) || empty($_POST['email'])))

+		{

+			$this->warnings[] = 'Missing information (Username/email)';

 			$do_create = false;

+		}

 		if (empty($_POST['code']))

+		{

+			$this->warnings[] = 'Nothing entered into the code box';

 			$do_create = false;

+		}

+

+		if (pBS::get('human_check') && $this->antispam->verify(&$this->warnings) === false)

+			$do_create = false;

+

+		if (!empty($this->warnings) && isset($_POST['iHateU']))

+			$this->warnings[] = 'I do not like you either';

 		// Get the data ready.

 		$data = array(

@@ -313,12 +336,10 @@ class pB

 		);

 		// Do a test.

-		$this->db->addPasteTest(&$data, &$do_create);

+		$this->db->addPasteTest(&$data, &$do_create, &$this->warnings);

 		if (!$do_create)

 		{

-			$this->warningss[] = 'Missing information (Username/email)';

-

 			if (!empty($_POST['view']))

 				$this->action_view($_POST['view']);

 			else

@@ -453,8 +474,11 @@ class pB

 					<li><input type="checkbox" name="force_new_pw" /><strong>', pBL('force_new_key'), '</strong></li>';

 		if (pBS::get('human_check'))

-			echo '

-					<li>', pBS::get('human_question'), ':<input type="text" name="ru_human" value="', isset($_POST['ru_human']) ? $_POST['ru_human'] : '', '" /></li>';

+		{

+			echo '<li>';

+			$this->antispam->template();

+			echo '</li>';

+		}

 		echo '

 				</ul>';

@@ -22,11 +22,15 @@ class pBS

 	private static $db = 'smf';

 	/* User Handler. */

-	private static $user = 'smf';

+	private static $usr = 'smf';

 	/* Template Handler. */

 	private static $tpl = 'wp';

+	/* Template Handler. */

+//	private static $antispam = 'recaptcha';

+	private static $antispam = 'basic';

+

 	/* Any preloader file needed? */

 	private static $preload = '__integrate.php';

@@ -64,15 +68,21 @@ class pBS

 	/* GESHI: The default language to use. */

 	private static $geshi_default = 'php';

-	/* HUMAN CHECK: Enable the human check? */

+	/* ANTI-SPAM (BASIC): Enable the human check? */

 	private static $human_check = true;

-	/* HUMAN CHECK: The question to ask. */

+	/* ANTI-SPAM (BASIC): The question to ask. */

 	private static $human_question = 'A duck, cat and a goose walk into a bar. How many animals walked into a bar?';

-	/* HUMAN CHECK: The answer they need to provide. */

+	/* ANTI-SPAM (BASIC): The answer they need to provide. */

 	private static $human_answer = '3';

+	/* ANTI-SPAM (RECAPTCHA): If using Recaptcha as your anti-spam handler enter your key here */

+	private static $recaptcha_key = '';

+

+	/* ANTI-SPAM (RECAPTCHA): If using Recaptcha as your anti-spam handler enter your private key here */

+	private static $recaptcha_private_key = '';

+	

 	/* SMF: When we are using SMF, we need to know where it is. */

 	private static $smf_dir = '../forum/';

@@ -111,7 +111,7 @@ class pDB_smf extends pDB

 			'approved' => $topic['approved'],

 			'use_geshi' => $Paste['use_geshi'],

 			'language' => $Paste['type'],

-			'body' => $topic['body'],

+			'body' => htmlspecialchars_decode($topic['body']),

 			'parsed' => '',

 		);	

 	}

@@ -159,6 +159,11 @@ class pDB_smf extends pDB

 		elseif (!empty($paste['key']))

 			$data['key'] = $paste['key'];

+		if (function_exists('wp_magic_quotes'))

+		{

+			$data['body'] = stripslashes($data['body']);

+		}

+

 		// Options needed for our post.

 		$topicOptions = array(

 			'id'		=> (!empty($paste['id']) ? $paste['id'] : 0) ,

@@ -0,0 +1,53 @@

+<?php

+/*

+ * SMF PasteBin

+ * Author: SleePy (JeremyD)

+ * Repository: https://github.com/jdarwood007/pastebin

+ * License: BSD 3 Clause; See license.txt

+*/

+if (!defined('SMFPasteBin')) { exit('[' . basename(__FILE__) . '] Direct access restricted');}

+

+/*

+* Basic Anti-Spam handler for Pastebin.

+*/

+class pAS_basic extends pAS

+{

+	/*

+	* Test whether this anti-spam method is enabled or not.

+	*/

+	public function classActive()

+	{

+		if (pBS::get('human_check') === false || pBS::get('human_question') === null || pBS::get('human_answer') === null)

+			return false;

+		return true;

+	}

+

+	/*

+	* Verify the that we correctly entered the anti-spam stuff.

+	*/

+	public function verify($warnings)

+	{

+		// Luck you, get a free pass.

+		if (pBS::get('human_check') === false)

+			return true;

+

+		if (!isset($_POST['ru_human']) || $_POST['ru_human'] != pBS::get('human_answer'))

+		{

+			$warnings[] = 'Invalid human verification';

+			return false;

+		}

+

+		return true;

+	}

+

+	/*

+	* For the template.

+	*/

+	public function template()

+	{

+		if (pBS::get('human_check') === false)

+			return;

+

+			echo pBS::get('human_question'), ':<input type="text" name="ru_human" value="', isset($_POST['ru_human']) ? $_POST['ru_human'] : '', '" />';

+	}

+}

\ No newline at end of file

@@ -0,0 +1,91 @@

+<?php

+/*

+ * SMF PasteBin

+ * Author: SleePy (JeremyD)

+ * Repository: https://github.com/jdarwood007/pastebin

+ * License: BSD 3 Clause; See license.txt

+*/

+if (!defined('SMFPasteBin')) { exit('[' . basename(__FILE__) . '] Direct access restricted');}

+

+/*

+* Basic Anti-Spam handler for Pastebin.

+*/

+class pAS_recaptcha extends pAS

+{

+	/*

+	* Test whether this anti-spam method is enabled or not.

+	*/

+	public function classActive()

+	{

+		if (pBS::get('recaptcha_key') === null || pBS::get('recaptcha_private_key') === null)

+			return false;

+		return true;

+	}

+

+	/*

+	* Verify the that we correctly entered the anti-spam stuff.

+	*/

+	public function verify($warnings)

+	{

+		$data = implode('&', array(

+			'privatekey' => pBS::get('recaptcha_private_key'),

+			'remoteip' => $_SERVER['REMOTE_ADDR'],

+			'challenge' => $this->cleanInput($_POST['recaptcha_challenge_field']),

+			'response' => $this->cleanInput($_POST['recaptcha_response_field'])

+		));

+

+

+		// Connect to the collection script.

+		$response = '';

+		$fp = @fsockopen('www.google.com', 80, $errno, $errstr);

+		if ($fp)

+		{

+			$out = 'POST /recaptcha/api/verify HTTP/1.1' . "\r\n";

+			$out .= 'Host: www.google.com' . "\r\n";

+			$out .= "User-Agent: reCAPTCHA/PHP\r\n";

+			$out .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";

+			$out .= 'Content-Length: ' . strlen($data) . "\r\n\r\n";

+			$out .= $data . "\r\n";

+			$out .= 'Connection: Close' . "\r\n\r\n";

+			fwrite($fp, $out);

+

+			while (!feof($fs))

+				$response .= fgets($fs, 1160);

+			fclose($fp);

+

+			$response = explode("\r\n\r\n", $response, 2);

+

+			if (trim($response[0]) == 'true')

+				return true;

+			else

+			{

+				$warnings[] = $response[1];

+				return false;

+			}

+		}

+		else

+		{

+			$warnings[] = 'Could not connect to the remote ReCaptcha service, verification failed';

+			return false;

+		}

+	}

+

+	/*

+	* For the template.

+	*/

+	public function template()

+	{

+		echo '

+		<script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=', pBS::get('recaptcha_key'), '"></script>

+		<noscript>

+			<iframe src="http://www.google.com/recaptcha/api/noscript?k=', pBS::get('recaptcha_key') , '" height="300" width="500" frameborder="0"></iframe><br>

+			<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>

+			<input type="hidden" name="recaptcha_response_field" value="manual_challenge" />

+		</noscript>';

+	}

+

+	private function cleanInput($var)

+	{

+		return urlencode(stripslashes($var));

+	}

+}

\ No newline at end of file

@@ -0,0 +1,35 @@

+<?php

+/*

+ * SMF PasteBin

+ * Author: SleePy (JeremyD)

+ * Repository: https://github.com/jdarwood007/pastebin

+ * License: BSD 3 Clause; See license.txt

+*/

+if (!defined('SMFPasteBin')) { exit('[' . basename(__FILE__) . '] Direct access restricted');}

+

+/*

+* Basic Anti-Spam handler for Pastebin.

+*/

+class pAS

+{

+	/*

+	* Setup the anti-spam method, for basic we do nothing.

+	*/

+	public function setup()

+	{	

+	}

+

+	/*

+	* Verify the that we correctly entered the anti-spam stuff.

+	*/

+	public function verify($warnings)

+	{

+	}

+

+	/*

+	* For the template.

+	*/

+	public function template()

+	{

+	}

+}

\ No newline at end of file

@@ -29,6 +29,7 @@ class pTPL_smf extends pTPL

 	/*

 	* Do the header.

+	* @param $title String the page title.

 	* @Note: Because we used ssi earlier to star the SMF theme, we have nothing to do here.

 	*/

 	public function htmlHead($title)

@@ -13,21 +13,22 @@ if (!defined('SMFPasteBin')) { exit('[' . basename(__FILE__) . '] Direct access

 class pTPL_wp extends pTPL

 {

 	/*

-	* Do the header.

+	* Lets get things cooking.

 	*/

-	public function htmlHead($title)

+	public function __construct()

 	{

-		global $specialPage;

-

-		$specialPage['title'] = $title;

+		wp_enqueue_style('pastebin', pBS::get('css'));

 	}

 	/*

-	* Lets get things cooking.

+	* Do the header.

+	* @param $title String the page title.

 	*/

-	public function __construct()

+	public function htmlHead($title)

 	{

-		wp_enqueue_style('pastebin', pBS::get('css'));

+		global $specialPage;

+

+		$specialPage['title'] = $title;

 	}

 	/*