<?php
/*
 * Paste <https://github.com/jordansamuel/PASTE>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License in GPL.txt for more details.
 */

function str_contains($haystack, $needle, $ignoreCase = false)
{
    if ($ignoreCase) {
        $haystack = strtolower($haystack);
        $needle   = strtolower($needle);
    }
    $needlePos = strpos($haystack, $needle);
    return ($needlePos === false ? false : ($needlePos + 1));
}

function encrypt($value)
{
    $iv_size = @mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv      = @mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $val     = @mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECRET, $value, MCRYPT_MODE_ECB, $iv);
    return base64_encode($val);
}

function decrypt($value)
{
    $value   = base64_decode($value);
    $iv_size = @mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv      = @mcrypt_create_iv($iv_size, MCRYPT_RAND);
    return @mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECRET, $value, MCRYPT_MODE_ECB, $iv);
}

function deleteMyPaste($con, $paste_id)
{
    $query  = "DELETE FROM pastes where id='$paste_id'";
    $result = mysqli_query($con, $query);
}

function getRecent($con, $count = 5)
{
    $limit  = $count ? "limit $count" : "";
    $query  = "SELECT *
FROM pastes where visible='0'
ORDER BY id DESC
LIMIT 0 , $count";
    $result = mysqli_query($con, $query);
    return $result;
}

function getUserRecent($con, $count = 5, $username)
{
    $limit  = $count ? "limit $count" : "";
    $query  = "SELECT *
FROM pastes where member='$username'
ORDER BY id DESC
LIMIT 0 , $count";
    $result = mysqli_query($con, $query);
    return $result;
}

function getUserPastes($con, $username)
{
    $query  = "SELECT * FROM pastes where member='$username' ORDER by id DESC";
    $result = mysqli_query($con, $query);
    return $result;
}

function getTotalPastes($con, $username)
{
    $query  = "SELECT * FROM pastes WHERE member='$username'";
    $result = mysqli_query($con, $query);
    $count  = 0;
    while ($row = mysqli_fetch_array($result)) {
        $count = $count + 1;
    }
    return $count;
}

function isValidUsername($str) {
    return !preg_match('/[^A-Za-z0-9.#\\-$]/', $str);
}

function existingUser( $con, $username ) {
    $query = "SELECT * FROM users WHERE username = '$username'";
    $result = mysqli_query( $con, $query );
    $num_rows = mysqli_num_rows( $result );
    if ( $num_rows == 0 ) {
        // No records. User doesn't exist.
        return false;
    } else {
        return true;
    }
}

function updateMyView($con, $paste_id)
{
    $query  = "SELECT * FROM pastes WHERE id=" . Trim($paste_id);
    $result = mysqli_query($con, $query);

    while ($row = mysqli_fetch_array($result)) {
        $p_view = Trim($row['views']);
    }
    $p_view = $p_view + 1;
    $query  = "UPDATE pastes SET views='$p_view' where id='$paste_id'";
    $result = mysqli_query($con, $query);
}

function conTime($secs) {
    $bit = array(
        ' year' => $secs / 31556926 % 12,
        ' week' => $secs / 604800 % 52,
        ' day' => $secs / 86400 % 7,
        ' hour' => $secs / 3600 % 24,
        ' min' => $secs / 60 % 60,
        ' sec' => $secs % 60
    );

    foreach ($bit as $k => $v) {
        if ($v > 1)
            $ret[] = $v . $k . 's';
        if ($v == 1)
            $ret[] = $v . $k;
    }
    array_splice($ret, count($ret) - 1, 0, 'and');
    $ret[] = 'ago';

    $val = join(' ', $ret);
    if (str_contains($val, "week")) {
    } else {
        $val = str_replace("and", "", $val);
    }
    if (Trim($val) == "ago") {
        $val = "1 sec ago";
    }
    return $val;
}

function truncate($input, $maxWords, $maxChars)
{
    $words = preg_split('/\s+/', $input);
    $words = array_slice($words, 0, $maxWords);
    $words = array_reverse($words);

    $chars     = 0;
    $truncated = array();

    while (count($words) > 0) {
        $fragment = trim(array_pop($words));
        $chars += strlen($fragment);

        if ($chars > $maxChars)
            break;

        $truncated[] = $fragment;
    }

    $result = implode($truncated, ' ');

    return $result . ($input == $result ? '' : '[...]');
}

function doDownload($paste_id, $p_title, $p_content, $p_code)
{
    $stats = false;
    if ($p_code) {
        // Figure out extensions.
        $ext = "txt";
        switch ($p_code) {
            case 'bash':
                $ext = 'sh';
                break;
            case 'actionscript':
                $ext = 'html';
                break;
            case 'html4strict':
                $ext = 'html';
                break;
            case 'javascript':
                $ext = 'js';
                break;
            case 'perl':
                $ext = 'pl';
                break;
            case 'csharp':
                $ext = 'cs';
                break;
            case 'ruby':
                $ext = 'rb';
                break;
            case 'python':
                $ext = 'py';
                break;
            case 'sql':
                $ext = 'sql';
                break;
            case 'php':
                $ext = 'php';
                break;
            case 'c':
                $ext = 'c';
                break;
            case 'cpp':
                $ext = 'cpp';
                break;
            case 'css':
                $ext = 'css';
                break;
            case 'xml':
                $ext = 'xml';
                break;
            default:
                $ext = 'txt';
                break;
        }

        // Download
        header('Content-type: text/plain');
        header('Content-Disposition: attachment; filename="' . $p_title . '.' . $ext . '"');
        echo $p_content;
        $stats = true;
    } else {
        // 404
        header('HTTP/1.1 404 Not Found');
    }
    return $stats;
}

function rawView($paste_id, $p_title, $p_content, $p_code)
{
    $stats = false;
    if ($p_code) {
        // Raw
        header('Content-type: text/plain');
        echo $p_content;
        $stats = true;
    } else {
        // 404
        header('HTTP/1.1 404 Not Found');
    }
    return $stats;
}

function embedView( $paste_id, $p_title, $p_content, $p_code, $title, $baseurl, $ges_style, $lang ) {
    $stats = false;
    if ( $p_content ) {
        // Build the output
        $output = "<div class='paste_embed_container'>";
            $output .= "<style>"; // Add our own styles
            $output .= "
            .paste_embed_container {
                font-size: 12px;
                color: #333;
                text-align: left;
                margin-bottom: 1em;
                border: 1px solid #ddd;
                background-color: #f7f7f7;
                border-radius: 3px;
            }
            .paste_embed_container a {
                font-weight: bold;
                color: #666;
                text-decoration: none;
                border: 0;
            }
            .paste_embed_container ol {
                color: white;
                background-color: #f7f7f7;
                border-right: 1px solid #ccc;
				margin: 0;
            }
            .paste_embed_footer {
                font-size:14px;
                padding: 10px;
                overflow: hidden;
                color: #767676;
                background-color: #f7f7f7;
                border-radius: 0 0 2px 2px;
                border-top: 1px solid #ccc;
            }
            .de1, .de2 {
                -moz-user-select: text;
                -khtml-user-select: text;
                -webkit-user-select: text;
                -ms-user-select: text;
                user-select: text;
                padding: 0 8px;
                color: #000;
                border-left: 1px solid #ddd;
                background: #ffffff;
                line-height:20px;
            }";
            $output .= "</style>";
            $output .= "$ges_style"; // Dynamic GeSHI Style
            $output .= $p_content; // Paste content
            $output .= "<div class='paste_embed_footer'>";
			$output .= "<a href='$baseurl/$paste_id'>$p_title</a> " . $lang['embed-hosted-by'] . " <a href='$baseurl'>$title</a> | <a href='$baseurl/raw/$paste_id'>" . strtolower( $lang['view-raw'] ) . "</a>";
			$output .= "</div>";
			$output .= "</div>";

        // Display embed content using json_encode since that escapes
        // characters well enough to satisfy javascript. http://stackoverflow.com/a/169035
        header( 'Content-type: text/javascript; charset=utf-8;' );
        echo 'document.write(' . json_encode( $output ) . ')';
        $stats = true;
    } else {
        // 404
        header( 'HTTP/1.1 404 Not Found' );
    }
    return $stats;
}

function addToSitemap($paste_id, $priority, $changefreq, $mod_rewrite)
{
    $c_date    = date('Y-m-d');
    $site_data = file_get_contents("sitemap.xml");
    $site_data = str_replace("</urlset>", "", $site_data);
	// which protocol are we on
	$protocol = paste_protocol();

    if ($mod_rewrite == "1") {
        $server_name = $protocol . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/" . $paste_id;
    } else {
        $server_name = $protocol . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/paste.php?id=" . $paste_id;
    }

	$c_sitemap =
'	<url>
		<loc>' . $server_name . '</loc>
		<priority>' . $priority . '</priority>
		<changefreq>' . $changefreq . '</changefreq>
		<lastmod>' . $c_date . '</lastmod>
	</url>
</urlset>';

    $full_map  = $site_data . $c_sitemap;
    file_put_contents("sitemap.xml", $full_map);
}
function paste_protocol() {

  $protocol = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == "on" ) ? 'https://' : 'http://';

  return $protocol;
}

function is_banned($con, $ip) {
        $query  = "SELECT id FROM ban_user WHERE ip=?";
        if ($stmt = mysqli_prepare($con, $query)) {
        mysqli_stmt_bind_param($stmt, "s", $ip);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_store_result($stmt);

                if ( mysqli_stmt_num_rows($stmt) > 0 ) {
                        mysqli_stmt_close($stmt);
                        return true;
                } else {
                        mysqli_stmt_close($stmt);
                        return false;
                }
        }
}