Code: Select all
<?php
/*
* The GeekNook Pastebin
* By Andrew Brown
* Current version as of Friday, August 14, 2009.
* This source code is released as open source by the GeekNook community.
*
* In order to use this script, you will need a mySQL database already
* configured. The database should have the following columns:
* ID, Timestamp, Author, Language, Code, Title, Description
*
* Before the following code, you must connect to the mySQL database
* with PHP's mysql_connect() function.
*
* You must also download the GeSHI syntax highlighter. You can find it
* at http://sourceforge.net/projects/geshi/files/.
*
* TODO:
* - Implement a system that keeps track of changes when someone
* edits another paste.
* - When copying and pasting code from the pastebin, it includes the
* line numbers. Remove this.
*
*/
?>
<h1>The GeekNook Pastebin</h1>
<?php
/*
The GeekNook infrastructure uses an .htaccess redirect to
keep supporting files organized. The GeekNook pastebin is
located at http://www.geeknook.org/p/pastebin/, which
redirects to http://www.geeknook.org/index.php?page=pastebin.
Pastes are located in a URL like
http://www.geeknook.org/p/pastebin/47/, which redirects to
http://www.geeknook.org/index.php?page=pastebin&query=47/.
The following if statement extracts information out of the
query string, in order to determine whether a paste is trying
to be viewed, and if so, what paste.
*/
if (strlen($_GET['query']) > 0) {
$id = $_GET['query'];
# Strip a preceding forward slash if at the beginning of the
# query string
if (strpos($id, '/') == 0) {
$id = substr($id, 1);
$id = substr($id, 0, strpos($id, '/'));
}
# If another forward slash exists in the query string, return
# everything from the beginning up until that first forward
# slash. This is our unique paste ID.
if (strpos($id, '/') > 0) {
$id = substr($id, 0, strpos($id, '/'));
}
# This checks to make sure the ID is numeric, to prevent any
# XSS or SQLI attacks. If the ID is anything but numeric, an
# error flag is thrown and the default pastebin homepage is
# shown later.
if (!is_numeric($id)) {
$error = 1;
$id = 0; # Remove any traces of what *could* be
# malicious.
$viewPaste = -1;
} else {
$viewPaste = $id;
}
# After everything is done, our sanitized ID of the paste (if
# it exists) will be held in $viewPaste.
}
/*
The pastebin code is split into three main sections.
1. The front page, where users can paste new pastes
2. A processing section, where new pastes that where submitted
from section 1 are entered into the database.
3. A viewing section, which displays a paste.
*/
# Section 1: Front Page
if (!isset($_POST['code']) && !$viewPaste) {
# If (not submitting new code) and (not viewing a paste) {
?>
<form method="POST">
<textarea name="code" id="code" style="height:452px; width:478px;"></textarea>
<h2>Paste Information</h2>
<div>
<div>
<label for="language">Language:</label>
<select id="language" name="language">
<option value="None">None</option>
<option value="C++">C++</option>
<option value="C">C</option>
<option value="HTML">HTML</option>
<option value="Javascript">Javascript</option>
<option value="CSS">CSS</option>
<option value="Perl">Perl</option>
<option value="PHP">PHP</option>
<option value="Python">Python</option>
<option value="Ruby">Ruby</option>
<option value="Bash">Bash</option>
<option value="Java">Java</option>
</select>
</div>
<p>
<label for="author">Author:</label>
<input type="text" name="author" id="author"<?php if (strlen($_SESSION['fullname']) > 0) { echo ' value="' . $_SESSION['fullname'] . '"'; } ?> />
</p>
<p>
<label for="paste_title">Title:</label>
<input type="text" name="title" id="paste_title" />
</p>
<p>
<label for="description">Short Description:</label>
<input type="text" name="description" id="description" />
</p>
</div>
<div>
<input type="submit" value="Paste in this Bin" />
</div>
</form>
<?php
# Give viewPaste a value so we can test for it later. A negative value
# is the same as no paste.
$viewPaste = -1;
}
# Section 2: Post Processing
if (isset($_POST['code'])) {
# Insert a paste into the database
/*
This section of the code uses the GeSHI framework. It is available at
http://sourceforge.net/projects/geshi/files/.
The framework must be included sometime previous to this section, with
the following code:
require_once("geshi/geshi.php");
Assuming the downloaded geshi.php is located at geshi/geshi.php.
*/
$language = $_POST['language'];
$code = $_POST['code'];
$author = $_POST['author'];
if (strlen($author) == 0) {
$author = "Anonymous";
}
$timestamp = time();
$title = $_POST['title'];
$description = $_POST['description'];
$query = "SELECT * FROM `pastes`";
$result = mysql_query($query);
$id = mysql_num_rows($result) + 1;
$query = sprintf("INSERT INTO `pastes` (`ID`, `Timestamp`, `Author`, `Language`, `Code`, `Title`, `Description`)
VALUES ('$id', '$timestamp', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string(htmlentities($author)),
mysql_real_escape_string(htmlentities($language)),
mysql_real_escape_string(htmlentities($code)),
mysql_real_escape_string(htmlentities($title)),
mysql_real_escape_string(htmlentities($description))
);
$result = mysql_query($query);
$justPosted = True;
# Give $viewPaste a value here. We give it the ID of the paste we just
# inserted. That means it immediately displays, due to Section 3.
$viewPaste = $id;
}
# Section 3: View Paste
if ($viewPaste > -1) {
$id = $viewPaste;
$query = "SELECT * FROM `pastes` WHERE `ID` = '$id' LIMIT 1";
$result = mysql_query($query) or die("Mysql error: " . mysql_error());
# Paste a few messages if we're viewing a paste we just submitted
if ($justPosted) {
echo '<blockquote>Paste pasted!</blockquote>';
echo '<div>Normal URL: <em>http://www.geeknook.org/p/pastebin/' . $id . '/</em> (<a href="/p/pastebin/' . $id . '/">Go</a>)';
echo '<br />Bare-bones URL: <em>http://www.geeknook.org/p/paste/' . $id . '/</em> (<a href="/p/paste/' . $id . '/">Go</a>)</div>';
}
# Paste messages whether or not we're viewing a paste we just submitted
echo '<blockquote>To paste a new paste, <a href="/p/pastebin/">click here</a>.</blockquote>';
if (mysql_num_rows($result) == 0) {
echo '<h1>Invalid Paste ID</h1>';
$failed = True;
} else {
$result = mysql_fetch_object($result);
echo '<h1>Viewing paste: ' . stripslashes($result->Title) . ' (<a href="/p/paste/' . $id . '/">View barebones</a>)</h1>';
}
if (!$failed) {
$language = $result->Language;
$code = stripslashes($result->Code);
$code = html_entity_decode($code);
$geshi = new GeSHi($code, $language);
$geshi->enable_line_numbers(GESHI_NORMAL_LINE_NUMBERS);
$geshi->set_header_type(GESHI_HEADER_NONE);
$geshi->set_overall_style('font-size:12px;', true);
echo ( $geshi->parse_code() );
} else {
echo "An unexpected error occured. Please try again later.<br />";
}
}
?>