diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md new file mode 100644 index 0000000..fd9899a --- /dev/null +++ b/DOCUMENTATION.md @@ -0,0 +1,96 @@ +Documentation +============= + +For Administrators +------------------ + +In the index.php in the main folder you can define a different PATH. This is +useful if you want to secure your installation and want to move the +configuration, data files, templates and PHP libraries (directories cfg, lib +and tpl) outside of your document root. This new location must still be +accessible to your webserver / PHP process. + +> ### PATH Example ### +> Your zerobin installation lives in a subfolder called "paste" inside of your +> document root. The URL looks like this: +> http://example.com/paste/ +> The ZeroBin folder on your webserver is really: +> /home/example.com/htdocs/paste +> +> When setting the path like this: +> define('PATH', '../../secret/zerobin/'); +> ZeroBin will look for your includes here: +> /home/example.com/secret/zerobin + +In the file "cfg/conf.ini" you can configure ZeroBin. The config file is +divided into multiple sections, which are enclosed in square brackets. In the +"[main]" section you can enable or disable the discussion feature, set the +limit of stored pastes and comments in bytes. The "[traffic]" section lets you +set a time limit in seconds. Users may not post more often the this limit to +your ZeroBin. + +Finally the "[model]" and "[model_options]" sections let you configure your +favourite way of storing the pastes and discussions on your server. +"zerobin_data" is the default model, which stores everything in files in the +data folder. This is the recommended setup for low traffic sites. Under high +load, in distributed setups or if you are not allowed to store files locally, +you might want to switch to the "zerobin_db" model. This lets you store your +data in a database. Basically all databases, that are supported by PDO (PHP +data objects) may be used. Automatic table creation is provided for pdo_ibm, +pdo_informix, pdo_mssql, pdo_mysql, pdo_oci, pdo_pgsql and pdo_sqlite. You may +want to provide a table prefix, if you have to share the zerobin database with +another application. The table prefix option is called "tbl". + +> ### Note ### +> The "zerobin_db" model has only been tested with sqlite and MySQL, although +> it would not be recommended to use sqlite in a production environment. If you +> gain any experience running ZeroBin on other RDBMS, let us know. + +For reference or if you want to create the table schema for yourself: + + CREATE TABLE prefix_paste ( + dataid CHAR(16), + data TEXT, + postdate INT, + expiredate INT, + opendiscussion INT, + burnafterreading INT + ); + + CREATE TABLE prefix_comment ( + dataid CHAR(16), + pasteid CHAR(16), + parentid CHAR(16), + data TEXT, + nickname VARCHAR(255), + vizhash TEXT, + postdate INT + ); + +For Developers +-------------- +If you want to create your own data models, you might want to know how the arrays, that you have to store, look like: + + public function create($pasteid, $paste) + { + $pasteid = substr(hash('md5', $paste['data']), 0, 16); + + $paste['data'] // text + $paste['meta']['postdate'] // int UNIX timestamp + $paste['meta']['expire_date'] // int UNIX timestamp + $paste['meta']['opendiscussion'] // true (if false it is unset) + $paste['meta']['burnafterreading'] // true (if false it is unset; if true, then opendiscussion is unset) + } + + public function createComment($pasteid, $parentid, $commentid, $comment) + { + $pasteid // the id of the paste this comment belongs to + $parentid // the id of the parent of this comment, may be the paste id itself + $commentid = substr(hash('md5', $paste['data']), 0, 16); + + $paste['data'] // text + $paste['meta']['nickname'] // text or null (if anonymous) + $paste['meta']['vizhash'] // text or null (if anonymous) + $paste['meta']['postdate'] // int UNIX timestamp + } + diff --git a/cfg/conf.ini b/cfg/conf.ini index cbfdaaf..5608c85 100644 --- a/cfg/conf.ini +++ b/cfg/conf.ini @@ -7,28 +7,41 @@ ; @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License ; @version 0.15 -; time limit between calls from the same IP address in seconds -traffic_limit = 10 -traffic_dir = PATH "data" +[main] +; enable or disable discussions +opendiscussion = true ; size limit per paste or comment in bytes -size_limit = 2000000 +sizelimit = 2097152 +[traffic] +; time limit between calls from the same IP address in seconds +limit = 10 +dir = PATH "data" + +[model] ; name of data model class to load and directory for storage ; the default model "zerobin_data" stores everything in the filesystem -model = zerobin_data -model_options["dir"] = PATH "data" +class = zerobin_data +[model_options] +dir = PATH "data" +;[model] ; example of DB configuration for MySQL -;model = zerobin_db -;model_options["dsn"] = "mysql:host=localhost;dbname=zerobin" -;model_options["usr"] = "zerobin" -;model_options["pwd"] = "Z3r0P4ss" -;model_options["opt"][PDO::ATTR_PERSISTENT] = true +;class = zerobin_db +;[model_options] +;dsn = "mysql:host=localhost;dbname=zerobin;charset=UTF8" +;tbl = "zerobin_" ; table prefix +;usr = "zerobin" +;pwd = "Z3r0P4ss" +;opt[12] = true ; PDO::ATTR_PERSISTENT +;[model] ; example of DB configuration for SQLite -;model = zerobin_db -;model_options["dsn"] = "sqlite:" PATH "data"/db.sq3" -;model_options["usr"] = null -;model_options["pwd"] = null -;model_options["opt"] = null +;[model_options] +;class = zerobin_db +;dsn = "sqlite:" PATH "data/db.sq3" +;usr = null +;pwd = null +;opt[12] = true ; PDO::ATTR_PERSISTENT + diff --git a/lib/zerobin.php b/lib/zerobin.php index 899948f..1758100 100644 --- a/lib/zerobin.php +++ b/lib/zerobin.php @@ -103,8 +103,8 @@ class zerobin ); } - $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini'); - $this->_model = $this->_conf['model']; + $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true); + $this->_model = $this->_conf['model']['class']; } /** @@ -117,7 +117,10 @@ class zerobin { // if needed, initialize the model if(is_string($this->_model)) { - $this->_model = forward_static_call(array($this->_model, 'getInstance'), $this->_conf['model_options']); + $this->_model = forward_static_call( + array($this->_model, 'getInstance'), + $this->_conf['model_options'] + ); } return $this->_model; } @@ -129,7 +132,7 @@ class zerobin * data (mandatory) = json encoded SJCL encrypted text (containing keys: iv,salt,ct) * * All optional data will go to meta information: - * expire (optional) = expiration delay (never,10min,1hour,1day,1month,1year,burn) (default:never) + * expire (optional) = expiration delay (never,5min,10min,1hour,1day,1week,1month,1year,burn) (default:never) * opendiscusssion (optional) = is the discussion allowed on this paste ? (0/1) (default:0) * nickname (optional) = in discussion, encoded SJCL encrypted text nickname of author of comment (containing keys: iv,salt,ct) * parentid (optional) = in discussion, which comment this comment replies to. @@ -143,18 +146,30 @@ class zerobin header('Content-type: application/json'); $error = false; - // Make sure last paste from the IP address was more than 10 seconds ago. - trafficlimiter::setLimit($this->_conf['traffic_limit']); - trafficlimiter::setPath($this->_conf['traffic_dir']); + // Make sure last paste from the IP address was more than X seconds ago. + trafficlimiter::setLimit($this->_conf['traffic']['limit']); + trafficlimiter::setPath($this->_conf['traffic']['dir']); if ( !trafficlimiter::canPass($_SERVER['REMOTE_ADDR']) - ) $this->_return_message(1, 'Please wait 10 seconds between each post.'); + ) $this->_return_message( + 1, + 'Please wait ' . + $this->_conf['traffic']['limit'] . + ' seconds between each post.' + ); // Make sure content is not too big. $data = $_POST['data']; if ( - strlen($data) > 2000000 - ) $this->_return_message(1, 'Paste is limited to 2 MB of encrypted data.'); + strlen($data) > $this->_conf['main']['sizelimit'] + ) $this->_return_message( + 1, + 'Paste is limited to ' . + $this->_conf['main']['sizelimit'] . + ' ' . + filter::size_humanreadable($this->_conf['main']['sizelimit']) . + ' of encrypted data.' + ); // Make sure format is correct. if (!sjcl::isValid($data)) $this->_return_message(1, 'Invalid data.'); @@ -167,6 +182,12 @@ class zerobin { switch ($_POST['expire']) { + case 'burn': + $meta['burnafterreading'] = true; + break; + case '5min': + $meta['expire_date'] = time()+5*60; + break; case '10min': $meta['expire_date'] = time()+10*60; break; @@ -176,19 +197,19 @@ class zerobin case '1day': $meta['expire_date'] = time()+24*60*60; break; + case '1week': + $meta['expire_date'] = time()+7*24*60*60; + break; case '1month': $meta['expire_date'] = strtotime('+1 month'); break; case '1year': $meta['expire_date'] = strtotime('+1 year'); - break; - case 'burn': - $meta['burnafterreading'] = true; } } // Read open discussion flag. - if (!empty($_POST['opendiscussion'])) + if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion'])) { $opendiscussion = $_POST['opendiscussion']; if ($opendiscussion != 0) @@ -381,6 +402,7 @@ class zerobin // We escape it here because ENT_NOQUOTES can't be used in RainTPL templates. $page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES)); $page->assign('ERRORMESSAGE', $this->_error); + $page->assign('OPENDISCUSSION', $this->_conf['main']['opendiscussion']); $page->assign('VERSION', self::VERSION); $page->draw('page'); } diff --git a/lib/zerobin/abstract.php b/lib/zerobin/abstract.php index 89794ef..118f474 100644 --- a/lib/zerobin/abstract.php +++ b/lib/zerobin/abstract.php @@ -49,7 +49,7 @@ abstract class zerobin_abstract * * @access public * @static - * @return zerobin + * @return zerobin_abstract */ abstract public static function getInstance($options); diff --git a/lib/zerobin/data.php b/lib/zerobin/data.php index e9a5020..ed326f2 100644 --- a/lib/zerobin/data.php +++ b/lib/zerobin/data.php @@ -29,9 +29,9 @@ class zerobin_data extends zerobin_abstract * * @access public * @static - * @return zerobin + * @return zerobin_data */ - public static function getInstance($options) + public static function getInstance($options = null) { // if given update the data directory if ( diff --git a/lib/zerobin/db.php b/lib/zerobin/db.php index aee7f61..6bc2bcb 100644 --- a/lib/zerobin/db.php +++ b/lib/zerobin/db.php @@ -17,6 +17,13 @@ */ class zerobin_db extends zerobin_abstract { + /* + * @access private + * @static + * @var array to cache select queries + */ + private static $_cache = array(); + /* * @access private * @static @@ -24,31 +31,137 @@ class zerobin_db extends zerobin_abstract */ private static $_db; + /* + * @access private + * @static + * @var string table prefix + */ + private static $_prefix = ''; + + /* + * @access private + * @static + * @var string database type + */ + private static $_type = ''; + /** * get instance of singleton * * @access public * @static - * @return zerobin + * @throws Exception + * @return zerobin_db */ - public static function getInstance($options) + public static function getInstance($options = null) { // if needed initialize the singleton if(null === self::$_instance) { parent::$_instance = new self; } - if ( - is_array($options) && - array_key_exists('dsn', $options) && - array_key_exists('usr', $options) && - array_key_exists('pwd', $options) && - array_key_exists('opt', $options) - ) self::$_db = new PDO( - $options['dsn'], - $options['usr'], - $options['pwd'], - $options['opt'] - ); + + if (is_array($options)) + { + // set table prefix if given + if (array_key_exists('tbl', $options)) self::$_prefix = $options['tbl']; + + // initialize the db connection with new options + if ( + array_key_exists('dsn', $options) && + array_key_exists('usr', $options) && + array_key_exists('pwd', $options) && + array_key_exists('opt', $options) + ) + { + self::$_db = new PDO( + $options['dsn'], + $options['usr'], + $options['pwd'], + $options['opt'] + ); + + // check if the database contains the required tables + self::$_type = strtolower( + substr($options['dsn'], 0, strpos($options['dsn'], ':')) + ); + switch(self::$_type) + { + case 'ibm': + $sql = 'SELECT tabname FROM SYSCAT.TABLES '; + break; + case 'informix': + $sql = 'SELECT tabname FROM systables '; + break; + case 'mssql': + $sql = "SELECT name FROM sysobjects " + . "WHERE type = 'U' ORDER BY name"; + break; + case 'mysql': + $sql = 'SHOW TABLES'; + break; + case 'oci': + $sql = 'SELECT table_name FROM all_tables'; + break; + case 'pgsql': + $sql = "SELECT c.relname AS table_name " + . "FROM pg_class c, pg_user u " + . "WHERE c.relowner = u.usesysid AND c.relkind = 'r' " + . "AND NOT EXISTS (SELECT 1 FROM pg_views WHERE viewname = c.relname) " + . "AND c.relname !~ '^(pg_|sql_)' " + . "UNION " + . "SELECT c.relname AS table_name " + . "FROM pg_class c " + . "WHERE c.relkind = 'r' " + . "AND NOT EXISTS (SELECT 1 FROM pg_views WHERE viewname = c.relname) " + . "AND NOT EXISTS (SELECT 1 FROM pg_user WHERE usesysid = c.relowner) " + . "AND c.relname !~ '^pg_'"; + break; + case 'sqlite': + $sql = "SELECT name FROM sqlite_master WHERE type='table' " + . "UNION ALL SELECT name FROM sqlite_temp_master " + . "WHERE type='table' ORDER BY name"; + break; + default: + throw new Exception( + 'PDO type ' . + self::$_type . + ' is currently not supported.' + ); + } + $statement = self::$_db->query($sql); + $tables = $statement->fetchAll(PDO::FETCH_COLUMN, 0); + + // create paste table if needed + if (!array_key_exists(self::$_prefix . 'paste', $tables)) + { + self::$_db->exec( + 'CREATE TABLE ' . self::$_prefix . 'paste ( ' . + 'dataid CHAR(16), ' . + 'data TEXT, ' . + 'postdate INT, ' . + 'expiredate INT, ' . + 'opendiscussion INT, ' . + 'burnafterreading INT );' + ); + } + + // create comment table if needed + if (!array_key_exists(self::$_prefix . 'comment', $tables)) + { + self::$_db->exec( + 'CREATE TABLE ' . self::$_prefix . 'comment ( ' . + 'dataid CHAR(16), ' . + 'pasteid CHAR(16), ' . + 'parentid CHAR(16), ' . + 'data TEXT, ' . + 'nickname VARCHAR(255), ' . + 'vizhash TEXT, ' . + 'postdate INT );' + ); + } + } + } + return parent::$_instance; } @@ -58,10 +171,27 @@ class zerobin_db extends zerobin_abstract * @access public * @param string $pasteid * @param array $paste - * @return int|false + * @return bool */ public function create($pasteid, $paste) { + if ( + !array_key_exists('opendiscussion', $paste['meta']) + ) $paste['meta']['opendiscussion'] = false; + if ( + !array_key_exists('burnafterreading', $paste['meta']) + ) $paste['meta']['burnafterreading'] = false; + return self::_exec( + 'INSERT INTO ' . self::$_prefix . 'paste VALUES(?,?,?,?,?,?)', + array( + $pasteid, + $paste['data'], + $paste['meta']['postdate'], + $paste['meta']['expire_date'], + (int) $paste['meta']['opendiscussion'], + (int) $paste['meta']['burnafterreading'], + ) + ); } /** @@ -73,6 +203,27 @@ class zerobin_db extends zerobin_abstract */ public function read($pasteid) { + if ( + !array_key_exists($pasteid, self::$_cache) + ) self::$_cache[$pasteid] = self::_select( + 'SELECT * FROM ' . self::$_prefix . 'paste WHERE dataid = ?', + array($pasteid), true + ); + + // create object + $paste = new stdClass; + $paste->data = self::$_cache[$pasteid]['data']; + $paste->meta = new stdClass; + $paste->meta->postdate = (int) self::$_cache[$pasteid]['postdate']; + $paste->meta->expire_date = (int) self::$_cache[$pasteid]['expiredate']; + if ( + self::$_cache[$pasteid]['opendiscussion'] + ) $paste->meta->opendiscussion = true; + if ( + self::$_cache[$pasteid]['burnafterreading'] + ) $paste->meta->burnafterreading = true; + + return $paste; } /** @@ -84,6 +235,14 @@ class zerobin_db extends zerobin_abstract */ public function delete($pasteid) { + self::_exec( + 'DELETE FROM ' . self::$_prefix . 'paste WHERE dataid = ?', + array($pasteid) + ); + self::_exec( + 'DELETE FROM ' . self::$_prefix . 'comment WHERE pasteid = ?', + array($pasteid) + ); } /** @@ -95,6 +254,13 @@ class zerobin_db extends zerobin_abstract */ public function exists($pasteid) { + if ( + !array_key_exists($pasteid, self::$_cache) + ) self::$_cache[$pasteid] = self::_select( + 'SELECT * FROM ' . self::$_prefix . 'paste WHERE dataid = ?', + array($pasteid), true + ); + return (bool) self::$_cache[$pasteid]; } /** @@ -109,6 +275,18 @@ class zerobin_db extends zerobin_abstract */ public function createComment($pasteid, $parentid, $commentid, $comment) { + return self::_exec( + 'INSERT INTO ' . self::$_prefix . 'comment VALUES(?,?,?,?,?,?,?)', + array( + $pasteid, + $parentid, + $commentid, + $comment['data'], + $comment['meta']['nickname'], + $comment['meta']['vizhash'], + $comment['meta']['postdate'], + ) + ); } /** @@ -120,6 +298,33 @@ class zerobin_db extends zerobin_abstract */ public function readComments($pasteid) { + $rows = self::_select( + 'SELECT * FROM ' . self::$_prefix . 'comment WHERE pasteid = ?', + array($pasteid) + ); + + // create object + $commentTemplate = new stdClass; + $commentTemplate->meta = new stdClass; + + // create comment list + $comments = array(); + if (count($rows)) + { + foreach ($rows as $row) + { + $i = (int) $row['postdate']; + $comments[$i] = clone $commentTemplate; + $comments[$i]->data = $row['data']; + $comments[$i]->meta->nickname = $row['nickname']; + $comments[$i]->meta->vizhash = $row['vizhash']; + $comments[$i]->meta->postdate = $i; + $comments[$i]->meta->commentid = $row['dataid']; + $comments[$i]->meta->parentid = $row['parentid']; + } + ksort($comments); + } + return $comments; } /** @@ -133,5 +338,50 @@ class zerobin_db extends zerobin_abstract */ public function existsComment($pasteid, $parentid, $commentid) { + return (bool) self::_select( + 'SELECT dataid FROM ' . self::$_prefix . 'comment ' . + 'WHERE pasteid = ? AND parentid = ? AND dataid = ?', + array($pasteid, $parentid, $commentid), true + ); + } + + /** + * execute a statement + * + * @access private + * @static + * @param string $sql + * @param array $params + * @throws PDOException + * @return array + */ + private static function _exec($sql, array $params) + { + $statement = self::$_db->prepare($sql); + $result = $statement->execute($params); + $statement->closeCursor(); + return $result; + } + + /** + * run a select statement + * + * @access private + * @static + * @param string $sql + * @param array $params + * @param bool $firstOnly if only the first row should be returned + * @throws PDOException + * @return array + */ + private static function _select($sql, array $params, $firstOnly = false) + { + $statement = self::$_db->prepare($sql); + $statement->execute($params); + $result = $firstOnly ? + $statement->fetch(PDO::FETCH_ASSOC) : + $statement->fetchAll(PDO::FETCH_ASSOC); + $statement->closeCursor(); + return $result; } } diff --git a/tpl/page.html b/tpl/page.html index 442f0e0..cdc6c38 100644 --- a/tpl/page.html +++ b/tpl/page.html @@ -48,9 +48,11 @@