aheh/Secure-Pastebin-Self-Hosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement Secure Pastebin API in index.php

Browse Source
This commit is contained in:
M.M.Azizi
2026-02-19 14:29:41 +03:30
committed by GitHub
parent 88c8f766e2
commit 68aab56ae1
1 changed files with 169 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.php
+169
View File
@@ -0,0 +1,169 @@
<?php
// Secure Pastebin API - cPanel/PHP Version
header('Content-Type: application/json');
// Database Config
define('DB_HOST', 'localhost');
define('DB_USER', ' --------- ');
define('DB_PASS', ' --------- ');
define('DB_NAME', ' --------- ');
// CORS
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// DB Connection
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4", DB_USER, DB_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
http_response_code(500);
die(json_encode(array('error' => 'Database connection failed')));
}
// Clean expired entries
$pdo->exec("DELETE FROM pastes WHERE expires_at < " . time());
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$method = $_SERVER['REQUEST_METHOD'];
// Remove subdirectory from path if exists
$scriptDir = dirname($_SERVER['SCRIPT_NAME']);
if ($scriptDir !== '/' && strpos($path, $scriptDir) === 0) {
$path = substr($path, strlen($scriptDir));
}
if (empty($path)) $path = '/';
// API Routes
if ($path === '/api/create' && $method === 'POST') {
handleCreate($pdo);
exit;
}
if (preg_match('/^\/api\/get\/(.+)$/', $path, $matches) && $method === 'GET') {
handleGet($pdo, $matches[1]);
exit;
}
// Serve static files
if ($path === '/' || $path === '/index.html') {
header('Content-Type: text/html; charset=utf-8');
readfile(__DIR__ . '/index.html');
exit;
}
if ($path === '/style.css') {
header('Content-Type: text/css');
readfile(__DIR__ . '/style.css');
exit;
}
if ($path === '/script.js') {
header('Content-Type: application/javascript');
readfile(__DIR__ . '/script.js');
exit;
}
if ($path === '/favicon.svg') {
header('Content-Type: image/svg+xml');
echo '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><defs><linearGradient id="g" x1="0%" y1="0%" x2="100%" y2="100%"><stop offset="0%" style="stop-color:#6366f1"/><stop offset="100%" style="stop-color:#ec4899"/></linearGradient></defs><rect width="100" height="100" rx="20" fill="url(#g)"/><path d="M50 25c-8 0-14 6-14 14v6h-4c-3 0-6 3-6 6v24c0 3 3 6 6 6h36c3 0 6-3 6-6v-24c0-3-3-6-6-6h-4v-6c0-8-6-14-14-14zm0 6c4 0 8 4 8 8v6H42v-6c0-4 4-8 8-8z" fill="white"/></svg>';
exit;
}
http_response_code(404);
echo json_encode(array('error' => 'Not found'));
function handleCreate($pdo) {
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
http_response_code(400);
echo json_encode(array('error' => 'Invalid JSON'));
return;
}
$id = isset($input['id']) ? $input['id'] : '';
$encryptedData = isset($input['encryptedData']) ? $input['encryptedData'] : null;
$expiresIn = min(intval(isset($input['expiresIn']) ? $input['expiresIn'] : 3600), 2592000);
$burnAfterRead = !empty($input['burnAfterRead']);
$hasPassword = !empty($input['hasPassword']);
if (!preg_match('/^[a-f0-9]{32}$/', $id)) {
http_response_code(400);
echo json_encode(array('error' => 'Invalid ID format'));
return;
}
if (!$encryptedData || !isset($encryptedData['iv']) || !isset($encryptedData['data'])) {
http_response_code(400);
echo json_encode(array('error' => 'Invalid encrypted data format'));
return;
}
$data = json_encode(array('iv' => $encryptedData['iv'], 'data' => $encryptedData['data']));
$expiresAt = time() + $expiresIn;
try {
$stmt = $pdo->prepare("INSERT INTO pastes (id, data, created_at, expires_at, burn_after_read, has_password, views) VALUES (?, ?, ?, ?, ?, ?, 0)");
$stmt->execute(array($id, $data, time() * 1000, $expiresAt, $burnAfterRead ? 1 : 0, $hasPassword ? 1 : 0));
echo json_encode(array(
'success' => true,
'id' => $id,
'expiresIn' => $expiresIn,
'hasPassword' => $hasPassword,
'url' => 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '/../#' . $id
));
} catch(PDOException $e) {
http_response_code(500);
echo json_encode(array('error' => 'Failed to save paste: ' . $e->getMessage()));
}
}
function handleGet($pdo, $id) {
if (!preg_match('/^[a-f0-9]{32}$/', $id)) {
http_response_code(400);
echo json_encode(array('error' => 'Invalid ID'));
return;
}
try {
$stmt = $pdo->prepare("SELECT * FROM pastes WHERE id = ? AND expires_at > ?");
$stmt->execute(array($id, time()));
$paste = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$paste) {
http_response_code(404);
echo json_encode(array('error' => 'Paste not found or expired'));
return;
}
$data = json_decode($paste['data'], true);
if ($paste['burn_after_read']) {
$delStmt = $pdo->prepare("DELETE FROM pastes WHERE id = ?");
$delStmt->execute(array($id));
} else {
$updStmt = $pdo->prepare("UPDATE pastes SET views = views + 1 WHERE id = ?");
$updStmt->execute(array($id));
}
echo json_encode(array(
'data' => $data,
'burnAfterRead' => (bool)$paste['burn_after_read'],
'hasPassword' => (bool)$paste['has_password'],
'created' => intval($paste['created_at'])
));
} catch(PDOException $e) {
http_response_code(500);
echo json_encode(array('error' => 'Server error'));
}
}