SQL Server and Windows implementation

README

@@ -30,10 +30,11 @@ The oneliner for in your .bash_profile:
 
 INSTALL
 
-Copy the stuff in webroot/ to the webroot (don't forget the .htaccess)
+Copy the stuff in webroot/ to the webroot (don't forget the .htaccess for Apache or web.config for Microsoft IIS)
 and the config.php and tlp dir to the dir above the webroot.
 
 Update config.php to reflect your settings.
 
-Import db.sql into a mysql database.
+Import db.mysql.sql into a mysql database, or import db.sqlsrv.sql into a Microsoft SQL Server database.
 
+There are rewrite rules preconfigured for Microsoft IIS Rewrite (obtainable via Microsoft Web Platform Installer).

config.php

@@ -1,10 +1,11 @@
 <?php
 $config['page_title'] = '6paster';
 
-$config['mysql_host'] = 'localhost';
-$config['mysql_user'] = 'paster';
-$config['mysql_pass'] = 'samplepass';
-$config['mysql_db']   = 'paste';
+$config['daba_host']  = 'localhost';
+$config['daba_user'] = 'paster';
+$config['daba_pass'] = 'samplepass';
+$config['daba_db']    = 'paste';
+$config['daba_type']  = 'mysql'; // mysql - sqlsrv
 
 $config['limit_hour']   = 60;           // throttle pastes per hour
 $config['limit_day']    = 100;          // throttle pastes per day

db.sqlsrv.sql

@@ -0,0 +1,19 @@
+/****** Object:  Table [dbo].[pastes]    Script Date: 13-6-2017 18:18:41 ******/
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+CREATE TABLE [dbo].[pastes](
+	[ident] [nvarchar](32) NOT NULL,
+	[date] [datetime] NOT NULL,
+	[text] [nvarchar](max) NOT NULL,
+	[mimetype] [nvarchar](255) NULL,
+	[ip] [nvarchar](255) NULL,
+	[expires] [datetime] NULL,
+ CONSTRAINT [PK_pastes] PRIMARY KEY CLUSTERED 
+(
+	[ident] ASC
+)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
+) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
+
+GO

tpl/footer.php

@@ -7,7 +7,7 @@
 The text you paste here will be reachable by a unique URL that is long enough to prevent brute-forcing. Also, these identifiers are randomly chosen. You post will remain on the server for at most 30 days.
 </p>
 <p>
-<?php echo $_SERVER['SERVER_NAME']; ?> and the author are not responsible for any content that is pasted here, nor the confidentiality of your data. Reliability of this service is not a right.
+<?php echo $config['server_name']; ?> and the author are not responsible for any content that is pasted here, nor the confidentiality of your data. Reliability of this service is not a right.
 </p>
 </div>
 </body>

webroot/index.php

@@ -15,6 +15,7 @@
 define('TPLDIR','../tpl/');
 
 $base = dirname($_SERVER['SCRIPT_NAME']);
+$base = str_replace("\\","/",$base);
 if( $base != '/' )
 {
 	$base .= '/';
@@ -33,10 +34,14 @@
 
 function do_cleanup()
 {
-	global $dbh;
+	global $dbh, $config;
 
-	$stmt = $dbh->prepare("DELETE FROM `pastes` WHERE `expires` < NOW()");
-	$stmt->execute();
+	if($config['daba_type'] == "mysql") {
+		$stmt = $dbh->prepare("DELETE FROM `pastes` WHERE `expires` < NOW()");
+		$stmt->execute();
+	}elseif($config['daba_type'] == "sqlsrv"){
+		sqlsrv_query($dbh, "DELETE FROM pastes WHERE expires < GETDATE()");
+	}
 }
 
 function check_setup()
@@ -91,22 +96,37 @@ function check_setup()
 
 function show_post( $ident )
 {
-	global $dbh;
+	global $dbh, $config;
+
+	$hasrows = false;
+
+	if($config['daba_type'] == "mysql") {
+		$stmt = $dbh->prepare("SELECT `text`,`mimetype` FROM `pastes` WHERE `ident` = ?");
+		if( !$stmt )
+		{
+			die( 'mysql error' );
+		}
 
-	$stmt = $dbh->prepare("SELECT `text`,`mimetype` FROM `pastes` WHERE `ident` = ?");
-	if( !$stmt )
-	{
-		die( 'mysql error' );
+		$stmt->bind_param('s', $ident );
+		$stmt->execute();
+		$stmt->store_result();
+		$stmt->bind_result( $content, $mime_type );
+		if( $stmt->num_rows == 1 ) {
+			$hasrows = true;
+			$stmt->fetch();
+		}
+	}elseif($config['daba_type'] == "sqlsrv") {
+		$stmt = sqlsrv_query($dbh, "SELECT text,mimetype FROM pastes WHERE ident = ?", array($ident));
+		$record = sqlsrv_fetch_array($stmt);
+		$content = base64_decode($record['text']);
+		$mime_type = $record['mimetype'];
+		if( sqlsrv_has_rows($stmt)) {
+			$hasrows = true;
+		}
 	}
-
-	$stmt->bind_param('s', $ident );
-	$stmt->execute();
-	$stmt->store_result();
-	$stmt->bind_result( $content, $mime_type );
 
-	if( $stmt->num_rows == 1 )
+	if($hasrows)
 	{
-		$stmt->fetch();
         // make sure we don't put newlines in headers
         $mime_type = str_replace("\n", '', $mime_type );
 
@@ -224,9 +244,14 @@ function do_paste()
 
 	// it's OK now, let's post it
 	$ident = generate_ident();
-	$stmt = $dbh->prepare("INSERT INTO `pastes` SET `ident`= ?, `ip`=?, `date`=NOW(), `text`=?, `mimetype`=?, `expires` = TIMESTAMPADD( SECOND, ?, NOW())");
-	$stmt->bind_param('ssssi', $ident, $_SERVER['REMOTE_ADDR'], $_POST['content'], $mime_type, $ttl );
-	$stmt->execute();
+	if($config['daba_type'] == "mysql") {
+		$stmt = $dbh->prepare("INSERT INTO `pastes` SET `ident`= ?, `ip`=?, `date`=NOW(), `text`=?, `mimetype`=?, `expires` = TIMESTAMPADD( SECOND, ?, NOW())");
+		$stmt->bind_param('ssssi', $ident, $_SERVER['REMOTE_ADDR'], $_POST['content'], $mime_type, $ttl );
+		$stmt->execute();
+	}elseif($config['daba_type'] == "sqlsrv"){
+		sqlsrv_query($dbh, "INSERT INTO pastes (ident,ip,date,text,mimetype,expires) VALUES (?,?,GETDATE(),?,?,DATEADD( SECOND, ?, GETDATE()))",
+			array($ident, $_SERVER['REMOTE_ADDR'], base64_encode($_POST['content']), $mime_type, $ttl));
+	}
 
 	header("Location: ".BASEURL."p/".$ident);
 
@@ -246,11 +271,16 @@ function generate_ident()
         $ident = substr( base64_encode( sha1 ( rand(0,10000000000) . $config['mysql_pass'], true ) ) , 0, 24 );
         $ident = str_replace( '+', 'A', $ident );
         $ident = str_replace( '/', 'B', $ident );
-		$stmt = $dbh->prepare("SELECT EXISTS ( SELECT * FROM `pastes` WHERE `ident` = ? )");
-		$stmt->bind_param('s', $ident );
-		$stmt->execute();
-		$stmt->bind_result( $_exists );
-		$exists = ( $_exists == 1 ? true : false );
+		if($config['daba_type'] == "mysql") {
+			$stmt = $dbh->prepare("SELECT EXISTS ( SELECT * FROM `pastes` WHERE `ident` = ? )");
+			$stmt->bind_param('s', $ident );
+			$stmt->execute();
+			$stmt->bind_result( $_exists );
+			$exists = ( $_exists == 1 ? true : false );
+		}elseif($config['daba_type'] == "sqlsrv"){
+			$stmt = sqlsrv_query($dbh, "SELECT EXISTS ( SELECT * FROM pastes WHERE ident = ? )", array($ident));
+			$exists = sqlsrv_has_rows ( $stmt );
+		}
 	}
 	return $ident;
 }
@@ -270,32 +300,51 @@ function limit_exceeded()
 
 function _limit_exceeded( $type, $limit )
 {
-	global $dbh;
+	global $dbh, $config;
 
 	if( !in_array( $type, array('DAY', 'HOUR')))
 		return true;
 
-	$stmt = $dbh->prepare("SELECT COUNT(*) FROM `pastes` WHERE `ip`= ? AND TIMESTAMPDIFF( $type, NOW(), `date` ) <= 1");
-	if( !$stmt )
-	{
-		die("Couldn't perform throttle check");
+	if($config['daba_type'] == "mysql") {
+		$stmt = $dbh->prepare("SELECT COUNT(*) FROM `pastes` WHERE `ip`= ? AND TIMESTAMPDIFF( $type, NOW(), `date` ) <= 1");
+		if( !$stmt )
+		{
+			die("Couldn't perform throttle check");
+		}
+		$stmt->bind_param("s", $_SERVER['REMOTE_ADDR'] );
+		$stmt->execute();
+		$stmt->bind_result( $count );
+		$stmt->fetch();
+	}elseif($config['daba_type'] == "sqlsrv"){
+		$stmt = sqlsrv_query($dbh, "SELECT COUNT(*) as row_count FROM pastes WHERE ip = ? AND DATEDIFF( $type, GETDATE(), date ) <= 1", array($_SERVER['REMOTE_ADDR']));
+		if( !$stmt )
+		{
+			die("Couldn't perform throttle check");
+		}
+		$record = sqlsrv_fetch_array($stmt);
+		$count = $record['row_count'];
 	}
-	$stmt->bind_param("s", $_SERVER['REMOTE_ADDR'] );
-	$stmt->execute();
-	$stmt->bind_result( $count );
-	$stmt->fetch();
-
 	return( $count > $limit );
 }
 
 check_setup();
 
-$dbh = mysqli_connect( 
-	$config['mysql_host'],
-	$config['mysql_user'],
-	$config['mysql_pass'],
-	$config['mysql_db']
-);
+if($config['daba_type'] == "mysql") {
+	$dbh = mysqli_connect( 
+		$config['daba_host'],
+		$config['daba_user'],
+		$config['daba_pass'],
+		$config['daba_db']
+	);
+}elseif($config['daba_type'] == "sqlsrv") {
+	$connectionInfo = array( "Database"=>$config['daba_db'], "UID"=>$config['daba_user'], "PWD"=>$config['daba_pass']);
+	$dbh = sqlsrv_connect( $config['daba_host'], $connectionInfo);
+}else{
+	die("Database type not supported");
+}
+
+
+
 
 if( !$dbh )
 {

webroot/web.config

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <system.webServer>
+        <rewrite>
+            <rules>
+                <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
+                    <match url="(.*)" />
+                    <conditions>
+                        <add input="{HTTPS}" pattern="off" />
+                    </conditions>
+                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
+                </rule>
+                <rule name="Imported Rule 1" stopProcessing="true">
+                    <match url="^p/([a-z0-9A-Z]+)/?$" ignoreCase="false" />
+                    <action type="Rewrite" url="index.php?p={R:1}" appendQueryString="false" />
+                </rule>
+            </rules>
+            <outboundRules>
+                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
+                    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
+                    <conditions>
+                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
+                    </conditions>
+                    <action type="Rewrite" value="max-age=31536000" />
+                </rule>
+            </outboundRules>
+        </rewrite>
+    </system.webServer>
+</configuration>