HEX
Server: Apache
System: Linux pdx1-shared-a1-38 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64
User: mmickelson (3396398)
PHP: 8.1.31
Disabled: NONE
$ pwd: /home/mmickelson/view-once.com/src/
Upload Files
File: /home/mmickelson/view-once.com/src/helpers.php
<?php
// Helper functions (no DB creation here)

function base_url(): string {
  if (BASE_URL) return rtrim(BASE_URL, '/');
  $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
  $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
  $path = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\');
  return rtrim("$scheme://$host$path", '/');
}

function token(): string { return bin2hex(random_bytes(16)); }

function h(string $s): string { return htmlspecialchars($s, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); }

function invalid_csrf(): bool {
  if ($_SERVER['REQUEST_METHOD'] !== 'POST') return false;
  if (session_status() !== PHP_SESSION_ACTIVE) session_start();
  $ok = isset($_POST['_csrf'], $_SESSION['_csrf']) && hash_equals($_SESSION['_csrf'], $_POST['_csrf']);
  $_SESSION['_csrf'] = bin2hex(random_bytes(16));
  return !$ok;
}

function get_csrf(): string {
  if (session_status() !== PHP_SESSION_ACTIVE) session_start();
  if (empty($_SESSION['_csrf'])) $_SESSION['_csrf'] = bin2hex(random_bytes(16));
  return $_SESSION['_csrf'];
}

function cleanup_expired(PDO $db): void {
  // Get expired file records first to delete files
  $stmt = $db->prepare('SELECT token FROM secrets WHERE expires_at < :now AND is_file = 1');
  $stmt->execute([':now' => time()]);
  $expired_files = $stmt->fetchAll(PDO::FETCH_COLUMN);
  foreach ($expired_files as $t) {
    $file_path = FILES_DIR . '/' . $t;
    if (file_exists($file_path)) { @unlink($file_path); }
  }
  // Delete expired records
  $stmt = $db->prepare('DELETE FROM secrets WHERE expires_at < :now');
  $stmt->execute([':now' => time()]);
}

function get_expire_label(string $key): string {
  $labels = [
    '10min' => '10 minutes',
    '1hr' => '1 hour',
    '24hr' => '24 hours',
    '7days' => '7 days'
  ];
  return $labels[$key] ?? $labels[DEFAULT_EXPIRE];
}

function show_error(string $title, string $message, string $code = '400'): void {
  http_response_code((int)$code);
  ?>
  <!doctype html><meta charset="utf-8">
  <title><?php echo h($title) ?></title>
  <link rel="stylesheet" href="<?php echo h(base_url()) ?>/assets/style.css">
  <link rel="icon" href="<?php echo h(base_url()) ?>/assets/favicon.svg" type="image/svg+xml">
  <script src="<?php echo h(base_url()) ?>/assets/app.js" defer></script>
  <div class="error">
    <h1><?php echo h($title) ?></h1>
    <p><?php echo h($message) ?></p>
    <p><a href="<?php echo h(base_url()) ?>">← Go back</a></p>
  </div>
  <?php
  exit;
}

function format_file_size(int $bytes): string {
  if ($bytes >= 1024 * 1024) return round($bytes / (1024 * 1024), 1) . ' MB';
  if ($bytes >= 1024) return round($bytes / 1024, 1) . ' KB';
  return $bytes . ' bytes';
}
@ Telegram