2016-06-09 09:22:48 +01:00
|
|
|
<?php
|
2016-06-16 16:33:16 +01:00
|
|
|
include_once "config/config.php";
|
2016-06-11 17:32:49 +01:00
|
|
|
|
|
|
|
function generate_uid () {
|
2016-06-16 16:33:16 +01:00
|
|
|
$conn = GetConnectionToDB();
|
2016-06-11 17:32:49 +01:00
|
|
|
$name = '';
|
|
|
|
// We start at N retries, and --N until we give up
|
|
|
|
$tries = 500;
|
|
|
|
do {
|
|
|
|
// Iterate until we reach the maximum number of retries
|
|
|
|
if ($tries-- == 0) throw new Exception('Gave up trying to find an unused name', 500);
|
|
|
|
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
|
|
|
|
$name = '';
|
|
|
|
for ($i = 0; $i < 8; $i++) {
|
2016-06-12 10:57:55 +01:00
|
|
|
$name .= $chars[mt_rand(0, 61)];
|
2016-06-11 17:32:49 +01:00
|
|
|
// $chars string length is hardcoded, should use a variable to store it?
|
|
|
|
}
|
|
|
|
// Check if a paste with the same uid does already exist in the database
|
|
|
|
$q = $conn->prepare('SELECT COUNT(uid) FROM pastes WHERE uid = (:name)');
|
|
|
|
$q->bindValue(':name', $name, PDO::PARAM_STR);
|
|
|
|
$q->execute();
|
|
|
|
$result = $q->fetchColumn();
|
|
|
|
// If it does, generate a new uid
|
|
|
|
} while($result > 0);
|
2016-06-16 16:33:16 +01:00
|
|
|
$conn = null;
|
2016-06-11 17:32:49 +01:00
|
|
|
return $name;
|
|
|
|
}
|
|
|
|
|
2016-06-09 09:22:48 +01:00
|
|
|
if(isset($_POST["type"])){
|
|
|
|
//===New_Paste===//
|
|
|
|
if($_POST["type"]=="paste" && isset($_POST["text"])){
|
|
|
|
/* Set paste details */
|
|
|
|
$title = "Untitled";
|
|
|
|
$text = $_POST["text"];
|
2016-06-12 16:32:25 +01:00
|
|
|
$exposure = 0;
|
2017-04-29 20:16:49 +01:00
|
|
|
if(isset($_POST["title"]) && $_POST["title"]!="")
|
2016-06-09 09:22:48 +01:00
|
|
|
$title = $_POST["title"];
|
2016-06-12 16:32:25 +01:00
|
|
|
if(isset($_POST["exposure"]) && is_numeric($_POST["exposure"]))
|
2016-06-16 16:33:16 +01:00
|
|
|
$exposure = $_POST["exposure"];
|
2016-06-11 17:32:49 +01:00
|
|
|
$uid = generate_uid();
|
2016-06-11 21:03:17 +01:00
|
|
|
$created = time();
|
|
|
|
$expire = 0;
|
|
|
|
if(isset($_POST["expire"]) && is_numeric($_POST["expire"]))
|
|
|
|
$expire = $created + $_POST["expire"];
|
2016-06-12 16:32:25 +01:00
|
|
|
$owner = 0;
|
2016-06-13 16:17:14 +01:00
|
|
|
$syntax = "plain";
|
|
|
|
if(isset($_POST["syntax"]))
|
|
|
|
$syntax=$_POST["syntax"];
|
2016-06-12 16:32:25 +01:00
|
|
|
if(isset($_POST["asguest"]) && $_POST["asguest"]=="on")
|
|
|
|
$owner = 0;
|
|
|
|
else if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
|
|
|
|
include "includes/user.php";
|
|
|
|
$owner = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
|
|
|
|
}
|
2016-06-09 09:22:48 +01:00
|
|
|
/* Add paste to database */
|
2016-06-16 16:33:16 +01:00
|
|
|
$conn = GetConnectionToDB();
|
2016-06-13 16:17:14 +01:00
|
|
|
$QuerySTR = "INSERT INTO pastes (uid,title,text,created,expire,exposure,owner,highlight)
|
|
|
|
VALUES (:uid, :tit, :txt, :cre, :exp, :exposure, :own, :hl)";
|
2016-06-11 21:03:17 +01:00
|
|
|
$stmt = $conn->prepare($QuerySTR);
|
2016-06-12 16:32:25 +01:00
|
|
|
$stmt->bindParam(':exp', $expire);
|
2016-06-11 17:32:49 +01:00
|
|
|
$stmt->bindParam(':uid', $uid);
|
2016-06-09 09:22:48 +01:00
|
|
|
$stmt->bindParam(':tit', $title);
|
|
|
|
$stmt->bindParam(':txt', $text);
|
2016-06-11 21:03:17 +01:00
|
|
|
$stmt->bindParam(':cre', $created);
|
2016-06-12 16:32:25 +01:00
|
|
|
$stmt->bindParam(':exposure', $exposure);
|
|
|
|
$stmt->bindParam(':own', $owner);
|
2016-06-13 16:17:14 +01:00
|
|
|
$stmt->bindParam(':hl', $syntax);
|
2016-06-09 09:22:48 +01:00
|
|
|
$stmt->execute();
|
|
|
|
$conn = null; //close connection to database
|
2016-06-11 17:32:49 +01:00
|
|
|
header("Location: ".$uid);
|
2016-06-09 10:02:09 +01:00
|
|
|
die();
|
2017-04-02 12:49:39 +01:00
|
|
|
} else if($_POST["type"]=="edit_paste" && isset($_POST["text"])){
|
|
|
|
/* Set paste details */
|
|
|
|
$title = "Untitled";
|
|
|
|
$text = $_POST["text"];
|
|
|
|
$exposure = 0;
|
|
|
|
if(isset($_POST["title"]))
|
|
|
|
$title = $_POST["title"];
|
|
|
|
if(isset($_POST["exposure"]) && is_numeric($_POST["exposure"]))
|
|
|
|
$exposure = $_POST["exposure"];
|
|
|
|
$uid = $_POST["uid"];
|
|
|
|
$created = time();
|
|
|
|
$expire = 0;
|
|
|
|
if(isset($_POST["expire"]) && is_numeric($_POST["expire"]))
|
|
|
|
$expire = $created + $_POST["expire"];
|
|
|
|
$owner = 0;
|
|
|
|
$syntax = "plain";
|
|
|
|
if(isset($_POST["syntax"]))
|
|
|
|
$syntax=$_POST["syntax"];
|
|
|
|
if(isset($_POST["asguest"]) && $_POST["asguest"]=="on")
|
|
|
|
$owner = 0;
|
|
|
|
else if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
|
|
|
|
include "includes/user.php";
|
|
|
|
$owner = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
|
|
|
|
}
|
|
|
|
/* Get the owner of the paste */
|
|
|
|
$paste_owner = 0;
|
|
|
|
$conn = GetConnectionToDB();
|
|
|
|
$stmt = $conn->query('SELECT owner FROM pastes WHERE uid="'.$uid.'"');
|
|
|
|
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
|
|
|
|
$paste_owner = $result['owner'];
|
|
|
|
}
|
|
|
|
/* Edit paste in database */
|
|
|
|
if($owner === $paste_owner && $owner !== 0){
|
|
|
|
$QuerySTR = " UPDATE pastes SET title=:tit,text=:txt,created=:cre,expire=:exp,exposure=:exposure,owner=:own,highlight=:hl
|
|
|
|
WHERE uid=:uid";
|
|
|
|
$stmt = $conn->prepare($QuerySTR);
|
|
|
|
$stmt->bindParam(':exp', $expire);
|
|
|
|
$stmt->bindParam(':uid', $uid);
|
|
|
|
$stmt->bindParam(':tit', $title);
|
|
|
|
$stmt->bindParam(':txt', $text);
|
|
|
|
$stmt->bindParam(':cre', $created);
|
|
|
|
$stmt->bindParam(':exposure', $exposure);
|
|
|
|
$stmt->bindParam(':own', $owner);
|
|
|
|
$stmt->bindParam(':hl', $syntax);
|
|
|
|
$stmt->execute();
|
|
|
|
$conn = null; //close connection to database
|
|
|
|
header("Location: ".$uid);
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
$conn = null; //close connection to database
|
|
|
|
echo "<h1>This paste does not belong to you!</h1>";
|
|
|
|
die();
|
|
|
|
}
|
2016-06-09 09:22:48 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|