Pastes now get an unique text id and can only be accessed by it

NewestPastes.php

@@ -8,7 +8,7 @@
           while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
 			$title = $row['title'];
 			if(strlen($title)>25)$title = substr($title,0,25)."...";
-			echo "<a href=\"".$row['id']."\" class=\"list-group-item\">".$title."</a>";
+			echo "<a href=\"".$row['uid']."\" class=\"list-group-item\">".$title."</a>";
           }
 		?>
 	  </div>

ViewPaste.php

@@ -1,12 +1,14 @@
 <div class="panel panel-default">
   <div class="panel-body">
 <?php
-if(isset($id)){
+if(isset($uid)){
 	include "config/config.php";
-	$stmt = $conn->query('SELECT * FROM pastes WHERE id='.$id);
+	$stmt = $conn->query('SELECT * FROM pastes WHERE uid="'.$uid.'"');
-	$result = $stmt->fetch(PDO::FETCH_ASSOC);
+	if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
-	echo "<h1>".$result["title"]."</h1>";
+		echo "<h1>".$result["title"]."</h1>";
-	echo "<textarea class=\"form-control\" rows=\"5\" disabled=\"true\">".$result["text"]."</textarea>";
+		echo "<textarea class=\"form-control\" rows=\"5\" disabled=\"true\">".$result["text"]."</textarea>";
+	}
+	else echo "Paste does not exist";
 } else echo "Error: id not set";
 ?>
   </div>

index.php

@@ -31,11 +31,9 @@
 if (isset($_GET["page"])){
   if($_GET["page"] == "create"){
     include "NewPaste.php";
-  } else if (is_numeric($_GET["page"])) {
-	  $id = $_GET["page"];
-	  include "ViewPaste.php";
   } else {
-    echo "The page does not exist";
+	  $uid = $_GET["page"];
+	  include "ViewPaste.php";
   }
 } else {
   include "NewPaste.php";

post.php

@@ -1,5 +1,30 @@
 <?php
 include "config/config.php";
+
+function generate_uid () {
+	global $conn;
+	$name = '';
+	// We start at N retries, and --N until we give up
+	$tries = 500;
+	do {
+		// Iterate until we reach the maximum number of retries
+		if ($tries-- == 0) throw new Exception('Gave up trying to find an unused name', 500);
+		$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+		$name  = '';
+		for ($i = 0; $i < 8; $i++) {
+			$name .= $chars[mt_rand(0, 25)];
+			// $chars string length is hardcoded, should use a variable to store it?
+		}
+		// Check if a paste with the same uid does already exist in the database
+		$q = $conn->prepare('SELECT COUNT(uid) FROM pastes WHERE uid = (:name)');
+		$q->bindValue(':name', $name, PDO::PARAM_STR);
+		$q->execute();
+		$result = $q->fetchColumn();
+	// If it does, generate a new uid
+	} while($result > 0);
+	return $name;
+}
+
 if(isset($_POST["type"])){
 	//===New_Paste===//
 	if($_POST["type"]=="paste" && isset($_POST["text"])){
@@ -8,15 +33,16 @@ if(isset($_POST["type"])){
 		$text = $_POST["text"];
 		if(isset($_POST["title"]))
 			$title = $_POST["title"];
+		$uid = generate_uid();
 		/* Add paste to database */
-		$stmt = $conn->prepare("INSERT INTO pastes (title,text)
+		$stmt = $conn->prepare("INSERT INTO pastes (uid,title,text)
-			VALUES (:tit, :txt)");
+			VALUES (:uid, :tit, :txt)");
+		$stmt->bindParam(':uid', $uid);
 		$stmt->bindParam(':tit', $title);
 		$stmt->bindParam(':txt', $text);
 		$stmt->execute();
-		$id = $conn->lastInsertId();
 		$conn = null; //close connection to database
-		header("Location: ".$id);
+		header("Location: ".$uid);
 		die();
 	}
 }