Users now have the ability to delete their own pastes

This commit is contained in:
pikami 2017-03-12 14:51:40 +00:00
parent c2340ca3fa
commit 352f24fcd9
4 changed files with 63 additions and 9 deletions

View File

@ -5,4 +5,5 @@ RewriteEngine on
RewriteBase "/paste/"
RewriteRule ^u/([A-Za-z0-9-]+)/?$ index.php?user=$1
RewriteRule ^delete/([A-Za-z0-9-]+)/?$ delete.php?id=$1
RewriteRule ^([A-Za-z0-9-]+)/?$ index.php?page=$1

View File

@ -19,12 +19,16 @@ if($stmt->rowCount()>0){
printf('<thead><th data-dynatable-column="name" style="text-align: left;">Title</th>
<th style="text-align: left;">Added</th>
<th style="text-align: left;">Expires</th>
<th style="text-align: left;">ID</th></thead>');
<th style="text-align: left;">ID</th>
<th style="text-align: left;">Actions</th></thead>');
printf('<tbody>');
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$title = $row['title'];
//Paste title
printf('<tr><td style="text-align: left;">'.htmlspecialchars($row["title"], ENT_QUOTES, 'UTF-8').'</td>');
//Creation date
printf('<td style="text-align: left;">'.date('Y-m-d',$row["created"]).'</td>');
//Expire date
if($row["expire"]==0) printf('<td style="text-align: left;">Never</td>');
else{
$expire = ($row["expire"]-time())/3600;
@ -34,7 +38,10 @@ if($stmt->rowCount()>0){
printf('<td style="text-align: left;">'.round($expire).' hours from now</td>');
else printf('<td style="text-align: left;">'.round($expire*60).' minutes from now</td>');
}
printf('<td style="text-align: right;"><a href="'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'">'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'</a></td></tr>');
//Paste url
printf('<td style="text-align: right;"><a href="'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'">'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'</a></td>');
//Actions
printf('<td style="text-align: right;"><a href="delete/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span></s></td></tr>');
}
printf('</tbody></talbe>');
} else {

42
delete.php Normal file
View File

@ -0,0 +1,42 @@
<div class="container">
<div class="panel panel-default">
<div class="panel-body">
<?php
if(isset($_GET['id']) && isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
include_once "includes/user.php";
$uid = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
$paste = $_GET['id'];
//connect to db and get paste info
$conn = GetConnectionToDB();
$stmt = $conn->prepare('SELECT * FROM pastes WHERE uid=:uid');
$stmt->bindParam(':uid', $paste);
$stmt->execute();
if($stmt->rowCount()>0){
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if($row['owner'] === $uid){
$stmt2 = $conn->prepare("DELETE FROM pastes WHERE id=:id");
$stmt2->bindParam(':id', $row['id']);
$stmt2->execute();
$conn = null;
echo '<center><h4>Paste '.$row["uid"].' has been deleted!</h4></center>';
echo '<meta http-equiv="refresh" content="2;url=../index.php">';
die();
} else {
$conn = null;
echo '<center><h4>You are not the owner of the paste '.$row["uid"].'</h4></center>';
echo '<meta http-equiv="refresh" content="2;url=../index.php">';
die();
}
}
} else {
$conn = null;
echo '<center><h4>The paste '.$row["uid"].' does not exist</h4></center>';
echo '<meta http-equiv="refresh" content="2;url=../index.php">';
die();
}
$conn = null;
}
?>
</div>
</div>
</div>

View File

@ -2,9 +2,13 @@
location /paste {
if ( $uri !~ ^/paste/(index\.php|css|js|robots\.txt|favicon\.ico|$) ) {
rewrite ^/paste/u/(.*)$ /paste/index.php?user=$1? last;
rewrite ^/paste/delete/(.*)$ /paste/delete.php?id=$1? last;
rewrite ^/paste/(.*)$ /paste/index.php?page=$1? last;
}
if ( $uri ~* ^/paste/u/(css|js) ) {
rewrite ^/paste/u/(.*)$ /paste/u/$1? last;
}
if ( $uri ~* ^/paste/delete/(css|js) ) {
rewrite ^/paste/delete/(.*)$ /paste/delete/$1? last;
}
}