From b37b3264d7e639d360b6c6ba6d030be14d6efa5a Mon Sep 17 00:00:00 2001
From: pikami <pkpjuklas@gmail.com>
Date: Sun, 2 Apr 2017 11:49:39 +0000
Subject: [PATCH] Users now have the ability to edit their own pastes

---
 .htaccess         |  1 +
 MyPastes.php      |  7 ++++++-
 NewPastePanel.php | 49 ++++++++++++++++++++++++++++++++++---------
 ViewPaste.php     |  2 +-
 edit.php          | 35 +++++++++++++++++++++++++++++++
 index.php         |  8 ++++---
 nginx_cfg.txt     |  3 ++-
 post.php          | 53 +++++++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 142 insertions(+), 16 deletions(-)
 create mode 100644 edit.php

diff --git a/.htaccess b/.htaccess
index 54b366f..5015e36 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,4 +6,5 @@ RewriteBase "/paste/"
 
 RewriteRule ^u/([A-Za-z0-9-]+)/?$ index.php?user=$1
 RewriteRule ^delete/([A-Za-z0-9-]+)/?$ delete.php?id=$1
+RewriteRule ^edit/([A-Za-z0-9-]+)/?$ index.php?page=edit&id=$1
 RewriteRule ^([A-Za-z0-9-]+)/?$ index.php?page=$1
diff --git a/MyPastes.php b/MyPastes.php
index c03f5fc..0385c53 100644
--- a/MyPastes.php
+++ b/MyPastes.php
@@ -41,7 +41,12 @@ if($stmt->rowCount()>0){
 		//Paste url
 		printf('<td style="text-align: right;"><a href="'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'">'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'</a></td>');
 		//Actions
-		printf('<td style="text-align: right;"><a href="delete/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span></s></td></tr>');
+		printf('<td style="text-align: right;">');
+		  //delete paste
+		printf('<a href="delete/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-trash" title="Delete paste" aria-hidden="true"></span>');
+		  //edit paste
+		printf('<a href="edit/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-edit" title="Edit paste" aria-hidden="true"></span>');
+		printf('</td></tr>');
 	}
 	printf('</tbody></talbe>');
 } else {
diff --git a/NewPastePanel.php b/NewPastePanel.php
index 60e57b5..05ff2af 100644
--- a/NewPastePanel.php
+++ b/NewPastePanel.php
@@ -1,21 +1,41 @@
 <div class="panel panel-default">
   <div class="panel-body">
-    <form role="form" method="post" action="post.php" onsubmit="document.getElementById('submit').disabled=true;document.getElementById('submit').value='Please wait...';">
+<?php
+	$edit_mode = false;
+	if(isset($_GET['page']) && $_GET['page']=='edit'){
+		$edit_mode = true;
+		printf('You are editing paste '.$_GET['id']);
+		printf('<form role="form" method="post" action="../post.php" onsubmit="document.getElementById(\'submit\').disabled=true;document.getElementById(\'submit\').value=\'Please wait...\';">');
+	}else printf('<form role="form" method="post" action="post.php" onsubmit="document.getElementById(\'submit\').disabled=true;document.getElementById(\'submit\').value=\'Please wait...\';">');
+?>
       <div class="form-group">
         <label for="title">Paste title:</label>
-        <input type="title" class="form-control" id="title" name="title">
+		<?php
+			if($edit_mode == true){
+				printf('<input type="title" class="form-control" value="'.$row['title'].'" id="title" name="title">');
+			} else printf('<input type="title" class="form-control" id="title" name="title">');
+		?>
       </div>
       <div class="form-group">
         <label for="text">New paste:</label>
-        <textarea class="form-control" rows="5" id="text" name="text"></textarea>
+		<?php
+			if($edit_mode == true){
+				printf('<textarea class="form-control" rows="5" id="text" name="text">'.$row['text'].'</textarea>');
+			} else printf('<textarea class="form-control" rows="5" id="text" name="text"></textarea>');
+		?>
       </div>
-	  <input type='hidden' name='type' value='paste'></input>
+	  <?php
+		if($edit_mode == true){
+		  printf("<input type='hidden' name='type' value='edit_paste'></input>");
+		  printf("<input type='hidden' name='uid' value='".$row['uid']."'></input>");
+		} else printf("<input type='hidden' name='type' value='paste'></input>");
+	  ?>
       <div class="container-fluid">
         <div class="row">
           <div class="col-sm-6">
 		    <!-- Posting as guest -->
 			<div class="checkbox">
-			  <label><input type="checkbox" name="asguest">Post as guest</label>
+				<label><input type="checkbox" name="asguest">Post as guest</label>
 			</div>
 	        <!-- Submit -->
             <button type="submit" class="btn btn-default">Submit</button>
@@ -36,6 +56,10 @@
 	        <div class="form-group">
               <label for="syntax">Syntax Highlight:</label>
               <select data-placeholder="None" class="form-control chosen-select" id="syntax" name="syntax">
+			    <?php
+				  if($edit_mode == true)
+					  print '<option value="'.$row['highlight'].'">Current ('.$row['highlight'].')</option>';
+				?>
 			    <option value="plain">Plain</option>
 			    <option value="applescript">AppleScript</option>
 				<option value="as3">ActionScript3 (AS3)</option>
@@ -61,23 +85,28 @@
 				<option value="sql">Sql</option>
 				<option value="vb">VB</option>
 				<option value="xml">Xml</option>
-                
               </select>
             </div>
 			<!-- Type -->
 			<div class="form-group">
               <label for="exposure">Type:</label>
               <select class="form-control" id="exposure" name="exposure">
-                <option value="0">Public</option>
-                <option value="1">Unlisted</option>
-				<?php
+                <?php
+				  print '<option value="0">Public</option>';
+				  if($edit_mode == true && $row['exposure'] == 1)
+					print '<option selected="selected" value="1">Unlisted</option>';
+				  else print '<option value="1">Unlisted</option>';
 				  include_once "includes/user.php";
 				  $userID = -1;
 		          if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
 		            $userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
 				  if($userID==-1)
 				    print '<option value="2" disabled>Private (Members only)</option>';
-				  else print '<option value="2" >Private</option>';
+				  else {
+					if($edit_mode === true && $row['exposure'] === 2)
+					  print '<option selected="selected" value="2" >Private</option>';
+				    else print '<option value="2" >Private</option>';
+				  }
 				?>
               </select>
             </div>
diff --git a/ViewPaste.php b/ViewPaste.php
index de12930..330a548 100644
--- a/ViewPaste.php
+++ b/ViewPaste.php
@@ -1,4 +1,4 @@
-<div class="container">			
+<div class="container">
 	<div class="panel panel-default">
 		<div class="panel-body">
 <?php
diff --git a/edit.php b/edit.php
new file mode 100644
index 0000000..e943a5b
--- /dev/null
+++ b/edit.php
@@ -0,0 +1,35 @@
+<div class="container">	
+	<div class="panel panel-default">
+		<div class="panel-body">
+<?php
+	if(isset($_GET['id']) && isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
+		include_once "includes/user.php";
+		$uid = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
+		$paste = $_GET['id'];
+		//connect to db and get paste info
+		$conn = GetConnectionToDB();
+		$stmt = $conn->prepare('SELECT * FROM pastes WHERE uid=:uid');
+		$stmt->bindParam(':uid', $paste);
+		$stmt->execute();
+		if($stmt->rowCount()>0){
+			while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+				if($row['owner'] === $uid){
+					include "NewPastePanel.php";
+				} else {
+					$conn = null;
+					echo '<center><h4>You are not the owner of the paste '.$row["uid"].'</h4></center>';
+					echo '<meta http-equiv="refresh" content="2;url=../index.php">';
+					die();
+				}
+			}
+		} else {
+			$conn = null;
+			echo '<center><h4>The paste '.$row["uid"].' does not exist</h4></center>';
+			echo '<meta http-equiv="refresh" content="2;url=../index.php">';
+		}
+		$conn = null;
+	}
+?>
+		</div>
+	</div>
+</div>
\ No newline at end of file
diff --git a/index.php b/index.php
index cfa04d0..51a1626 100644
--- a/index.php
+++ b/index.php
@@ -12,7 +12,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
   <?php
   echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
   $dir = "";
-  if (isset($_GET["user"]))$dir="../";
+  if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
   
   echo '<link rel="stylesheet" href="'.$dir.'css/bootstrap.min.css">';
   echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>';
@@ -41,7 +41,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
     <div class="navbar-header">
 	<?php
 	  $dir = "";
-	  if (isset($_GET["user"]))$dir="../";
+	  if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
 	  echo '<a class="navbar-brand" href="'.$dir.'index.php">Palm-Paste</a>';
 	?>
     </div>
@@ -54,7 +54,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
 	  <?php
 		include_once "includes/user.php";
 		$dir = "";
-		if (isset($_GET["user"]))$dir="../";
+		if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
 		$userID = -1;
 		if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
 		  $userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
@@ -129,6 +129,8 @@ if (isset($_GET["page"])){
 	die();
   } else if($_GET["page"] == "signup"){
 	include_once "signup.php";
+  } else if($_GET["page"] == "edit"){
+	include_once "edit.php";
   } else {
 	$uid = $_GET["page"];
 	include_once "ViewPaste.php";
diff --git a/nginx_cfg.txt b/nginx_cfg.txt
index 11f7027..7706ae6 100644
--- a/nginx_cfg.txt
+++ b/nginx_cfg.txt
@@ -3,6 +3,7 @@ location /paste {
 	if ( $uri !~ ^/paste/(index\.php|css|js|robots\.txt|favicon\.ico|$) ) {
 		rewrite ^/paste/u/(.*)$ /paste/index.php?user=$1? last;
 		rewrite ^/paste/delete/(.*)$ /paste/delete.php?id=$1? last;
+		rewrite ^/paste/([^/]+)/(.*)$ /paste/index.php?page=$1&id=$2? last;
 		rewrite ^/paste/(.*)$ /paste/index.php?page=$1? last;
 	}
 	if ( $uri ~* ^/paste/u/(css|js) ) {
@@ -11,4 +12,4 @@ location /paste {
 	if ( $uri ~* ^/paste/delete/(css|js) ) {
 		rewrite ^/paste/delete/(.*)$ /paste/delete/$1? last;
 	}
-}
+}
\ No newline at end of file
diff --git a/post.php b/post.php
index c3c9d2c..d7a93aa 100644
--- a/post.php
+++ b/post.php
@@ -69,6 +69,59 @@ if(isset($_POST["type"])){
 		$conn = null; //close connection to database
 		header("Location: ".$uid);
 		die();
+	} else if($_POST["type"]=="edit_paste" && isset($_POST["text"])){
+		/* Set paste details */
+		$title = "Untitled";
+		$text = $_POST["text"];
+		$exposure = 0;
+		if(isset($_POST["title"]))
+			$title = $_POST["title"];
+		if(isset($_POST["exposure"]) && is_numeric($_POST["exposure"]))
+			$exposure = $_POST["exposure"];
+		$uid = $_POST["uid"];
+		$created = time();
+		$expire = 0;
+		if(isset($_POST["expire"]) && is_numeric($_POST["expire"]))
+			$expire = $created + $_POST["expire"];
+		$owner = 0;
+		$syntax = "plain";
+		if(isset($_POST["syntax"]))
+			$syntax=$_POST["syntax"];
+		if(isset($_POST["asguest"]) && $_POST["asguest"]=="on")
+			$owner = 0;
+		else if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
+			include "includes/user.php";
+			$owner = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
+		}
+		/* Get the owner of the paste */
+		$paste_owner = 0;
+		$conn = GetConnectionToDB();
+		$stmt = $conn->query('SELECT owner FROM pastes WHERE uid="'.$uid.'"');
+		if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
+			$paste_owner = $result['owner'];
+		}
+		/* Edit paste in database */
+		if($owner === $paste_owner && $owner !== 0){
+			$QuerySTR = " UPDATE pastes SET title=:tit,text=:txt,created=:cre,expire=:exp,exposure=:exposure,owner=:own,highlight=:hl
+				WHERE uid=:uid";
+			$stmt = $conn->prepare($QuerySTR);
+			$stmt->bindParam(':exp', $expire);
+			$stmt->bindParam(':uid', $uid);
+			$stmt->bindParam(':tit', $title);
+			$stmt->bindParam(':txt', $text);
+			$stmt->bindParam(':cre', $created);
+			$stmt->bindParam(':exposure', $exposure);
+			$stmt->bindParam(':own', $owner);
+			$stmt->bindParam(':hl', $syntax);
+			$stmt->execute();
+			$conn = null; //close connection to database
+			header("Location: ".$uid);
+			die();
+		} else {
+			$conn = null; //close connection to database
+			echo "<h1>This paste does not belong to you!</h1>";
+			die();
+		}
 	}
 }
 ?>
\ No newline at end of file