Users now have the ability to edit their own pastes

This commit is contained in:
pikami 2017-04-02 11:49:39 +00:00
parent 352f24fcd9
commit b37b3264d7
8 changed files with 142 additions and 16 deletions

View File

@ -6,4 +6,5 @@ RewriteBase "/paste/"
RewriteRule ^u/([A-Za-z0-9-]+)/?$ index.php?user=$1 RewriteRule ^u/([A-Za-z0-9-]+)/?$ index.php?user=$1
RewriteRule ^delete/([A-Za-z0-9-]+)/?$ delete.php?id=$1 RewriteRule ^delete/([A-Za-z0-9-]+)/?$ delete.php?id=$1
RewriteRule ^edit/([A-Za-z0-9-]+)/?$ index.php?page=edit&id=$1
RewriteRule ^([A-Za-z0-9-]+)/?$ index.php?page=$1 RewriteRule ^([A-Za-z0-9-]+)/?$ index.php?page=$1

View File

@ -41,7 +41,12 @@ if($stmt->rowCount()>0){
//Paste url //Paste url
printf('<td style="text-align: right;"><a href="'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'">'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'</a></td>'); printf('<td style="text-align: right;"><a href="'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'">'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'</a></td>');
//Actions //Actions
printf('<td style="text-align: right;"><a href="delete/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-trash" aria-hidden="true"></span></s></td></tr>'); printf('<td style="text-align: right;">');
//delete paste
printf('<a href="delete/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-trash" title="Delete paste" aria-hidden="true"></span>');
//edit paste
printf('<a href="edit/'.htmlspecialchars($row["uid"], ENT_QUOTES, 'UTF-8').'"><span class="glyphicon glyphicon-edit" title="Edit paste" aria-hidden="true"></span>');
printf('</td></tr>');
} }
printf('</tbody></talbe>'); printf('</tbody></talbe>');
} else { } else {

View File

@ -1,21 +1,41 @@
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-body"> <div class="panel-body">
<form role="form" method="post" action="post.php" onsubmit="document.getElementById('submit').disabled=true;document.getElementById('submit').value='Please wait...';"> <?php
$edit_mode = false;
if(isset($_GET['page']) && $_GET['page']=='edit'){
$edit_mode = true;
printf('You are editing paste '.$_GET['id']);
printf('<form role="form" method="post" action="../post.php" onsubmit="document.getElementById(\'submit\').disabled=true;document.getElementById(\'submit\').value=\'Please wait...\';">');
}else printf('<form role="form" method="post" action="post.php" onsubmit="document.getElementById(\'submit\').disabled=true;document.getElementById(\'submit\').value=\'Please wait...\';">');
?>
<div class="form-group"> <div class="form-group">
<label for="title">Paste title:</label> <label for="title">Paste title:</label>
<input type="title" class="form-control" id="title" name="title"> <?php
if($edit_mode == true){
printf('<input type="title" class="form-control" value="'.$row['title'].'" id="title" name="title">');
} else printf('<input type="title" class="form-control" id="title" name="title">');
?>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="text">New paste:</label> <label for="text">New paste:</label>
<textarea class="form-control" rows="5" id="text" name="text"></textarea> <?php
if($edit_mode == true){
printf('<textarea class="form-control" rows="5" id="text" name="text">'.$row['text'].'</textarea>');
} else printf('<textarea class="form-control" rows="5" id="text" name="text"></textarea>');
?>
</div> </div>
<input type='hidden' name='type' value='paste'></input> <?php
if($edit_mode == true){
printf("<input type='hidden' name='type' value='edit_paste'></input>");
printf("<input type='hidden' name='uid' value='".$row['uid']."'></input>");
} else printf("<input type='hidden' name='type' value='paste'></input>");
?>
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<div class="col-sm-6"> <div class="col-sm-6">
<!-- Posting as guest --> <!-- Posting as guest -->
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="asguest">Post as guest</label> <label><input type="checkbox" name="asguest">Post as guest</label>
</div> </div>
<!-- Submit --> <!-- Submit -->
<button type="submit" class="btn btn-default">Submit</button> <button type="submit" class="btn btn-default">Submit</button>
@ -36,6 +56,10 @@
<div class="form-group"> <div class="form-group">
<label for="syntax">Syntax Highlight:</label> <label for="syntax">Syntax Highlight:</label>
<select data-placeholder="None" class="form-control chosen-select" id="syntax" name="syntax"> <select data-placeholder="None" class="form-control chosen-select" id="syntax" name="syntax">
<?php
if($edit_mode == true)
print '<option value="'.$row['highlight'].'">Current ('.$row['highlight'].')</option>';
?>
<option value="plain">Plain</option> <option value="plain">Plain</option>
<option value="applescript">AppleScript</option> <option value="applescript">AppleScript</option>
<option value="as3">ActionScript3 (AS3)</option> <option value="as3">ActionScript3 (AS3)</option>
@ -61,23 +85,28 @@
<option value="sql">Sql</option> <option value="sql">Sql</option>
<option value="vb">VB</option> <option value="vb">VB</option>
<option value="xml">Xml</option> <option value="xml">Xml</option>
</select> </select>
</div> </div>
<!-- Type --> <!-- Type -->
<div class="form-group"> <div class="form-group">
<label for="exposure">Type:</label> <label for="exposure">Type:</label>
<select class="form-control" id="exposure" name="exposure"> <select class="form-control" id="exposure" name="exposure">
<option value="0">Public</option> <?php
<option value="1">Unlisted</option> print '<option value="0">Public</option>';
<?php if($edit_mode == true && $row['exposure'] == 1)
print '<option selected="selected" value="1">Unlisted</option>';
else print '<option value="1">Unlisted</option>';
include_once "includes/user.php"; include_once "includes/user.php";
$userID = -1; $userID = -1;
if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])) if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
$userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]); $userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
if($userID==-1) if($userID==-1)
print '<option value="2" disabled>Private (Members only)</option>'; print '<option value="2" disabled>Private (Members only)</option>';
else print '<option value="2" >Private</option>'; else {
if($edit_mode === true && $row['exposure'] === 2)
print '<option selected="selected" value="2" >Private</option>';
else print '<option value="2" >Private</option>';
}
?> ?>
</select> </select>
</div> </div>

35
edit.php Normal file
View File

@ -0,0 +1,35 @@
<div class="container">
<div class="panel panel-default">
<div class="panel-body">
<?php
if(isset($_GET['id']) && isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
include_once "includes/user.php";
$uid = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
$paste = $_GET['id'];
//connect to db and get paste info
$conn = GetConnectionToDB();
$stmt = $conn->prepare('SELECT * FROM pastes WHERE uid=:uid');
$stmt->bindParam(':uid', $paste);
$stmt->execute();
if($stmt->rowCount()>0){
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if($row['owner'] === $uid){
include "NewPastePanel.php";
} else {
$conn = null;
echo '<center><h4>You are not the owner of the paste '.$row["uid"].'</h4></center>';
echo '<meta http-equiv="refresh" content="2;url=../index.php">';
die();
}
}
} else {
$conn = null;
echo '<center><h4>The paste '.$row["uid"].' does not exist</h4></center>';
echo '<meta http-equiv="refresh" content="2;url=../index.php">';
}
$conn = null;
}
?>
</div>
</div>
</div>

View File

@ -12,7 +12,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
<?php <?php
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
$dir = ""; $dir = "";
if (isset($_GET["user"]))$dir="../"; if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
echo '<link rel="stylesheet" href="'.$dir.'css/bootstrap.min.css">'; echo '<link rel="stylesheet" href="'.$dir.'css/bootstrap.min.css">';
echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>'; echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>';
@ -41,7 +41,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
<div class="navbar-header"> <div class="navbar-header">
<?php <?php
$dir = ""; $dir = "";
if (isset($_GET["user"]))$dir="../"; if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
echo '<a class="navbar-brand" href="'.$dir.'index.php">Palm-Paste</a>'; echo '<a class="navbar-brand" href="'.$dir.'index.php">Palm-Paste</a>';
?> ?>
</div> </div>
@ -54,7 +54,7 @@ if(isset($_GET["page"]) && $_GET["page"] == "login" && isset($_POST["type"]) &&
<?php <?php
include_once "includes/user.php"; include_once "includes/user.php";
$dir = ""; $dir = "";
if (isset($_GET["user"]))$dir="../"; if (isset($_GET["user"]) || isset($_GET["page"]) && $_GET["page"]=="edit")$dir="../";
$userID = -1; $userID = -1;
if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])) if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
$userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]); $userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
@ -129,6 +129,8 @@ if (isset($_GET["page"])){
die(); die();
} else if($_GET["page"] == "signup"){ } else if($_GET["page"] == "signup"){
include_once "signup.php"; include_once "signup.php";
} else if($_GET["page"] == "edit"){
include_once "edit.php";
} else { } else {
$uid = $_GET["page"]; $uid = $_GET["page"];
include_once "ViewPaste.php"; include_once "ViewPaste.php";

View File

@ -3,6 +3,7 @@ location /paste {
if ( $uri !~ ^/paste/(index\.php|css|js|robots\.txt|favicon\.ico|$) ) { if ( $uri !~ ^/paste/(index\.php|css|js|robots\.txt|favicon\.ico|$) ) {
rewrite ^/paste/u/(.*)$ /paste/index.php?user=$1? last; rewrite ^/paste/u/(.*)$ /paste/index.php?user=$1? last;
rewrite ^/paste/delete/(.*)$ /paste/delete.php?id=$1? last; rewrite ^/paste/delete/(.*)$ /paste/delete.php?id=$1? last;
rewrite ^/paste/([^/]+)/(.*)$ /paste/index.php?page=$1&id=$2? last;
rewrite ^/paste/(.*)$ /paste/index.php?page=$1? last; rewrite ^/paste/(.*)$ /paste/index.php?page=$1? last;
} }
if ( $uri ~* ^/paste/u/(css|js) ) { if ( $uri ~* ^/paste/u/(css|js) ) {

View File

@ -69,6 +69,59 @@ if(isset($_POST["type"])){
$conn = null; //close connection to database $conn = null; //close connection to database
header("Location: ".$uid); header("Location: ".$uid);
die(); die();
} else if($_POST["type"]=="edit_paste" && isset($_POST["text"])){
/* Set paste details */
$title = "Untitled";
$text = $_POST["text"];
$exposure = 0;
if(isset($_POST["title"]))
$title = $_POST["title"];
if(isset($_POST["exposure"]) && is_numeric($_POST["exposure"]))
$exposure = $_POST["exposure"];
$uid = $_POST["uid"];
$created = time();
$expire = 0;
if(isset($_POST["expire"]) && is_numeric($_POST["expire"]))
$expire = $created + $_POST["expire"];
$owner = 0;
$syntax = "plain";
if(isset($_POST["syntax"]))
$syntax=$_POST["syntax"];
if(isset($_POST["asguest"]) && $_POST["asguest"]=="on")
$owner = 0;
else if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
include "includes/user.php";
$owner = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
}
/* Get the owner of the paste */
$paste_owner = 0;
$conn = GetConnectionToDB();
$stmt = $conn->query('SELECT owner FROM pastes WHERE uid="'.$uid.'"');
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
$paste_owner = $result['owner'];
}
/* Edit paste in database */
if($owner === $paste_owner && $owner !== 0){
$QuerySTR = " UPDATE pastes SET title=:tit,text=:txt,created=:cre,expire=:exp,exposure=:exposure,owner=:own,highlight=:hl
WHERE uid=:uid";
$stmt = $conn->prepare($QuerySTR);
$stmt->bindParam(':exp', $expire);
$stmt->bindParam(':uid', $uid);
$stmt->bindParam(':tit', $title);
$stmt->bindParam(':txt', $text);
$stmt->bindParam(':cre', $created);
$stmt->bindParam(':exposure', $exposure);
$stmt->bindParam(':own', $owner);
$stmt->bindParam(':hl', $syntax);
$stmt->execute();
$conn = null; //close connection to database
header("Location: ".$uid);
die();
} else {
$conn = null; //close connection to database
echo "<h1>This paste does not belong to you!</h1>";
die();
}
} }
} }
?> ?>