People can now signup and users can post private and unlisted pastes

This commit is contained in:
pikami 2016-06-12 15:32:25 +00:00
parent beb9cdd9ec
commit df2eabccb0
9 changed files with 159 additions and 22 deletions

View File

@ -13,6 +13,10 @@
<div class="container-fluid">
<div class="row">
<div class="col-sm-6">
<!-- Posting as guest -->
<div class="checkbox">
<label><input type="checkbox" name="asguest">Post as guest</label>
</div>
<!-- Submit -->
<button type="submit" class="btn btn-default">Submit</button>
</div>
@ -27,7 +31,24 @@
<option value="86400">1 Day</option>
</select>
</div>
<!-- END Expiry -->
<!-- Type -->
<div class="form-group">
<label for="exposure">Type:</label>
<select class="form-control" id="exposure" name="exposure">
<option value="0">Public</option>
<option value="1">Unlisted</option>
<?php
include_once "includes/user.php";
$userID = -1;
if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
$userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
if($userID==-1)
print '<option value="2" disabled>Private (Members only)</option>';
else print '<option value="2" >Private</option>';
?>
</select>
</div>
<!-- END Type -->
</div>
</div>
</div>

View File

@ -4,7 +4,7 @@
<div class="list-group">
<?php
include "config/config.php";
$stmt = $conn->query('SELECT * FROM pastes ORDER BY id DESC LIMIT 5');
$stmt = $conn->query('SELECT * FROM pastes WHERE exposure=0 ORDER BY id DESC LIMIT 5');
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$title = $row['title'];
if(strlen($title)>25)$title = substr($title,0,25)."...";

View File

@ -1,15 +1,24 @@
<div class="panel panel-default">
<div class="container">
<div class="panel panel-default">
<div class="panel-body">
<?php
if(isset($uid)){
include "config/config.php";
include_once "includes/user.php";
$stmt = $conn->query('SELECT * FROM pastes WHERE uid="'.$uid.'"');
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
$conn = null;
if($result["exposure"]==2 && $result["owner"]!=GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"])){
echo "<h1>This paste is private</h1>";
die();
}
echo "<h1>".$result["title"]."</h1>";
echo "<textarea class=\"form-control\" rows=\"5\" disabled=\"true\">".$result["text"]."</textarea>";
}
else echo "Paste does not exist";
$conn = null;
} else echo "Error: id not set";
?>
</div>
</div>
</div>

View File

@ -1,7 +1,6 @@
<?php
function GetUsersIDBySession($sid,$skey){
include "config/config.php";
//SELECT * FROM pastes WHERE uid=
$stmt = $conn->prepare("SELECT uid FROM sessions WHERE id=:sid AND skey=:skey");
$stmt->bindParam(':skey', $skey);
$stmt->bindParam(':sid', $sid);
@ -27,7 +26,17 @@ function UnsetBrowserCookies(){
setcookie("pp_sid", '', time() - 3600);
setcookie("pp_skey", '', time() - 3600);
}
function GetUsernameByID(){
//Placeholder
function GetUserByID($id){
include "config/config.php";
$stmt = $conn->prepare("SELECT * FROM users WHERE id=:id");
$stmt->bindParam(':id', $id);
$stmt->execute();
if($result = $stmt->fetch()){
$conn = null;
return $result;
} else {
$conn = null;
return array(-1,-1,-1,-1);
}
}
?>

View File

@ -11,7 +11,7 @@
<body>
<!-- NavBar -->
<nav class="navbar navbar-inverse">
<div class="container-fluid">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="index.php">Palm-Paste</a>
</div>
@ -27,10 +27,20 @@
if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"]))
$userID = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
if($userID == -1){
echo "<li><a href=\"#\"><span class=\"glyphicon glyphicon-user\"></span> Sign Up</a></li>";
echo "<li><a href=\"signup\"><span class=\"glyphicon glyphicon-user\"></span> Sign Up</a></li>";
echo "<li><a data-toggle=\"modal\" data-target=\"#LoginPopup\" href=\"#\"><span class=\"glyphicon glyphicon-log-in\"></span> Login</a></li>";
} else {
echo "<li><a href=\"login.php?logout=1\"><span class=\"glyphicon glyphicon-log-out\"></span> Logout</a></li>";
$user = GetUserByID($userID);
echo '
<li class="dropdown">
<a class="dropdown-toggle glyphicon glyphicon-user" data-toggle="dropdown" href="#"> '.$user[1].'<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Placeholder</a></li>
<li><a href="#">Placeholder</a></li>
<li><a href="logout">Logout</a></li>
</ul>
</li>
';
}
?>
</ul>
@ -78,6 +88,11 @@ if (isset($_GET["page"])){
include "NewPaste.php";
} else if($_GET["page"] == "login"){
include "login.php";
} else if($_GET["page"] == "logout"){
header("Location: login.php?logout=1");
die();
} else if($_GET["page"] == "signup"){
include "signup.php";
} else {
$uid = $_GET["page"];
include "ViewPaste.php";

View File

@ -14,8 +14,7 @@ if(isset($_GET["logout"])){
UnsetBrowserCookies();
}
header("Location: index.php");
}
if(isset($_POST["type"])){
} else if(isset($_POST["type"])) {
if($_POST["type"]=="login" && isset($_POST["user"]) && isset($_POST["pwd"])){
//Get options
$user = $_POST["user"];
@ -28,7 +27,7 @@ if(isset($_POST["type"])){
$stmt = $conn->prepare('SELECT * FROM users WHERE user=?');
$stmt->execute(array($user));
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
if (password_verify($pwd, $result["password"])){ //$hash = password_hash($pwd ,CRYPT_BLOWFISH);
if (password_verify($pwd, $result["password"])){
$skey = generate_skey();
$stmt = $conn->prepare("INSERT INTO sessions (skey, uid)
VALUES (:skey, :uid)");
@ -51,5 +50,52 @@ if(isset($_POST["type"])){
} else echo "Fail!"; //TODO: No user or SQL fail.
$conn = null;
}
if($_POST["type"]=="register" && isset($_POST["user"]) && isset($_POST["pwd"])){
//Get options
$user = $_POST["user"];
$pwd = $_POST["pwd"];
$hash = password_hash($pwd ,CRYPT_BLOWFISH);
//Register the user
include "config/config.php";
$stmt = $conn->prepare("INSERT INTO users (user,password)
VALUES (:user, :pwd)");
$stmt->bindParam(':user', $user);
$stmt->bindParam(':pwd', $hash);
if($stmt->execute()){
header("Location: login");
} else {
echo "Fail!";
}
$conn = null;
}
} else {
echo '
<div class="container">
<div class="panel panel-default">
<div class="panel-heading">Login</div>
<div class="panel-body">
';
echo '
<form role="form" method="POST" action="login">
<div class="form-group">
<label for="user">Username:</label>
<input type="user" class="form-control" id="user" name="user">
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input type="password" class="form-control" id="pwd" name="pwd">
</div>
<div class="checkbox">
<label><input type="checkbox" name="remember"> Remember me</label>
</div>
<input type=\'hidden\' name=\'type\' value=\'login\'></input>
<button type="submit" class="btn btn-default">Submit</button>
</form>
';
echo '
</div>
</div>
</div>
';
}
?>

View File

@ -31,26 +31,34 @@ if(isset($_POST["type"])){
/* Set paste details */
$title = "Untitled";
$text = $_POST["text"];
$exposure = 0;
if(isset($_POST["title"]))
$title = $_POST["title"];
if(isset($_POST["exposure"]) && is_numeric($_POST["exposure"]))
$$exposure = $_POST["exposure"];
$uid = generate_uid();
$created = time();
$expire = 0;
if(isset($_POST["expire"]) && is_numeric($_POST["expire"]))
$expire = $created + $_POST["expire"];
$owner = 0;
if(isset($_POST["asguest"]) && $_POST["asguest"]=="on")
$owner = 0;
else if(isset($_COOKIE["pp_sid"]) && isset($_COOKIE["pp_skey"])){
include "includes/user.php";
$owner = GetUsersIDBySession($_COOKIE["pp_sid"],$_COOKIE["pp_skey"]);
}
/* Add paste to database */
$QuerySTR = "INSERT INTO pastes (uid,title,text,created)
VALUES (:uid, :tit, :txt, :cre)";
if($expire!=0)
$QuerySTR = "INSERT INTO pastes (uid,title,text,created,expire)
VALUES (:uid, :tit, :txt, :cre, :exp)";
$QuerySTR = "INSERT INTO pastes (uid,title,text,created,expire,exposure,owner)
VALUES (:uid, :tit, :txt, :cre, :exp, :exposure, :own)";
$stmt = $conn->prepare($QuerySTR);
if($expire!=0)
$stmt->bindParam(':exp', $expire);
$stmt->bindParam(':uid', $uid);
$stmt->bindParam(':tit', $title);
$stmt->bindParam(':txt', $text);
$stmt->bindParam(':cre', $created);
$stmt->bindParam(':exposure', $exposure);
$stmt->bindParam(':own', $owner);
$stmt->execute();
$conn = null; //close connection to database
header("Location: ".$uid);

29
signup.php Normal file
View File

@ -0,0 +1,29 @@
<div class="container">
<div class="panel panel-default">
<div class="panel-heading">Register</div>
<div class="panel-body">
<!-- Panel Content -->
<form class="form-horizontal" role="form" method="POST" action="login">
<div class="form-group">
<label class="control-label col-sm-2" for="user">Username:</label>
<div class="col-sm-10">
<input type="user" class="form-control" id="user" placeholder="Enter username" name="user">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="pwd" placeholder="Enter password" name="pwd">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input type='hidden' name='type' value='register'></input>
<button type="submit" class="btn btn-default" >Submit</button>
</div>
</div>
</form>
<!-- END Panel Content -->
</div>
</div>
</div>