Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $dbhost = "localhost"; //your hostname (normally localhost)
- $dbuser = "xxxxxxxxxx"; //database username
- $dbpass = "xxxxxxxxxxx"; //database password
- $dbname = "xxxxxxxxxxxxx"; //database name
- $conn = mysql_connect("".$dbhost."","".$dbuser."","".$dbpass."");
- mysql_select_db("".$dbname."") or die(mysql_error());
- $id = $_POST['id'];
- function getpassword($id){
- $query = mysql_query("SELECT * FROM `paste` WHERE `id` = '$id'") or die(mysql_error());
- $row = mysql_fetch_array($query);
- return $row['1'];
- }
- function gettempo($id){
- $query = mysql_query("SELECT * FROM `paste` WHERE `id` = '$id'") or die(mysql_error());
- $row = mysql_fetch_array($query);
- return $row['5'];
- }
- $tempo = gettempo($id);
- $password = getpassword($id);
- $post = $_POST['password'];
- $postpass = hash('sha512', $tempo . $post . $tempo);
- $content = $_POST['text'];
- $check = mysql_query("SELECT * FROM `paste` WHERE `id` = '$id'") or die(mysql_error());
- if(mysql_num_rows($check) == 0){
- header('Location: index.php');
- }else if ( $postpass != $password ) {
- session_start();
- $_SESSION[ 'content' ] = $content;
- $url = 'index.php?id=' . $id . '&error=1';
- header('Location: ' . $url);
- }else if(isset($_POST['delete'])) {
- mysql_query("DELETE FROM `paste` WHERE `id` = '$id'");
- $url = 'index.php';
- header('Location: ' . $url);
- }else{
- mysql_query("UPDATE `paste` SET `content` = '$content' WHERE `id` = '$id'");
- $url = 'index.php?id=' . $id;
- header('Location: ' . $url);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement