1 files changed, 41 insertions, 4 deletions

diff --git a/main.go b/main.go
index 3571e42..099767c 100644
--- a/main.go
+++ b/main.go
@@ -8,6 +8,9 @@ import (
 	"json"
 	"strconv"
 	"time"
+	"rand"
+	"unicode"
+	"utf8"
 )
 
 type Song struct {
@@ -24,7 +27,7 @@ const debug = true
 
 func main() {
 	templates = template.SetMust(template.ParseTemplateFiles("templates/*.html"))
-
+	rand.Seed(time.Nanoseconds())
 	initDb()
 
 	http.HandleFunc("/", home)
@@ -33,6 +36,7 @@ func main() {
 	http.HandleFunc("/remove/", remove)
 	http.HandleFunc("/move/", move)
 	http.HandleFunc("/poll/", poll)
+	http.HandleFunc("/create/", create)
 	err := http.ListenAndServe("localhost:8000", nil)
 	if err != nil {
 		fmt.Println(err)
@@ -62,10 +66,19 @@ func home(w http.ResponseWriter, r *http.Request) {
 
 func playlist(w http.ResponseWriter, r *http.Request) {
 	id := r.URL.Path[len("/p/"):]
-	if len(id) != 8 {
-		http.Redirect(w, r, "/", 303)
+	if len(id) < 8 {
+		http.Redirect(w, r, "/", http.StatusSeeOther)
+		return
+	}
+
+	db := <-dbPool
+	defer func () {dbPool <- db}()
+	count, err := queryInt(db, "SELECT COUNT(`pid`) FROM `playlist` WHERE `id` = ?", id)
+	if count == 0 || err != nil {
+		http.Redirect(w, r, "/", http.StatusSeeOther)
 		return
 	}
+
 	p := Playlist{Id: id}
 	renderPage(w, "p", p)
 }
@@ -245,7 +258,7 @@ func poll(w http.ResponseWriter, r *http.Request) {
 		defer func () {dbPool <- db}()
 
 		query, err := prepare(db,
-				"SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` WHERE `id` = ? ORDER BY `order` ASC",
+				"SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` USING(`pid`) WHERE `id` = ? ORDER BY `order` ASC",
 				q.Get("pid"))
 
 		updates := make([]Update, 0, 2)
@@ -299,3 +312,27 @@ func poll(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("[]"))
 	}
 }
+
+func create(w http.ResponseWriter, r *http.Request) {
+	id := make([]byte, 24)
+	pos := id
+	for i := 0; i < 8; i++ {
+		for {
+			rune := rand.Intn(65536) // mysql only supports the first 65535 code points
+			if unicode.IsGraphic(rune) {
+				bytes := utf8.EncodeRune(pos, rune)
+				pos = pos[bytes:]
+				break
+			}
+		}
+	}
+	idStr := string(id)
+	db := <-dbPool
+	defer func () {dbPool <- db}()
+	_, err := prepare(db, "INSERT INTO `playlist` (`id`) VALUES(?)", idStr)
+	if err != nil {
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+	http.Redirect(w, r, "/p/" + idStr, http.StatusSeeOther)
+}