diff options
| author | root | 2014-03-12 19:40:22 +0100 |
|---|---|---|
| committer | root | 2014-03-12 19:40:22 +0100 |
| commit | 3e38a85eb59872496eb5d80f2a971f444bc2c97d (patch) | |
| tree | b805af163a815bacb96f63bfebce53aa8f365b60 | |
| parent | f0a3315c79da986224a00429431ae3e5c78c9c33 (diff) | |
| parent | 246cd8a39c64c174171784fb891a6aca8e3c7dc4 (diff) | |
| download | files.iamfabulous.de-3e38a85eb59872496eb5d80f2a971f444bc2c97d.tar.gz | |
Respects your privacy now
| -rw-r--r-- | www/functions/func_register.php | 14 | ||||
| -rw-r--r-- | www/functions/func_select.php | 19 | ||||
| -rw-r--r-- | www/httperror.php | 27 | ||||
| -rw-r--r-- | www/upload.php | 11 |
4 files changed, 49 insertions, 22 deletions
diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 3fc9949..10f1d5d 100644 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -10,14 +10,14 @@ function register($db){ /* checking for empty password etc. */ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); + header("Refresh: 0; /register?reason=password"); return false; } /* TODO: allow full unicode */ if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); + header("Refresh: 0; /register?reason=encoding"); return false; } @@ -27,14 +27,14 @@ function register($db){ /*Checks the validation of the registration attempt*/ $test_status_db = $db->query("SELECT status FROM user WHERE email='" . $safe_email . "';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; + $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM); + $test_status_int = $test_status_ar[0]; $test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; + $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM); + $test_key = $test_key_ar[0]; - if (empty($test_status_db) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ + if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ header("Refresh: 0; /register?reason=prohibited"); return false; } else { diff --git a/www/functions/func_select.php b/www/functions/func_select.php index 4ca9e66..ca3c53f 100644 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -13,28 +13,22 @@ function select($db){ } $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); - if(empty($owner_db)){ + $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); + if(empty($owner_ar)){ failure("This user doesn't exist."); } - $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); $owner = $owner_ar[0]; $folder_array_unsafe = explode("/",$_GET["folder"]); $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); - if(empty($root_db)){ - failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please."); - } $root_ar = $root_db->fetchArray(SQLITE3_NUM); if(empty($root_ar)){ - failure("empty"); - } - $root_id = $root_ar[0]; - if(!$root_id > 0){ failure("Seems like the user doesn't want to show his tree: " . $root_id); } + $root_id = $root_ar[0]; $parentdir = SQLite3::escapeString($root_id); $temp_id = $root_id; @@ -42,10 +36,12 @@ function select($db){ if(!empty($folder_array_unsafe[$i])){ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); - if(empty($parentdir_db)){ + + $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if(empty($prim_id)){ failure("Database error."); } - $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if($parentdir != $prim_id[1]){ $wrong_folder = $folder_array_unsafe[$i]; @@ -76,7 +72,6 @@ function select($db){ $content[$count][6] = $row[6]; $content[$count][7] = $row[7]; $content[$count][8] = $row[8]; - //echo "<a href='/". $user . "/" . $content[$count][3] . "'>" . $content[$count][3] . "</a><br>"; $count++; } diff --git a/www/httperror.php b/www/httperror.php index 5deff9f..58ac0cc 100644 --- a/www/httperror.php +++ b/www/httperror.php @@ -19,7 +19,30 @@ <?php include("static/header.html");?> <link rel="stylesheet" type="text/css" href="/static/httperror.css"> <div id="Error-Page-content"> - <h1 id="Error-Page-head" >404</h1> - <h2 id="Error-Page-description" >Wow! I didn't see that coming...Well, I'm sorry...</h2> + <?php if(!isset($_GET['e'])){ + echo '<h1 id="Error-Page-head" >404</h1>'; + echo '<h2 id="Error-Page-description" >Wow! I didn't see that coming...Well, I'm sorry...</h2></br></br>'; + echo '<h3 id="Error-Page-detail">"'.$wrong_folder.'" wasn't found in "'. implode("/", $working_path)."/". '"</h3>'; + + }elseif($_GET['e']==401){ + echo '<h1 id="Error-Page-head" >'.$_GET['e'].'</h1>'; + echo '<h2 id="Error-Page-description" >Restricted Area | Authorized Personnel only</h2>'; + + }elseif($_GET['e']==403){ + echo '<h1 id="Error-Page-head" >'.$_GET['e'].'</h1>'; + echo '<h2 id="Error-Page-description" >I could do that. I choose not to...</h2>'; + + }elseif($_GET['e']==500){ + echo '<h1 id="Error-Page-head" >'.$_GET['e'].'</h1>'; + echo '<h2 id="Error-Page-description" >Oops! No that didn't just happen. NO....</br> Fine, it's my fault and i feel bad. </h2>'; + + }elseif($_GET['e']==502){ + echo '<h1 id="Error-Page-head" >'.$_GET['e'].'</h1>'; + echo '<h2 id="Error-Page-description" >A server i'm trying to contact is acting stupid. </br>It's not my fault. I swear.</h2>'; + + }elseif($_GET['e']==504){ + echo '<h1 id="Error-Page-head" >'.$_GET['e'].'</h1>'; + echo '<h2 id="Error-Page-description" >A server i'm trying to contact is insanely slow. </br>I can't wait forever. I'm sorry!</h2>'; + }?> </div> <?php include("static/footer.html");?> diff --git a/www/upload.php b/www/upload.php index ed25d85..2858e72 100644 --- a/www/upload.php +++ b/www/upload.php @@ -67,7 +67,8 @@ function upload($db){ $filehash = hash_file("md5", $_FILES['userfile']['tmp_name']); $hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';"); - if(empty($hashtest_db)){ + $hashtest_ar = $hashtest_ar->fetchArray(SQLITE3_NUM); + if(empty($hashtest_ar)){ if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){ @@ -110,4 +111,12 @@ function upload($db){ } } +function web_upload($db){ // no use atm + $url = ; + if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){ + echo "hyperlink detected"; + } else { + echo "no hyperlink"; + } +} upload($db); |