stuff

7 files changed, 128 insertions, 39 deletions

diff --git a/blob/nginx_rewrite_rules b/blob/nginx_rewrite_rules
index 8a3d0df..56e3ecc 100644
--- a/blob/nginx_rewrite_rules
+++ b/blob/nginx_rewrite_rules
@@ -17,6 +17,11 @@ location ~* ^/?invite(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ {
 	rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/index.php?task=invite&arguments=$1	last;
 }
 
+
+location ~* ^/?user(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ {
+        rewrite ^/?user(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/index.php?task=user&arguments=$1     	last;
+}
+
 location ~* \.php(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ {}		#empty block to catch all
 
 location / {
diff --git a/www/.index.php.swp b/www/.index.php.swp
new file mode 100644
index 0000000..7dc5069
--- /dev/null
+++ b/www/.index.php.swp
diff --git a/www/.select.php.swp b/www/.select.php.swp
new file mode 100644
index 0000000..381d100
--- /dev/null
+++ b/www/.select.php.swp
diff --git a/www/functions.php b/www/functions.php
index 2f18361..c1cdca6 100644
--- a/www/functions.php
+++ b/www/functions.php
@@ -2,6 +2,8 @@
 
 /* --LOGIN-- */
 
+require_once("select_functions.php");
+
 function login($db){
 	if($_SERVER['REQUEST_METHOD'] == 'POST') {
 
@@ -168,11 +170,15 @@ function register($db){
 		$second_password = $_POST["2ndpswd"];
 		$email = $_POST["email"];
 
-		if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+	/* checking for empty password etc. */
+
+		if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
 			header("Refresh: 0; register?reason=password");
 			exit;
 		}
 
+	/* TODO: allow full unicode */
+
 		if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
 			header("Refresh: 0; register?reason=encoding");
 			exit;
@@ -191,7 +197,7 @@ function register($db){
 		$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
 		$test_key = $test_key_arr[0];
 
-		if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
+		if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == "" || empty($test_status_db)){
 			header("Refresh: 0; /register?reason=prohibited");
 			exit;
 		} else {
@@ -243,11 +249,11 @@ function register($db){
 
 function get_404(){
 	echo "Sorry, page not found. <br>";
-//	select();
+//	select($db);
 	exit;
 }
 
-function select($db){
+//function select($db){
 
 
 
@@ -259,4 +265,51 @@ function select($db){
 	}
 	echo "Presented by func select()!";
 */
+//}
+
+function show($db){
+
+	/* test if first argument a username or folder */
+
+	$name = SQLite3::escapeString("$_GET[name]");
+
+	$name_id_db = $db->query("SELECT id FROM user WHERE name='$name';");
+	$name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM);
+
+	if(empty($name_id_ar)){
+		
+		/* if first argument wasn't valid, rewrite the URL to include the username */
+
+		if($_SESSION["login"]){
+			header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . "");
+			exit;
+		} else {
+			get_404();
+		}
+	} else {
+
+		/* everything was okay, so show the content, please */
+
+		$content = select($db);
+		return $content;
+		//exit;
+	}
+}
+
+function failure($reason){
+	echo "A 404 error occurred. <br>";
+	echo $reason;
+	exit;
+}
+
+
+function user($db){
+	echo "loged in as: " . $_SESSION["username"];
+	$safe_name=SQLite3::escapeString("$_SESSION[username]");
+	$invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+	$invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+	$invite = $invite_ar[0];
+
+	echo "<br><br>";
+	echo "You have currently $invite invites. <br>";
 }
diff --git a/www/index.php b/www/index.php
index ea8d675..d1f86ee 100644
--- a/www/index.php
+++ b/www/index.php
@@ -18,6 +18,8 @@ if(empty($_GET)){
 
 	$name = SQLite3::escapeString("$_GET[name]");
 
+	/* checks for specific site url's */
+
 	if(empty($_GET["name"])){
 		switch($_GET["task"]){
 			case("login"):
@@ -35,48 +37,19 @@ if(empty($_GET)){
 /*			case("download"):	//not implemented yet
 				download();
 				break;
+*/
 			case("user"):
-				user();
+				user($db);
 				break;
-*/			default:
+			default:
 				get_404();
 				break;
 		}
 	} else {
-		$name_id_db = $db->query("SELECT id FROM user WHERE name='$name';");
-		$name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM);
-
-		if(empty($name_id_ar)){
-			if($_SESSION["login"]){
-				header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . "");	//rewrite the URL to include the username
 
-//				echo "Eingeloggt! Zeige deine Ordner beginnend mit '$_GET[name]' ! <br><br>";
-//				$_GET["folder"] = "" . $_GET["name"] . "/" . $_GET["folder"] . "";
-//				$_GET["name"] = $_SESSION["username"];
-//				select();
+	/* shows the user content, main function */
 
-				exit;
-			} else {
-				get_404();
-			}
-		} else  {
-			select();
-			exit;
-		}
+		$content = show($db);
+		var_dump($content);
 	}
 }
-
-
-echo "loged in as: " . $_SESSION["username"];
-
-$safe_name=SQLite3::escapeString("$_SESSION[username]");
-
-	$db = new SQLite3("../database/sqlite.db");
-
-        $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
-        $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
-        $invite = $invite_ar[0];
-
-echo "<br><br>";
-echo "You have currently $invite invites. <br>";
-select();
diff --git a/www/select.php b/www/select.php
index 5f6504b..ffa12d1 100644
--- a/www/select.php
+++ b/www/select.php
@@ -63,3 +63,6 @@ for($i=0; $i<$length; $i++){
 		echo "<br>";
 	}
 }
+
+$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
+$content_ar = $conten_db->fetchArray(SQLITE3_NUM);
diff --git a/www/select_function.php b/www/select_function.php
new file mode 100644
index 0000000..b83fe04
--- /dev/null
+++ b/www/select_function.php
@@ -0,0 +1,55 @@
+function select($db){
+	if($_SESSION["login"]){
+		$share="";
+	} else {
+		$share ="AND share='PUBLIC'";
+	}
+
+	if(!empty($_GET["name"])){
+	        $user = $_GET["name"];
+	} else {
+	        failure("No user input.");
+	}
+
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
+	if(empty($owner_db)){
+		failure("This user doesn't exist.");
+	}
+
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	$owner    = $owner_ar[0];
+
+	$folder_array_unsafe = explode("/",$_GET["folder"]);
+	$length = count($folder_array_unsafe);
+
+	$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
+	if(empty($root_db)){
+		failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please.");
+	}
+	$root_ar = $root_db->fetchArray(SQLITE3_NUM);
+	$root_id = $root_ar[0];
+	$parentdir = SQLite3::escapeString($root_id);
+	$temp_id = $root_id;
+
+	for($i=0; $i<$length; $i++){
+	
+		if(!empty($folder_array_unsafe[$i])){
+			$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
+			if(empty($parentdir_db)){
+				failure("Database error.");
+			}
+			$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+			if($parentdir != $prim_id[1]){
+				failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]);
+			}
+
+			$parentdir = $prim_id[0];
+		}
+	}
+
+	$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
+	$content_ar = $conten_db->fetchArray(SQLITE3_NUM);
+
+	return $content_ar;
+
+}