Redesigned to user constants.

6 files changed, 101 insertions, 72 deletions

diff --git a/www/constant.php b/www/constant.php
new file mode 100644
index 0000000..209ff0f
--- /dev/null
+++ b/www/constant.php
@@ -0,0 +1,15 @@
+<?
+define("EMPTY", 0);
+define("LOGIN_SUCCESSFULL", 1);
+define("LOGIN_DATABASE", 2);
+define("LOGIN_PASSWORD", 3);
+define("LOGOUT_SUCCESSFULL", 4);
+define("LOGOUT_FAILURE", 5);
+define("REGISTER_SUCCESSFULL", 6);
+define("REGISTER_PASSWORD", 7);
+define("REGISTER_EMAIL", 8);
+define("REGISTER_DATABASE", 9);
+define("REGISTER_PROHIBITED", 10);
+define("INVITE_SUCCESSFULL", 11);
+define("INVITE_INVITES", 12);
+define("INVITE_DATABASE", 13);
diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php
index 79dec36..ad87a21 100755
--- a/www/functions/func_invite.php
+++ b/www/functions/func_invite.php
@@ -1,68 +1,54 @@
 <?php
 function invite($db){
-        if($_SERVER['REQUEST_METHOD'] == 'POST') {
 
-		if(!$_SESSION["login"]){
-			header("Refresh: 0; /login");
-			return false;
-		}
+	$name=$_SESSION["username"];
+        $safe_name = SQLite3::escapeString("$name");
 
-                $name=$_SESSION["username"];
-                $safe_name = SQLite3::escapeString("$name");
+        $email=$_POST["email"];
+        $safe_email=SQLite3::escapeString("$email");
 
-                $email=$_POST["email"];
-                $safe_email=SQLite3::escapeString("$email");
+        $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';");
+        $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+        $invite = $invite_ar[0];
 
-                $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';");
-                $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
-                $invite = $invite_ar[0];
-
-                if($invite > 0){ 
+        if($invite <= 0){ 
+		return INVITE_INVITES;
+	}
 
         /*Generates the invite key => [-_0-9a-zA-Z]{11}*/
 
-                        $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+      	$key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
 
-                        $length = count($key_array);
-                        $key = ""; 
+         $length = count($key_array);
+         $key = ""; 
 
-                        for ($i=0;$i<11;$i++){
-                                $index = mt_rand(0,$length-1);
-                                $key = "$key".$key_array[$index];
-                        }   
+         for ($i=0;$i<11;$i++){
+               	$index = mt_rand(0,$length-1);
+                $key = "$key".$key_array[$index];
+         }   
 
-                        $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';");
-                        $id_ar = $id_db->fetchArray(SQLITE3_NUM);
-                        $id = $id_ar[0];
+         $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';");
+         $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+         $id = $id_ar[0];
 
         /*Generates the new user and decrease the invites*/
 
-                        $invite = $invite - 1;
-
-                        if($db->exec("
-                                BEGIN TRANSACTION;
-                                INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0);
-                                UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "'; 
-                                COMMIT;")
-                        ){  
-                                $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
-
-                                mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
-
-                                header("Refresh: 0; /invite?reason=success&key=" . $key);
-                                return true;
-
-                        } else {
-                                header("Refresh: 0; /invite?reason=database");
-                                return false;
-                        }   
-
-                } else {
-                        header("Refresh: 0; /invite?reason=invites");
-			return false;
-		}
-	} else {
-		include("invite.php");
-		return false;
-	}
+         $invite = $invite - 1;
+
+         if($db->exec("
+         	BEGIN TRANSACTION;
+                INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0);
+                UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "'; 
+                COMMIT;")
+         ){  
+
+               	$subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+
+                mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
+
+                return INVITE_SUCCESSFULL;
+
+         } else {
+              	return INVITE_DATABASE;
+         }   
 }
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index a09b198..5a3dbc9 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -18,7 +18,7 @@ function login($db){
 
         /*___Login___*/
         if (!password_verify($password, $real_password)) {
-		return "failure";
+		return LOGIN_PASSWORD;
 	}
 
         if($db->exec("
@@ -33,17 +33,17 @@ function login($db){
                 $_SESSION["username"] = $username;
 		$_SESSION["userid"] = $id;
 
-		return "success"; 
+		return LOGIN_SUCCESSFULL; 
 
 	} else {
-		return "database";
+		return LOGIN_DATABASE;
 	}   
 }
 
 function logout(){
         if(session_destroy()){
-                return "logout";
+                return LOGOUT_SUCCESSFULL;
         } else {
-                return false;
+                return LOGOUT_FAILURE;
         }   
 }
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 0555470..252467b 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -9,11 +9,11 @@ function register($db){
         /* checking for empty password etc. */
 
         if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
-		return "password";
+		return REGISTER_PASSWORD;
 	}   
 
 	if(!preg_match("/[^.+@.+]/", $email)){
-		return "encoding";
+		return REGISTER_EMAIL;
 	}   
 
         $safe_name =  SQLite3::escapeString("$name");
@@ -30,7 +30,7 @@ function register($db){
         $test_key = $test_key_ar[0];
 
         if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
-		return "prohibited";
+		return REGISTER_PROHOBITED;
 	}
 
         $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';");
@@ -57,10 +57,10 @@ function register($db){
                 $_SESSION["username"] = $name;
 		$_SESSION["userid"] = $userid;
 
-		return "success";
+		return REGISTER_SUCCESSFULL;
 
 	} else {
-		return "database";
+		return REGISTER_DATABASE;
 	}
 
 }
diff --git a/www/include.php b/www/include.php
index ef1fe91..a9a411a 100755
--- a/www/include.php
+++ b/www/include.php
@@ -1,5 +1,7 @@
 <?php
 
+require_once("constanantt.php");
+
 $func_dir = "functions/";
 
 require_once($func_dir . "func_failure.php");		// 404 and other errors
diff --git a/www/index.php b/www/index.php
index 3f6beea..79c7949 100755
--- a/www/index.php
+++ b/www/index.php
@@ -26,31 +26,56 @@ if(empty($_GET)){
 		switch($_GET["task"]){
 			case("login"):
 				if($_SERVER['REQUEST_METHOD'] == 'POST'){
-					$content = login($db);
-					if($content == "success"){
+					$var = login($db);
+					if($var == LOGIN_SUCCESSFULL){
 						account($db);
 					} else {
-						print_login($content);
+						print_login($var);
 					}
 				} else {
-					$content = "";
-					print_login($content);
+					print_login(EMPTY);
 				}
 				break;
+
 			case("logout"):
-				$value = logout();
-				if(!$value){
-					print_login($value);
+				$var = logout();
+				if($var == LOGOUT_SUCCESSFULL){
+					print_login($var);
 				} else {
 					header("Refresh: 0; /httperror.php?e=500");
 				}
 				break;
+
 			case("invite"):
-				invite($db);
+				if(!$_SESSION["login"]){
+					print_login(EMPTY);
+				}
+
+				if($_SERVER['REQUEST_METHOD'] == 'POST'){
+					$var = invite($db);
+					if($var == INVITE_SUCCESSFULL){
+						header("Refresh: 0; /"); //TODO Direct link to the file browser.
+					} else {
+						print_invite($var);
+					}
+				} else {
+					print_login(EMPTY);
+				}
 				break;
+
 			case("register"):
-				register($db);
+				if($_SERVER['REQUEST_METHOD'] == 'POST'){
+					$var = register($db);
+					if($var == REGISTER_SUCCESSFULL){
+						account($db);
+					} else {
+						print_register($var);
+					}
+				} else {
+					print_register(EMPTY);
+				}
 				break;
+
 /*			case("download"):	//not implemented yet
 				download();
 				break;
@@ -58,6 +83,7 @@ if(empty($_GET)){
 			case("user"):
 				account($db);
 				break;
+
 			default:
 				get_404($_GET["task"], $_GET["task"]);
 				break;