index

author: Horus3 2014-02-23 14:23:40 +0100
committer: Horus3 2014-02-23 14:23:40 +0100
commit: b8913a2b52554c98e67785e40bb954303bafd77d (patch)
tree: 9b3c67e491095abec23679f4a58ebe0bfd53292b
parent: be3a6b951626353c15c7d696aeb1c4b4e47f0f3a (diff)
download: files.iamfabulous.de-b8913a2b52554c98e67785e40bb954303bafd77d.tar.gz
3 files changed, 303 insertions, 45 deletions
diff --git a/blob/nginx_rewrite_rules b/blob/nginx_rewrite_rules
index 376a10f..10c6edd 100644
--- a/blob/nginx_rewrite_rules
+++ b/blob/nginx_rewrite_rules
@@ -1,18 +1,18 @@
 location ~* ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
-	rewrite ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?    	/login.php?$1 last;
+	rewrite ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?    	/index.php?task=login&arguments=$1 last;
 }
 
 location ~* ^/?logout([?/]?.*) {
-	rewrite ^/?logout([?/]?.*)                              /login.php?logout last;
+	rewrite ^/?logout([?/]?.*)                              /index.php?task=logout&arguments=$1 last;
 }
 
 
 location ~* ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
-	rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/register.php?$1 last;
+	rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/index.php?task=register&arguments=$1 last;
 }
 
 location ~* ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
-	rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/invite.php?$1 last;
+	rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)?	/index.php?task=invite&arguments=$1 last;
 }
 
 location ~* \.php(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {}		#empty block to catch all
diff --git a/www/functions.php b/www/functions.php
new file mode 100644
index 0000000..56f11ad
--- /dev/null
+++ b/www/functions.php
@@ -0,0 +1,242 @@
+<?
+
+/* --LOGIN-- */
+
+function login(){
+	if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+	/*___Database Query: Login___*/
+		$unsafe_username = $_POST["username"];
+		$unsafe_passwort = $_POST["password"];
+		$username = SQLite3::escapeString("$unsafe_username");
+		$passwort = SQLite3::escapeString("$unsafe_passwort");
+
+		$db = new SQLite3("../database/sqlite.db");
+		$salt_db  = $db->query("SELECT salt FROM user WHERE name='$username';");
+		while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+		        foreach($salt_array as $firstelement){
+		                $salt=$firstelement;
+		        }
+		}
+
+		$password = "$salt"."$passwort";
+		$hash_password = md5($password);
+		for($i=0;$i<15000;$i++)
+		        $hash_password = md5($hash_password);
+
+		$real_password_db = $db->query("SELECT password FROM user WHERE name='$username';");
+		while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+		         foreach($real_password_array as $secondelement){
+		                $real_password=$secondelement;
+		        }
+		}
+
+	/*___Login___*/
+		if ($real_password == $hash_password) {
+
+			if($db->exec("
+				BEGIN TRANSACTION;
+				INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='$username'), (SELECT datetime()) );
+				COMMIT;
+			")){
+
+			$_SESSION["login"] = true;
+			$_SESSION["username"] = "$unsafe_username";
+
+			header("Refresh: 0; /");
+
+			} else {
+				header("Refresh: 0; login?reason=database");
+			}
+		} else {
+			header("Refresh: 0; login?reason=failure");
+		}
+	} else {
+
+	/*Prints the GET version*/
+
+		if($_SESSION["login"]){
+			header("Refresh: 0; /");
+		} else {
+			echo $logout;
+
+			echo "<form method='post' action='/login.php'>
+				<p>Name: <input type='text' name='username'></p>
+				<p>Password: <input type='password' name='password'>
+				<p><input type='submit' name='submit' value='login'></p>
+			</form>";
+		}
+	}
+}
+
+/* --LOGOUT-- */
+
+function logout(){
+	session_destroy();
+	header("Refresh: 0; /login?success");
+	exit;
+}
+
+/* --INVITE-- */
+
+function invite(){
+	if($_SERVER['REQUEST_METHOD'] == 'POST') {
+		$name=$_SESSION["username"];
+		$safe_name = SQLite3::escapeString("$name");
+
+		$email=$_POST["email"];
+		$safe_email=SQLite3::escapeString("$email");
+
+		$db = new SQLite3("../database/sqlite.db");
+
+		$invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+		$invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+		$invite = $invite_ar[0];
+
+		if($invite > 0){
+
+	/*Generates the invite key => [-_0-9a-zA-Z]{11}*/
+
+			$key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+			$length = count($key_array);
+			$key = "";
+
+			for ($i=0;$i<11;$i++){
+				$index = mt_rand(0,$length-1);
+				$key = "$key".$key_array[$index];
+			}
+
+			$id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';");
+			$id_ar = $id_db->fetchArray(SQLITE3_NUM);
+			$id = $id_ar[0];
+
+	/*Generates the new user and decrease the invites*/
+
+			$invite = $invite - 1;
+
+			echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'";
+
+			if($db->exec("
+				BEGIN TRANSACTION;
+				INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '$safe_email', '$id', '$key', 0);
+				UPDATE user SET invites='$invite' WHERE id='$id';
+				COMMIT;")
+			){
+				header("Refresh: 0; /invite?reason=success");
+			} else {
+				header("Refresh: 0; /invite?reason=database");
+			}
+
+		} else {
+			header("Refresh: 0; /invite?reason=invites");
+		}
+	} else {
+
+	/*Prints the formular if requested with GET*/
+
+		foreach ($_GET as $name => $value) {
+			echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+		}
+
+		echo "Hallo $name
+			<form method='post' action='/invite.php'>
+				<p> E-Mail: <input type='text' name='email'></p>
+				<input type='hidden' name='username' value='$_SESSION[username]'>
+				<input type='submit' name='submit' value='invite'>
+			</form>";
+
+		echo "END";
+	}
+}
+
+/* --REGISTER-- */
+
+function register(){
+	if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+		session_start();
+
+		$name = $_POST["name"];
+		$cleartext_password = $_POST["pswd"];
+		$second_password = $_POST["2ndpswd"];
+		$email = $_POST["email"];
+
+		if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+			header("Refresh: 0; register?reason=password");
+			exit;
+		}
+
+		if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
+			header("Refresh: 0; register?reason=encoding");
+			exit;
+		}
+
+		$db = new SQLite3("../database/sqlite.db");
+
+		$safe_name =  SQLite3::escapeString("$name");
+		$safe_email =  SQLite3::escapeString("$email");
+
+	/*Checks the validation of the registration attempt*/
+
+		$test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';");
+		$test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
+		$test_status_int = $test_status_arr[0];
+
+		$test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';");
+		$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+		$test_key = $test_key_arr[0];
+
+		if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
+			header("Refresh: 0; /register?reason=prohibited");
+			exit;
+		} else {
+
+			$id_db = $db->query("SELECT id FROM user WHERE email='$safe_email';");
+			$id_ar = $id_db->fetchArray(SQLITE3_NUM);
+			$id = $id_ar[0];
+
+	/*Generates the encrypted password and the database transactions*/
+
+			$salt = uniqid(mt_rand(), true);
+			$password = "$salt"."$cleartext_password";
+			$hash_password = md5($password);
+			for($i=0;$i<15000;$i++)
+				$hash_password = md5($hash_password);
+
+			if($db->exec("
+				BEGIN TRANSACTION;
+				UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', invites=5, status=1, register=(SELECT datetime()) WHERE id=$id;
+				INSERT INTO files (id, parent, owner, name, folder, mime, size, share, extra) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', NULL);
+				COMMIT;")
+			){
+				$_SESSION["login"] = true;
+				$_SESSION["username"] = $name;
+				header("Refresh: 0; /register?reason=registration");
+			} else {
+				header("Refresh: 0; /register?reason=database");
+			}
+		}
+	} else {
+		foreach ($_GET as $name => $value) {
+			echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+		}
+
+	echo "<form method='post' action='register.php'>
+	<p>Name: <input type='text' name='name'></p>
+	<p>pswd: <input type='password' name='pswd'></p>
+	<p>2ndpsdw: <input type='password' name='2ndpswd'></p>
+	<p>key: <input type='text' name='key'></p>
+	<p>email: <input type='text' name='email'></p>
+	<p><input type='submit'></p>
+	</form>
+	";
+	}
+}
+
+/* --PAGE NOT FOUND - 404 -- */
+
+function 404(){
+	echo "Sorry, page not found.";
+}
+
diff --git a/www/index.php b/www/index.php
index b05b565..726b1eb 100644
--- a/www/index.php
+++ b/www/index.php
@@ -2,17 +2,64 @@
 
 session_start();
 
-echo $_GET[name];
-echo $_GET[folder];
+require_once("functions.php");
 
-if($_SESSION["login"] && $_GET["name"] != $_SESSION["username"]){
-	header("Refresh: 0; /$_SESSION[username]");
-	exit;
+if(empty($_GET)){
+	if($_SESSION["login"]){
+		header("Refresh: 0; /$_SESSION[username]");
+		exit;
+	} else {
+		header("Refresh: 0; /login");
+		exit;
+	}
+} else {
+
+	$db = new SQLite3("../database/sqlite.db");
+	$name = SQLite3::escapeString("$_GET[name]");
+
+	if(empty($_GET["name"])){
+		switch($_GET["task"]){
+			case("login"):
+				login();
+				break;
+			case("logout"):
+				logout();
+				break;
+			case("invite"):
+				invite();
+				break;
+			case("register"):
+				register();
+				break;
+			case("download"):
+				register();
+				break;
+			case("user"):
+				user();
+				break;
+			default:
+				404();
+				break;
+		}
+	} else {
+		$name_id_db = $db->query("SELECT id FROM user WHERE name='$name';");
+		$name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM);
+
+		if(empty($name_id_ar)){
+			if($_SESSION["login"]){
+				$_GET["folder"] = "" . $_GET["name"] . "" . $_GET["folder"] . "";
+				select();
+			} else {
+				404();
+			}
+		} else  {
+			select();
+		}
+	}
 }
 
 
-echo "<br><br>Currently loged in as: ";
-echo $_SESSION["username"];
+echo "loged in as: " . $_SESSION["username"];
 
 $safe_name=SQLite3::escapeString("$_SESSION[username]");
 
@@ -24,41 +71,7 @@ $safe_name=SQLite3::escapeString("$_SESSION[username]");
 
 echo "<br><br>";
 echo "You have currently $invite invites.";
-echo "<br><br>";
-
-if(empty($_GET)){
-	if($_SESSION[login]){
-		header("Refresh: 0; $_SESSION[username]");
-	} else {
-
-		header("Refresh: 0; /login");
-	}
-} else {
-
-	#print_r($_GET);
-	#$ar =array($_GET);
-	#echo "<br> ";
-	#echo $ar[0];
-	#echo "<br> ";
-
-	$i = 0;
-	foreach ($_GET as $name => $value) { //value leer?
-		$args[$i] = $name;
-//		echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
-		$i++;
-	}
-
-	$length = count($args);
-	for ($i=0;$i<$length;$i++){
-		echo "$args[$i] <br>";
-	}
-
-	echo "<br><br>Ende";
 
-	#header("Refresh: 0; /login");
-
-}
-?>
 <form method="post" action="testreg.php">
 <p>Name: <input type="text" name="name"></p>
 <p>pswd: <input type="text" name="pswd"></p>
@@ -67,3 +80,6 @@ if(empty($_GET)){
 <p>email: <input type="text" name="email"></p>
 <p><input type="submit"></p>
 </form>
+
+*/
+?>
author	Horus3	2014-02-23 14:23:40 +0100
committer	Horus3	2014-02-23 14:23:40 +0100
commit	b8913a2b52554c98e67785e40bb954303bafd77d (patch)
tree	9b3c67e491095abec23679f4a58ebe0bfd53292b
parent	be3a6b951626353c15c7d696aeb1c4b4e47f0f3a (diff)
download	files.iamfabulous.de-b8913a2b52554c98e67785e40bb954303bafd77d.tar.gz