diff options
| author | moehm | 2014-03-26 08:06:47 +0100 |
|---|---|---|
| committer | moehm | 2014-03-26 08:06:47 +0100 |
| commit | caa6a7afee2da0d62cd31ef76506d0f37e259f4d (patch) | |
| tree | 6877a822b1a2f272493d66948c3270ce58e11768 | |
| parent | e009b1e84dcbcc83f39652695eb86c6e64cc6a11 (diff) | |
| download | files.iamfabulous.de-caa6a7afee2da0d62cd31ef76506d0f37e259f4d.tar.gz | |
Various improvements, e.g. move_folder() and a new database layout.
| -rwxr-xr-x | blob/database_schema | 4 | ||||
| -rw-r--r-- | www/constants.php | 6 | ||||
| -rw-r--r-- | www/functions/func_delete.php | 8 | ||||
| -rw-r--r-- | www/functions/func_download.php | 4 | ||||
| -rw-r--r-- | www/functions/func_folder.php | 48 | ||||
| -rwxr-xr-x | www/functions/func_register.php | 2 | ||||
| -rwxr-xr-x | www/include.php | 1 | ||||
| -rwxr-xr-x | www/setup.php | 9 |
8 files changed, 65 insertions, 17 deletions
diff --git a/blob/database_schema b/blob/database_schema index f413e22..eef9aec 100755 --- a/blob/database_schema +++ b/blob/database_schema @@ -1,8 +1,8 @@ #Database schema for SQLite3 database, stored in "../database/sqlite.db", based on the "www" directory -CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT); +CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT, color_folder TEXT, color_file TEXT); -CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, FOREIGN KEY(owner) REFERENCES user(id)); +CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, download_link TEXT, FOREIGN KEY(owner) REFERENCES user(id)); CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login TEXT, FOREIGN KEY(user) REFERENCES user(id)); diff --git a/www/constants.php b/www/constants.php index 15db956..e98111e 100644 --- a/www/constants.php +++ b/www/constants.php @@ -75,3 +75,9 @@ define("EMPTY_FOLDER", 58); define("DOWNLOAD_FALSE_ID", 59); define("DOWNLOAD_NOT_FILE", 60); define("DOWNLOAD_PRIVATE_FILE", 61); + +define("MV_OLD_FOLDER_NOT_OWNER", 62); +define("MV_NEW_FOLDER_NOT_OWNER", 63); +define("MV_FOLDER_TARGET_NOT_EXIST", 64); +define("MV_FOLDER_SUCCESS", 65); +define("MV_FOLDER_DATABASE", 66); diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php index 17da1c4..059bc3b 100644 --- a/www/functions/func_delete.php +++ b/www/functions/func_delete.php @@ -61,8 +61,8 @@ function delete_file($user, $path){ } for($i=0; $i<count($hash_ar); $i++){ - if(!unlink($uploaddir.$file_hash.".gz")){ - if(!$file_hash[$i] != ""){ + if(!$file_hash[$i] != ""){ + if(!unlink($uploaddir.$file_hash.".gz")){ return DELETE_FILE_UNLINK; } } @@ -170,8 +170,8 @@ function delete_user($user, $password, $password_verify){ } for($i=0; $ii<count($hash_ar); $i++){ - if(!unlink($uploaddir.$hash_ar[$i].".gz")){ - if($hash_ar[$i] != ""){ + if($hash_ar[$i] != ""){ + if(!unlink($uploaddir.$hash_ar[$i].".gz")){ return DELETE_USER_FILE_DELETE; } } diff --git a/www/functions/func_download.php b/www/functions/func_download.php index e3e36aa..2239c71 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -66,7 +66,7 @@ function check_file_hash($db, $file_id, $download_hash){ return DOWNLOAD_FALSE_ID; } - $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); + $check_hash_db = $db->query("SELECT folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM); if($check_hash_ar[0] != "FILE"){ @@ -74,7 +74,7 @@ function check_file_hash($db, $file_id, $download_hash){ } if($check_hash_ar[1] != "PUBLIC"){ - if($check_hash_ar[0] != $download_hash){ + if($check_hash_ar[2] != $download_hash){ return DOWNLOAD_PRIVATE_FILE; } } diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php index cd60852..c511897 100644 --- a/www/functions/func_folder.php +++ b/www/functions/func_folder.php @@ -1,5 +1,17 @@ <?php +function database_mkdir($file_id, $new_folder_name, $share){ + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', ''); + COMMIT; + ")){ + return true; + } else { + return false; + } +} + function create_folder($path, $new_folder_name, $share){ $db = $GLOBALS["db"]; @@ -29,14 +41,44 @@ function create_folder($path, $new_folder_name, $share){ return MKDIR_DUPLICATE; } } + + if(database_mkdir($file_id, $new_folder_name, $share)){ + return MKDIR_SUCCESS; + } else { + return MKDIR_DATABASE; + } +} + +function move_folder($old_path, $new_path){ + $db = $GLOBALS["db"]; + $old_file_id = select_file_id($db, $_SESSION["userid"], $old_path); + $new_file_id = select_file_id($db, $_SESSION["userid"], $new_path); + + $old_folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$old_file_id.";"); + $old_folder_owner_ar = $old_folder_owner_db->fetchArray(SQLITE3_NUM); + + if($_SESSION["userid"] != $old_folder_owner_ar[0]){ + return MV_OLD_FOLDER_NOT_OWNER; + } + + if(!$new_file_id){ + return MV_FOLDER_TARGET_NOT_EXIST; + } + + $new_folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$new_file_id.";"); + $new_folder_owner_ar = $new_folder_owner_db->fetchArray(SQLITE3_NUM); + + if($_SESSION["userid"] != $new_folder_owner_ar[0]){ + return MV_NEW_FOLDER_NOT_OWNER; + } if($db->exec(" BEGIN TRANSACTION; - INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', ''); + UPDATE files SET parent=".$new_file_id." WHERE id=".$old_file_id."; COMMIT; ")){ - return MKDIR_SUCCESS; + return MV_FOLDER_SUCCESS; } else { - return MKDIR_DATABASE; + return MV_FOLDER_DATABASE; } } diff --git a/www/functions/func_register.php b/www/functions/func_register.php index b87d81f..90cbd7d 100755 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -59,7 +59,7 @@ function register($db){ if($db->exec(" BEGIN TRANSACTION; - UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT datetime()) WHERE id=" . $id . "; + UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT datetime()), color_folder='DEFAULT', color_file='DEFAULT' WHERE id=" . $id . "; INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, ''); INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT datetime())); COMMIT;") diff --git a/www/include.php b/www/include.php index aa90993..69e6227 100755 --- a/www/include.php +++ b/www/include.php @@ -30,4 +30,3 @@ require_once($func_dir . "func_upload.php"); // handles the file upload require_once("login.php"); // prints the login page require_once("register.php"); // prints the register page require_once("browse.php"); // prints the file browser page - diff --git a/www/setup.php b/www/setup.php index a841ad4..93551aa 100755 --- a/www/setup.php +++ b/www/setup.php @@ -52,10 +52,10 @@ if($bool){ if($db->exec(" BEGIN TRANSACTION; - CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT); - INSERT INTO user (id, name, senpai, key, status, invites, password, email, register) VALUES (NULL, 'admin', 0, '11111', 1, 5, '" . $hash_password . "', '" . $email . "', (SELECT datetime()) ); - CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, FOREIGN KEY(owner) REFERENCES user(id)); - INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, 0, 1, '/', 'DIRECTORY', 0, 'HIDDEN', ''); + CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT, color_folder TEXT, color_file TEXT); + INSERT INTO user (id, name, senpai, key, status, invites, password, email, register, color_folder, color_file) VALUES (NULL, 'admin', 0, '11111', 1, 5, '" . $hash_password . "', '" . $email . "', (SELECT datetime()), 'DEFAULT', 'DEFAULT' ); + CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, download_link TEXT, FOREIGN KEY(owner) REFERENCES user(id)); + INSERT INTO files (id, parent, owner, name, folder, size, share, hash, download_link) VALUES (NULL, 0, 1, '/', 'DIRECTORY', 0, 'HIDDEN', '', ''); CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login TEXT, FOREIGN KEY(user) REFERENCES user(id)); CREATE TRIGGER IF NOT EXISTS delete_files AFTER DELETE ON user FOR EACH ROW BEGIN DELETE FROM files WHERE owner=OLD.id; END; COMMIT;") @@ -65,6 +65,7 @@ if($bool){ $_SESSION["userid"] = 1; echo "Success! You will redirected any moment."; + include("include.php"); header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/admin"); } else { echo "Failure! :( <br>"; |