func upload()

3 files changed, 58 insertions, 131 deletions

diff --git a/www/constants.php b/www/constants.php
index 9d3bd7f..235f34a 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -34,3 +34,13 @@ define("MKDIR_SUCCESS", 24);
 define("MKDIR_OWNER", 25);
 define("MKDIR_LOGIN", 26);
 define("MKDIR_DATABASE", 27);
+
+define("UPLOAD_SUCCESS", 28);
+define("UPLOAD_DATABASE", 29);
+define("UPLOAD_LOGIN", 30);
+define("UPLOAD_UPLOAD", 31);
+define("UPLOAD_PARENTFOLDER", 32); // cur. tested if integer. Later should be if owner and uploader the same person
+define("UPLOAD_QUOTA", 33);
+define("UPLOAD_FILE_HANDLING", 34);
+define("UPLOAD_MOVING", 35);
+define("UPLOAD_DUPLICATE", 36);
diff --git a/www/createfolder.php b/www/createfolder.php
deleted file mode 100755
index 563f352..0000000
--- a/www/createfolder.php
+++ /dev/null
@@ -1,96 +0,0 @@
-<?php
-
-/* DO NOT TOUCH! This is buggy as hell. */
-
-session_start();
-
-if(!$_SESSION["login"]){
-	header("Refresh: 0; /login");
-	exit;
-}
-
-if($_SERVER['REQUEST_METHOD'] == 'POST'){
-
-	function database_error(){
-		echo "Database error!";
-		exit;
-	}
-
-	$folder=$_POST["folder"];
-	$name = $_POST["username"];
-	$sname =  SQLite3::escapeString("$name");
-	$public = SQLite3::escapeString("$_POST[public]");
-	$pwd_unsafe = $_POST["pwd"];
-	$pwd = SQLite3::escapeString("$pwd_unsafe");
-	$type = SQLite3::escapeString("$_POST[type]");
-
-
-	if(preg_match("/^\//", $folder)){
-		$absolutpath = true;
-		$k=2;			// what the fuck is this?
-	} else {
-		$absolutpath = false;
-	}
-
-
-	$folder_array_unsafe = explode("/",$folder);
-	$length = count($folder_array_unsafe);
-
-	$db = new SQLite3("../database/sqlite.db");
-
-	$id_db = $db->query("SELECT id FROM user WHERE name='" . $sname . "';");
-	$id_ar = $id_db->fetchArray(SQLITE3_NUM);
-	$id = $id_ar[0];
-
-	if(!preg_match("/[0-9]+/", $id)){
-		database_error();
-	}
-
-	for($i=0; $i<$length; $i++){
-		if(!empty($folder_array_unsafe[$i])){
-			$folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
-			if($absolutpath){
-				if($db->exec("
-					INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $k . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
-				")){
-					$primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $folder_array[$i] . "';");
-					$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
-					$primary_key = $primary_key_ar[0];
-					$k=$primary_key;
-				} else {
-					database_error();
-				}
-			} else {
-				$primary_key_db = $db->query("SELECT id FROM files WHERE name='".$pwd."';"); //TODO That doesn't make any sense to me at all! //This makes sense in the context.
-				$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
-				$primary_key = $primary_key_ar[0];
-				if($db->exec("
-					BEGIN TRANSACTION;
-					INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $primary_key . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
-					COMMIT;
-				")){
-					$pwd='$folder_array[$i]';
-				} else {
-					database_error();
-				}
-			}
-		}
-
-	}
-
-	header("Refresh: 0; /" . $name);
-
-} else {
-
-	echo "Hallo $_SESSION[username];
-	<form method='post' action='/createfolder.php'>
-		<p> Folder: <input type='text' name='folder'></p>
-		<p> Public? <input type='text' name='public'></p>
-		<p> pwd: <input type='text' name='pwd'></p>
-		<input type='hidden' name='username' value='$_SESSION[username]'>
-		<input type='hidden' name='type' value='DIRECTORY'>
-		<input type='submit' name='submit' value='create'>
-	</form>";
-
-	echo "END";
-}
diff --git a/www/upload.php b/www/functions/func_upload.php
index 4cc056c..55d9492 100755
--- a/www/upload.php
+++ b/www/functions/func_upload.php
@@ -1,14 +1,18 @@
 <?php
 
-session_start();
+/* This was tested with this interface, where PWD the primary key from the working directory is:
 
-$db = new SQLite3("../database/sqlite.db");
 
-function error($reason){
-	echo "Failure! <br>";
-	echo $reason;
-	exit;
-}
+<!DOCTYPE html>
+<form method='post' action='/upload.php' enctype="multipart/form-data">
+<p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p>
+
+<p>PWD: <input type='text' name='pwd'></p><!-- an INTEGER!! -->
+<p>Share: <input type='text' name='share'>
+<p><input type='submit' name='submit' value='upload'></p>
+</form>
+
+*/
 
 function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
 	if($db->exec("
@@ -25,17 +29,16 @@ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $si
 function upload($db){
 
 	if(!$_SESSION["login"]){
-		error("Operation not permitted.");
-		exit;
+		return UPLOAD_LOGIN;
 	}
 	
 	if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
-		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
+		return UPLOAD_UPLOAD;
 	}
 
 	$parentdir = SQLite3::escapeString("$_POST[pwd]");
 	if(!preg_match("/[0-9]+/", $parentdir)){
-		error("Invalid parent folder.");
+		return UPLOAD_PARENTFOLDER;
 	}
 
 	$ownername = SQLite3::escapeString($_SESSION['username']);
@@ -52,7 +55,7 @@ function upload($db){
 	}
 
 	if($overall_size > 2147483648){		// == 2GB
-		error("Quota exceeded");
+		return UPLOAD_QUOTA;
 	}
 
 	$filename = $_FILES['userfile']['name'];
@@ -67,8 +70,8 @@ function upload($db){
 	$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
 
 	$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
-	$hashtest_ar = $hashtest_ar->fetchArray(SQLITE3_NUM);
-	if(empty($hashtest_ar)){
+	$hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM);
+	if(empty($hashtest_ar[0])){
 
 		if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
 
@@ -77,46 +80,56 @@ function upload($db){
 				$fp = gzopen($gzfile, 'w9');
 
 				if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
-					error("Something wrong writh the intern file handling.");
+					return UPLOAD_FILE_HANDLING;
 				}
 
 				if(!gzclose($fp)){
-					error("Something wrong writh the intern file handling.");
+					return UPLOAD_FILE_HANDLING;
 				}
 
 				if(!unlink($uploaddir . $filename)){
-					error("Something wrong writh the intern file handling.");
+					return UPLOAD_FILE_HANDLING;
 				}
 
-				echo "Success!";
+				return UPLOAD_SUCCESS;
 
 			} else {
-				error("Database error.");
+				return UPLOAD_DATABASE;
 			}
 
 		} else {
-			error("Moving failed.");
+			return UPLOAD_MOVING;
 		}
 	} else {
-		if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
 
-			if(!unlink($_FILES['userfile']['tmp_name'])){
-				error("Something wrong writh the intern file handling.");
+		$dupl_db = $db->query("SELECT parent FROM files WHERE hash='" . $filehash . "';");
+
+		while($row = $dupl_db->fetchArray(SQLITE3_NUM)){
+			if($row[0] == $parentdir){
+				return UPLOAD_DUPLICATE;
 			}
-			echo "Success!";
+		}
+		
+		if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+			return UPLOAD_DATABASE;
+		}
 
-		} else {
-			error("Database error.");
+		if(!unlink($_FILES['userfile']['tmp_name'])){
+			return UPLOAD_FILE_HANDLING;
 		}
-	}
-}
 
-function web_upload($db){		// no use atm
-	$url = ; 
-	if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
-		echo "hyperlink detected";
-	} else {
-		echo "no hyperlink";
+		return UPLOAD_SUCCESS;
 	}
 }
-upload($db);
+
+//not used atm
+
+//function web_upload($db){
+//	$url = $_POST["url"]; 
+//	if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
+//		echo "hyperlink detected";
+//	} else {
+//		echo "no hyperlink";
+//	}
+//}
+