diff options
| author | Horus3 | 2014-03-10 14:01:15 +0100 |
|---|---|---|
| committer | Horus3 | 2014-03-10 14:01:15 +0100 |
| commit | 2e9cc1eea531131cd5a8e25342be3dd0d1978ef1 (patch) | |
| tree | 9267e3bb86e0842596503a6de3d186b0a28bd63d /www/functions.php | |
| parent | 5441b1738f4fed6a51cbf8a44481251358e9518e (diff) | |
| download | files.iamfabulous.de-2e9cc1eea531131cd5a8e25342be3dd0d1978ef1.tar.gz | |
stuff
Diffstat (limited to 'www/functions.php')
| -rw-r--r-- | www/functions.php | 61 |
1 files changed, 57 insertions, 4 deletions
diff --git a/www/functions.php b/www/functions.php index 2f18361..c1cdca6 100644 --- a/www/functions.php +++ b/www/functions.php @@ -2,6 +2,8 @@ /* --LOGIN-- */ +require_once("select_functions.php"); + function login($db){ if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -168,11 +170,15 @@ function register($db){ $second_password = $_POST["2ndpswd"]; $email = $_POST["email"]; - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ + /* checking for empty password etc. */ + + if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ header("Refresh: 0; register?reason=password"); exit; } + /* TODO: allow full unicode */ + if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ header("Refresh: 0; register?reason=encoding"); exit; @@ -191,7 +197,7 @@ function register($db){ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); $test_key = $test_key_arr[0]; - if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ + if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == "" || empty($test_status_db)){ header("Refresh: 0; /register?reason=prohibited"); exit; } else { @@ -243,11 +249,11 @@ function register($db){ function get_404(){ echo "Sorry, page not found. <br>"; -// select(); +// select($db); exit; } -function select($db){ +//function select($db){ @@ -259,4 +265,51 @@ function select($db){ } echo "Presented by func select()!"; */ +//} + +function show($db){ + + /* test if first argument a username or folder */ + + $name = SQLite3::escapeString("$_GET[name]"); + + $name_id_db = $db->query("SELECT id FROM user WHERE name='$name';"); + $name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM); + + if(empty($name_id_ar)){ + + /* if first argument wasn't valid, rewrite the URL to include the username */ + + if($_SESSION["login"]){ + header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . ""); + exit; + } else { + get_404(); + } + } else { + + /* everything was okay, so show the content, please */ + + $content = select($db); + return $content; + //exit; + } +} + +function failure($reason){ + echo "A 404 error occurred. <br>"; + echo $reason; + exit; +} + + +function user($db){ + echo "loged in as: " . $_SESSION["username"]; + $safe_name=SQLite3::escapeString("$_SESSION[username]"); + $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); + $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); + $invite = $invite_ar[0]; + + echo "<br><br>"; + echo "You have currently $invite invites. <br>"; } |