Added new constant 'REGISTER_INVITEKEY'

2 files changed, 8 insertions, 4 deletions

diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 8321339..fc93058 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -25,12 +25,16 @@ function register($db){
         $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM);
         $test_status_int = $test_status_ar[0];
 
+        if (empty($test_status_ar) || $test_status_int != 0){
+		return REGISTER_PROHIBITED;
+	}
+
         $test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';");
         $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM);
         $test_key = $test_key_ar[0];
 
-        if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
-		return REGISTER_PROHIBITED;
+        if ($test_key != $_POST["key"] || $test_key == ""){
+		return REGISTER_INVITEKEY;
 	}
 
         $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';");
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index 204f2d7..f0dc601 100755
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -2,9 +2,9 @@
 function select($db, $owner){
 
 	if($_SESSION["login"] && $_SESSION["userid"] == $owner){ 	// TODO: Check if loged in user really the user who does the query - fix 12.3.14
-		$share="";
+		$share="";						// to print all files, even hidden ones
 	} else {
-		$share ="AND share='PUBLIC'";
+		$share ="AND share='PUBLIC'";				// just use files with the correct permissions
 	}
 	
 	if(empty($_GET["folder"])){