diff options
| author | moehm | 2014-03-26 13:06:09 +0100 |
|---|---|---|
| committer | moehm | 2014-03-26 13:06:09 +0100 |
| commit | cb74ce9e9702677225102fc06b5adda8ce692cdc (patch) | |
| tree | 2597430952958147f12f36d8ea8fd367b1b8715e /www/functions | |
| parent | caa6a7afee2da0d62cd31ef76506d0f37e259f4d (diff) | |
| download | files.iamfabulous.de-cb74ce9e9702677225102fc06b5adda8ce692cdc.tar.gz | |
More improvements. Fix in the index, also added password_recover and changed the requirements for the upload interface.
Diffstat (limited to 'www/functions')
| -rwxr-xr-x | www/functions/func_interface.php | 12 | ||||
| -rwxr-xr-x | www/functions/func_upload.php | 13 |
2 files changed, 23 insertions, 2 deletions
diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php index a86fe6d..b87651a 100755 --- a/www/functions/func_interface.php +++ b/www/functions/func_interface.php @@ -3,3 +3,15 @@ function print_invite($var){ include("invite.php"); } + +function print_recover_password(){ + echo " + <!DOCTYPE html> + <html> + <body> + <form method='POST' action='/password_reset'> + <p>E-Mail <input type='text' name='email'></p> + </form> + </body> + "; +} diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php index 55d9492..8059191 100755 --- a/www/functions/func_upload.php +++ b/www/functions/func_upload.php @@ -2,12 +2,13 @@ /* This was tested with this interface, where PWD the primary key from the working directory is: +UPDATE 26.3. : Should now accept the path as an argument. <!DOCTYPE html> <form method='post' action='/upload.php' enctype="multipart/form-data"> <p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p> -<p>PWD: <input type='text' name='pwd'></p><!-- an INTEGER!! --> +<p>PWD: <input type='text' name='path'></p> <p>Share: <input type='text' name='share'> <p><input type='submit' name='submit' value='upload'></p> </form> @@ -36,11 +37,19 @@ function upload($db){ return UPLOAD_UPLOAD; } - $parentdir = SQLite3::escapeString("$_POST[pwd]"); + $parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]); + //$parentdir = SQLite3::escapeString("$_POST[pwd]"); if(!preg_match("/[0-9]+/", $parentdir)){ return UPLOAD_PARENTFOLDER; } + $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";"); + $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM); + + if($folder_owner_ar[0] != $_SESSION["userid"]){ + return UPLOAD_FOLDER_NOT_OWNER; + } + $ownername = SQLite3::escapeString($_SESSION['username']); $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); |