Improved the ban system and the download mechanism.

4 files changed, 12 insertions, 11 deletions

diff --git a/www/functions/func_download.php b/www/functions/func_download.php
index b62e13f..64c5d90 100644
--- a/www/functions/func_download.php
+++ b/www/functions/func_download.php
@@ -64,16 +64,18 @@ function check_file_hash($db, $file_id, $download_hash){
 		return DOWNLOAD_FALSE_ID;
 	}
 
-	$check_hash_db = $db->query("SELECT folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
+	$check_hash_db = $db->query("SELECT owner, folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
 	$check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
 
-	if($check_hash_ar[0] != "FILE"){
+	if($check_hash_ar[1] != "FILE"){
 		return DOWNLOAD_NOT_FILE;
 	}
 
-	if($check_hash_ar[1] != "PUBLIC"){
-		if($check_hash_ar[2] != $download_hash){
-			return DOWNLOAD_PRIVATE_FILE;
+	if($check_hash_ar[2] != "PUBLIC"){
+		if($_SESSION["userid"] != $check_hash_ar[0]){
+			if($check_hash_ar[3] != $download_hash){
+				return DOWNLOAD_PRIVATE_FILE;
+			}
 		}
 	}
 
diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php
index 636b743..044fd8e 100644
--- a/www/functions/func_folder.php
+++ b/www/functions/func_folder.php
@@ -133,7 +133,7 @@ function generate_download_link($file_id){
 
 	$db = $GLOBALS["db"];
 
-	$folder_owner_db = $db->query("SELECT owner FROM fiiles where id=".$file_id.";");
+	$folder_owner_db = $db->query("SELECT owner FROM files where id=".$file_id.";");
 	$folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
 
 	if($folder_owner_ar[0] != $_SESSION["userid"]){
@@ -155,7 +155,7 @@ function generate_download_link($file_id){
 		UPDATE files SET download_link='".$key."' WHERE id=".$file_id.";
 		COMMIT;
 	")){
-		return key;
+		return $key;
 	} else {
 		return DATABASE;
 	}
diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php
index 00a678d..cf123cf 100755
--- a/www/functions/func_invite.php
+++ b/www/functions/func_invite.php
@@ -49,7 +49,7 @@ function invite($db){
                 COMMIT;")
          ){  
 
-               	$subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+               	$subject="Welcome, you were invited to the new virtual filesystem.\nYour key is " . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
 
                 mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
 
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 121849c..a4d4696 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -55,7 +55,6 @@ function brutforce_protection($db){
 	$_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;
 
 	if($_SESSION["login_attempts"] <= 0){
-		$_SESSION["banned"] = true;
 		$remote_ip = $_SERVER["REMOTE_ADDR"];
 		$session_id = session_id();
 		$time = $_SERVER["REQUEST_TIME"];
@@ -81,8 +80,8 @@ function check_if_banned($db){
 	$accepted_time = $_SERVER["REQUEST_TIME"] - 21600; 	// == 6h
 
 	if($check_ar[0] < $accepted_time){
-		return true; 					// not longer banned
+		return false; 					// not longer banned
 	} else {
-		return false;					// still banned
+		return true;					// still banned
 	}
 }