diff options
| author | Horus3 | 2014-03-10 14:01:15 +0100 |
|---|---|---|
| committer | Horus3 | 2014-03-10 14:01:15 +0100 |
| commit | 2e9cc1eea531131cd5a8e25342be3dd0d1978ef1 (patch) | |
| tree | 9267e3bb86e0842596503a6de3d186b0a28bd63d /www | |
| parent | 5441b1738f4fed6a51cbf8a44481251358e9518e (diff) | |
| download | files.iamfabulous.de-2e9cc1eea531131cd5a8e25342be3dd0d1978ef1.tar.gz | |
stuff
Diffstat (limited to 'www')
| -rw-r--r-- | www/.index.php.swp | bin | 0 -> 12288 bytes | |||
| -rw-r--r-- | www/.select.php.swp | bin | 0 -> 12288 bytes | |||
| -rw-r--r-- | www/functions.php | 61 | ||||
| -rw-r--r-- | www/index.php | 43 | ||||
| -rw-r--r-- | www/select.php | 3 | ||||
| -rw-r--r-- | www/select_function.php | 55 |
6 files changed, 123 insertions, 39 deletions
diff --git a/www/.index.php.swp b/www/.index.php.swp Binary files differnew file mode 100644 index 0000000..7dc5069 --- /dev/null +++ b/www/.index.php.swp diff --git a/www/.select.php.swp b/www/.select.php.swp Binary files differnew file mode 100644 index 0000000..381d100 --- /dev/null +++ b/www/.select.php.swp diff --git a/www/functions.php b/www/functions.php index 2f18361..c1cdca6 100644 --- a/www/functions.php +++ b/www/functions.php @@ -2,6 +2,8 @@ /* --LOGIN-- */ +require_once("select_functions.php"); + function login($db){ if($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -168,11 +170,15 @@ function register($db){ $second_password = $_POST["2ndpswd"]; $email = $_POST["email"]; - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ + /* checking for empty password etc. */ + + if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ header("Refresh: 0; register?reason=password"); exit; } + /* TODO: allow full unicode */ + if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ header("Refresh: 0; register?reason=encoding"); exit; @@ -191,7 +197,7 @@ function register($db){ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); $test_key = $test_key_arr[0]; - if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ + if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == "" || empty($test_status_db)){ header("Refresh: 0; /register?reason=prohibited"); exit; } else { @@ -243,11 +249,11 @@ function register($db){ function get_404(){ echo "Sorry, page not found. <br>"; -// select(); +// select($db); exit; } -function select($db){ +//function select($db){ @@ -259,4 +265,51 @@ function select($db){ } echo "Presented by func select()!"; */ +//} + +function show($db){ + + /* test if first argument a username or folder */ + + $name = SQLite3::escapeString("$_GET[name]"); + + $name_id_db = $db->query("SELECT id FROM user WHERE name='$name';"); + $name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM); + + if(empty($name_id_ar)){ + + /* if first argument wasn't valid, rewrite the URL to include the username */ + + if($_SESSION["login"]){ + header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . ""); + exit; + } else { + get_404(); + } + } else { + + /* everything was okay, so show the content, please */ + + $content = select($db); + return $content; + //exit; + } +} + +function failure($reason){ + echo "A 404 error occurred. <br>"; + echo $reason; + exit; +} + + +function user($db){ + echo "loged in as: " . $_SESSION["username"]; + $safe_name=SQLite3::escapeString("$_SESSION[username]"); + $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); + $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); + $invite = $invite_ar[0]; + + echo "<br><br>"; + echo "You have currently $invite invites. <br>"; } diff --git a/www/index.php b/www/index.php index ea8d675..d1f86ee 100644 --- a/www/index.php +++ b/www/index.php @@ -18,6 +18,8 @@ if(empty($_GET)){ $name = SQLite3::escapeString("$_GET[name]"); + /* checks for specific site url's */ + if(empty($_GET["name"])){ switch($_GET["task"]){ case("login"): @@ -35,48 +37,19 @@ if(empty($_GET)){ /* case("download"): //not implemented yet download(); break; +*/ case("user"): - user(); + user($db); break; -*/ default: + default: get_404(); break; } } else { - $name_id_db = $db->query("SELECT id FROM user WHERE name='$name';"); - $name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM); - - if(empty($name_id_ar)){ - if($_SESSION["login"]){ - header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . ""); //rewrite the URL to include the username -// echo "Eingeloggt! Zeige deine Ordner beginnend mit '$_GET[name]' ! <br><br>"; -// $_GET["folder"] = "" . $_GET["name"] . "/" . $_GET["folder"] . ""; -// $_GET["name"] = $_SESSION["username"]; -// select(); + /* shows the user content, main function */ - exit; - } else { - get_404(); - } - } else { - select(); - exit; - } + $content = show($db); + var_dump($content); } } - - -echo "loged in as: " . $_SESSION["username"]; - -$safe_name=SQLite3::escapeString("$_SESSION[username]"); - - $db = new SQLite3("../database/sqlite.db"); - - $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); - $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); - $invite = $invite_ar[0]; - -echo "<br><br>"; -echo "You have currently $invite invites. <br>"; -select(); diff --git a/www/select.php b/www/select.php index 5f6504b..ffa12d1 100644 --- a/www/select.php +++ b/www/select.php @@ -63,3 +63,6 @@ for($i=0; $i<$length; $i++){ echo "<br>"; } } + +$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";"); +$content_ar = $conten_db->fetchArray(SQLITE3_NUM); diff --git a/www/select_function.php b/www/select_function.php new file mode 100644 index 0000000..b83fe04 --- /dev/null +++ b/www/select_function.php @@ -0,0 +1,55 @@ +function select($db){ + if($_SESSION["login"]){ + $share=""; + } else { + $share ="AND share='PUBLIC'"; + } + + if(!empty($_GET["name"])){ + $user = $_GET["name"]; + } else { + failure("No user input."); + } + + $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); + if(empty($owner_db)){ + failure("This user doesn't exist."); + } + + $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); + $owner = $owner_ar[0]; + + $folder_array_unsafe = explode("/",$_GET["folder"]); + $length = count($folder_array_unsafe); + + $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); + if(empty($root_db)){ + failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please."); + } + $root_ar = $root_db->fetchArray(SQLITE3_NUM); + $root_id = $root_ar[0]; + $parentdir = SQLite3::escapeString($root_id); + $temp_id = $root_id; + + for($i=0; $i<$length; $i++){ + + if(!empty($folder_array_unsafe[$i])){ + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); + if(empty($parentdir_db)){ + failure("Database error."); + } + $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if($parentdir != $prim_id[1]){ + failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]); + } + + $parentdir = $prim_id[0]; + } + } + + $content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";"); + $content_ar = $conten_db->fetchArray(SQLITE3_NUM); + + return $content_ar; + +} |