more modular for greater flexibility

8 files changed, 84 insertions, 59 deletions

diff --git a/www/functions/func_content.php b/www/functions/func_content.php
new file mode 100644
index 0000000..2536dcc
--- /dev/null
+++ b/www/functions/func_content.php
@@ -0,0 +1,27 @@
+<?
+
+function get_content($db, $parentdir, $owner){
+
+	$content_db = $db->query("SELECT * FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
+	
+	$count=0;
+
+	while($row = $content_db->fetchArray(SQLITE3_NUM)){
+		$content[$count][0] = $row[0];
+		$content[$count][1] = $row[1];
+		$content[$count][2] = $row[2];
+		$content[$count][3] = $row[3];
+		$content[$count][4] = $row[4];
+		$content[$count][5] = $row[5];
+		$content[$count][6] = $row[6];
+		$content[$count][7] = $row[7];
+		$content[$count][8] = $row[8];
+		$count++;
+	}
+
+	if(!empty($content)){
+		return $content;
+	} else {
+		return false;
+	}
+}
diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php
index 0116fe6..b7fbb5f 100644
--- a/www/functions/func_interface.php
+++ b/www/functions/func_interface.php
@@ -1,5 +1,19 @@
 <?
 
-function show($content){
+function show($db){
+	$owner = user($db, $_GET["name"]);
+
+	if(!$owner){
+		failure("This user doesn't exist!");
+	}
+
+	$parentdir = select($db, $owner);
+	
+	$content = get_content($db, $parentdir, $owner);
+
+	if(!content){
+		failure("There is no data.");
+	}
+
 	var_dump($content);
 }
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index f528076..1b9188e 100644
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -27,9 +27,11 @@ function login($db){
                                 INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
                                 COMMIT;
                         ")){
+				$id = user($db, $username);
 
                                 $_SESSION["login"] = true;
                                 $_SESSION["username"] = $username;
+				$_SESSION["userid"] = $id;
 
 				header("Refresh: 0; /");
 				return true; 
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index eba653f..1d12e2b 100644
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -14,9 +14,7 @@ function register($db){
 			return false;
                 }   
 
-        /* TODO: allow full unicode */
-
-                if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
+                if(!preg_match("/[^.+@.+]/", $email)){
                         header("Refresh: 0; /register?reason=encoding");
 			return false;
                 }   
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index ca3c53f..0659cdb 100644
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -1,25 +1,12 @@
 <?
-function select($db){
-	if($_SESSION["login"]){ 	// TODO: Check if loged in user really the user who does the query
+function select($db, $owner){
+
+	if($_SESSION["login"] && $_SESSION["userid"] == $owner){ 	// TODO: Check if loged in user really the user who does the query - fix 12.3.14
 		$share="";
 	} else {
 		$share ="AND share='PUBLIC'";
 	}
-
-	if(!empty($_GET["name"])){
-	        $user = $_GET["name"];
-	} else {
-	        failure("No user input.");
-	}
-
-	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
-	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
-	if(empty($owner_ar)){
-		failure("This user doesn't exist.");
-	}
-
-	$owner    = $owner_ar[0];
-
+	
 	$folder_array_unsafe = explode("/",$_GET["folder"]);
 	$length = count($folder_array_unsafe);
 
@@ -32,49 +19,34 @@ function select($db){
 	$parentdir = SQLite3::escapeString($root_id);
 	$temp_id = $root_id;
 
+	if(empty($folder_array_unsafe[$i])){
+		
+	}
 	for($i=0; $i<$length; $i++){
 	
-		if(!empty($folder_array_unsafe[$i])){
-			$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
-
-			$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
-			if(empty($prim_id)){
-				failure("Database error.");
-			}
+		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
 
-			if($parentdir != $prim_id[1]){
+		$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+		if(empty($prim_id)){
+			failure("Database error.");
+		}
 
-				$wrong_folder = $folder_array_unsafe[$i];
-				$working_path[0] = $wrong_folder;
+		if($parentdir != $prim_id[1]){
 
-				for($j=0; $j<$i; $j++){
-					$working_path[$j] = $folder_array_unsafe[$j];
-				}
+			$wrong_folder = $folder_array_unsafe[$i];
+			$working_path[0] = $wrong_folder;
 
-				get_404($working_path, $wrong_folder);
-				return false;
+			for($j=0; $j<$i; $j++){
+				$working_path[$j] = $folder_array_unsafe[$j];
 			}
 
-			$parentdir = $prim_id[0];
+			get_404($working_path, $wrong_folder);
+			return false;
 		}
-	}
-
-	$content_db = $db->query("SELECT * FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
 
-	$count=0;
-	while($row = $content_db->fetchArray(SQLITE3_NUM)){
-		$content[$count][0] = $row[0];
-		$content[$count][1] = $row[1];
-		$content[$count][2] = $row[2];
-		$content[$count][3] = $row[3];
-		$content[$count][4] = $row[4];
-		$content[$count][5] = $row[5];
-		$content[$count][6] = $row[6];
-		$content[$count][7] = $row[7];
-		$content[$count][8] = $row[8];
-		$count++;
+		$parentdir = $prim_id[0];
 	}
 
-	return $content;
+	return $parentdir;
 
 }
diff --git a/www/functions/func_user.php b/www/functions/func_user.php
index 2e49651..59e6dda 100644
--- a/www/functions/func_user.php
+++ b/www/functions/func_user.php
@@ -1,5 +1,5 @@
 <?
-function user($db){
+function account($db){
         echo "loged in as: " . $_SESSION["username"];
         $safe_name=SQLite3::escapeString("$_SESSION[username]");
         $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';");
@@ -11,3 +11,14 @@ function user($db){
 	return true;
 }
 
+function user($db, $user){
+
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	if(empty($owner_ar)){
+		return false;
+	}
+
+	$owner = $owner_ar[0];
+	return $owner;
+}
diff --git a/www/include.php b/www/include.php
index 76b4ba1..5c9fdb4 100644
--- a/www/include.php
+++ b/www/include.php
@@ -8,5 +8,7 @@ require_once($func_dir . "func_invite.php");		// handles the invite routine
 require_once($func_dir . "func_login.php");		// handles also logout
 require_once($func_dir . "func_register.php");		// processing the registration
 require_once($func_dir . "func_rewrite.php");		// rewrites URL if user forgot to add the username while loged in
-require_once($func_dir . "func_select.php");		// get the actual vfs content
-require_once($func_dir . "func_user.php");		// account specific stuff
+require_once($func_dir . "func_select.php");		// get the primary key from the last folder
+require_once($func_dir . "func_user.php");		// gets the userid and account specific stuff
+require_once($func_dir . "func_content.php");		// get the vfs content
+
diff --git a/www/index.php b/www/index.php
index 2e28073..46747dd 100644
--- a/www/index.php
+++ b/www/index.php
@@ -40,7 +40,7 @@ if(empty($_GET)){
 				break;
 */
 			case("user"):
-				user($db);
+				account($db);
 				break;
 			default:
 				get_404($_GET["task"], $_GET["task"]);
@@ -51,8 +51,7 @@ if(empty($_GET)){
 	/* shows the user content, main function */
 
 		if(rewrite($db)){
-			$content = select($db);
-			show($content);
+			show($db);
 		}
 	}
 }