diff options
| author | root | 2014-03-26 03:07:06 +0100 |
|---|---|---|
| committer | root | 2014-03-26 03:07:06 +0100 |
| commit | e009b1e84dcbcc83f39652695eb86c6e64cc6a11 (patch) | |
| tree | a4745e74da7f5ffc4b359ae5a8cb67aec9c770c9 /www | |
| parent | f1840d40760abb9869bd218ca510eceb94f86478 (diff) | |
| download | files.iamfabulous.de-e009b1e84dcbcc83f39652695eb86c6e64cc6a11.tar.gz | |
Now conform to HTTP/1.1. Also integrated func_download.
Diffstat (limited to 'www')
| -rw-r--r-- | www/constants.php | 4 | ||||
| -rw-r--r-- | www/functions/func_delete.php | 2 | ||||
| -rw-r--r-- | www/functions/func_download.php | 26 | ||||
| -rwxr-xr-x | www/functions/func_invite.php | 4 | ||||
| -rwxr-xr-x | www/functions/func_rewrite.php | 2 | ||||
| -rwxr-xr-x | www/include.php | 8 | ||||
| -rwxr-xr-x | www/index.php | 40 | ||||
| -rwxr-xr-x | www/setup.php | 2 |
8 files changed, 68 insertions, 20 deletions
diff --git a/www/constants.php b/www/constants.php index 9e0514b..15db956 100644 --- a/www/constants.php +++ b/www/constants.php @@ -71,3 +71,7 @@ define("DELETE_FOLDER_NOT_EMPTY", 55); define("FOLDER_NOT_PUBLIC", 56); define("FILE_NOT_FOUND", 57); define("EMPTY_FOLDER", 58); + +define("DOWNLOAD_FALSE_ID", 59); +define("DOWNLOAD_NOT_FILE", 60); +define("DOWNLOAD_PRIVATE_FILE", 61); diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php index a79cd36..17da1c4 100644 --- a/www/functions/func_delete.php +++ b/www/functions/func_delete.php @@ -1,7 +1,7 @@ <?php /* - expected state: tested; but broken + expected state: tested?; but broken */ function delete_file($user, $path){ diff --git a/www/functions/func_download.php b/www/functions/func_download.php index 5770da4..e3e36aa 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -1,8 +1,7 @@ <?php /* - Expected state: tested, but broken. - Works if you are loged in, fatal error if not. + Expected state: tested, should work. */ function check_if_file($db, $name, $folder_path){ @@ -63,11 +62,21 @@ function start_file_download($user, $path){ } function check_file_hash($db, $file_id, $download_hash){ - $check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); + if(preg_match("/[^0-9]/", $file_id)){ + return DOWNLOAD_FALSE_ID; + } + + $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM); - if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){ - return false; + if($check_hash_ar[0] != "FILE"){ + return DOWNLOAD_NOT_FILE; + } + + if($check_hash_ar[1] != "PUBLIC"){ + if($check_hash_ar[0] != $download_hash){ + return DOWNLOAD_PRIVATE_FILE; + } } if(!download_file($db, $file_id)){ @@ -80,12 +89,13 @@ function check_file_hash($db, $file_id, $download_hash){ function download_file($db, $file_id){ - $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); + $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); $file_ar = $file_db->fetchArray(SQLITE3_NUM); $file_name = $file_ar[0]; $file_mime = $file_ar[1]; - $file_hash = $file_ar[2]; + $file_size = $file_ar[2]; + $file_hash = $file_ar[3]; $uploaddir = "../files/"; $gzip_file = $uploaddir . $file_hash . ".gz"; @@ -94,6 +104,8 @@ function download_file($db, $file_id){ header("Content-Type: ".$file_mime); header("Content-Disposition: attachment; filename=\"".$file_name."\""); + header("Content-Length: ".$file_size); + set_time_limit(0); $uncompressed_file = readgzfile($gzip_file); if($uncompressed_file){ diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php index b37ea09..00a678d 100755 --- a/www/functions/func_invite.php +++ b/www/functions/func_invite.php @@ -34,13 +34,13 @@ function invite($db){ $key = "$key".$key_array[$index]; } - $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';"); + $id_db = $db->query("SELECT id FROM USER WHERE name='" . $safe_name . "';"); $id_ar = $id_db->fetchArray(SQLITE3_NUM); $id = $id_ar[0]; /*Generates the new user and decrease the invites*/ - $invite = $invite - 1; + $invite = $invite-1; if($db->exec(" BEGIN TRANSACTION; diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php index a58c7f9..d9f694d 100755 --- a/www/functions/func_rewrite.php +++ b/www/functions/func_rewrite.php @@ -16,7 +16,7 @@ function rewrite($db){ } if($_SESSION["login"]){ - header("Refresh: 0; /" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . ""); + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . ""); } return false; diff --git a/www/include.php b/www/include.php index 94eaba9..aa90993 100755 --- a/www/include.php +++ b/www/include.php @@ -1,5 +1,13 @@ <?php +$scheme="http://"; + +if(isset($_SERVER["HTTPS"])){ + if($_SERVER["HTTPS"] == "on"){ + $scheme="https://"; + } +} + require_once("constants.php"); $func_dir = "functions/"; diff --git a/www/index.php b/www/index.php index ad7eb7d..4b09452 100755 --- a/www/index.php +++ b/www/index.php @@ -13,7 +13,7 @@ if(empty($_GET)){ if(!$_SESSION["login"]){ print_login(constant("EMPTY")); } else { - header("Refresh: 0; /" . $_SESSION["username"]); + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION["username"]); exit; } } else { @@ -26,13 +26,18 @@ if(empty($_GET)){ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $var = login($db); if($var == LOGIN_SUCCESSFULL){ - header("Refresh: 0; /".$_SESSION["username"]); + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); //account($db); } else { print_login($var); } } else { - print_login(constant("EMPTY")); + if(!$_SESSION["login"]){ + print_login(constant("EMPTY")); + } else { + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION["username"]); + exit; + } } break; @@ -41,7 +46,7 @@ if(empty($_GET)){ if($var == LOGOUT_SUCCESSFULL){ print_login($var); } else { - header("Refresh: 0; /httperror.php?e=500"); + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/httperror.php?e=500"); } break; @@ -53,7 +58,7 @@ if(empty($_GET)){ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $var = invite($db); if($var == INVITE_SUCCESSFULL){ - header("Refresh: 0; /"); //TODO Direct link to the file browser. + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/"); //TODO Direct link to the file browser. } else { print_invite($var); } @@ -63,6 +68,11 @@ if(empty($_GET)){ break; case("register"): + if($_SESSION["login"]){ + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION["username"]); + exit; + } + if($_SERVER['REQUEST_METHOD'] == 'POST'){ $var = register($db); if($var == REGISTER_SUCCESSFULL){ @@ -75,10 +85,24 @@ if(empty($_GET)){ } break; -/* case("download"): //not implemented yet - download(); + case("download"): //not implemented yet + if(!isset($_GET["hash"])){ + $download_hash = ""; + } else { + $download_hash = $_GET["hash"]; + } + $var = check_file_hash($db, $_GET["id"], $download_hash); + if($var == DOWNLOAD_NOT_FILE){ + get_404("/", "File id: ".$_GET['id']); + } elseif ($var == DOWNLOAD_PRIVATE_FILE){ + $_GET["e"]="401"; + include("httperror.php"); + } elseif($var == DOWNLOAD_FALSE_ID){ + $_GET["e"]="403"; + include("httperror.php"); + } break; -*/ + case("user"): account($db); break; diff --git a/www/setup.php b/www/setup.php index 423e0f1..a841ad4 100755 --- a/www/setup.php +++ b/www/setup.php @@ -65,7 +65,7 @@ if($bool){ $_SESSION["userid"] = 1; echo "Success! You will redirected any moment."; - header("Refresh: 2; /admin"); + header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/admin"); } else { echo "Failure! :( <br>"; echo "Your password: ".$hash_password; |