diff options
| -rwxr-xr-x | .gitignore | 1 | ||||
| -rwxr-xr-x | blob/nginx_rewrite_rules | 11 | ||||
| -rw-r--r-- | www/constants.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_content.php | 24 | ||||
| -rw-r--r-- | www/functions/func_download.php | 17 | ||||
| -rwxr-xr-x | www/functions/func_select.php | 19 |
6 files changed, 54 insertions, 20 deletions
@@ -3,6 +3,7 @@ *~ *.swp upl.php +downl.php gitpull* pepper.txt diff --git a/blob/nginx_rewrite_rules b/blob/nginx_rewrite_rules index 4340f9d..1d6973d 100755 --- a/blob/nginx_rewrite_rules +++ b/blob/nginx_rewrite_rules @@ -1,12 +1,11 @@ -error_page 401 403 404 /httperror.php?e=40x; -error_page 500 502 504 /httperror.php?e=50x; +error_page 401 403 404 /httperror.php?e=40x; +error_page 500 502 504 /httperror.php?e=50x; -location /robots.txt {} #stop rewriting the robots.txt +location /robots.txt {} #stop rewriting the robots.txt -location /favicon.ico {} -location /static {} +location /favicon.ico {} +location /static {} #location ~* ^/.+[^/].+\.css {} -#location ~* ^/.+[^/].+\.png {} location ~* ^/?login/?([a-z0-9]+=[a-z0-9]+(&[a-z0-9]+=[a-z0-9]+)?)?$ { rewrite ^/?login([?/]?.*) /index.php?task=login&arguments=$1 last; diff --git a/www/constants.php b/www/constants.php index 1cdc32d..266bd6a 100644 --- a/www/constants.php +++ b/www/constants.php @@ -67,3 +67,5 @@ define("DELETE_USER_NOT_OWNER", 52); define("DELETE_FOLDER_DATABASE", 53); define("DELETE_FOLDER_LOGIN", 54); define("DELETE_FOLDER_NOT_EMPTY", 55); + +define("FOLDER_NOT_PUBLIC", 56); diff --git a/www/functions/func_content.php b/www/functions/func_content.php index e24ea34..8431c15 100755 --- a/www/functions/func_content.php +++ b/www/functions/func_content.php @@ -11,6 +11,8 @@ function collect_content($db,$username, $folder_path){ if(!$file_id){ print_empty_folder($db, $username, $folder_path); + echo "Empty folder"; + exit; } $content = get_content($db, $file_id, $owner); @@ -20,7 +22,13 @@ function collect_content($db,$username, $folder_path){ function get_content($db, $file_id, $owner){ - $content_db = $db->query("SELECT * FROM files WHERE parent=" . $file_id . " AND owner=" . $owner . ";"); + if($_SESSION["login"] && $_SESSION["userid"] == $owner){ + $share=""; + } else { + $share =" AND share='PUBLIC'"; + } + + $content_db = $db->query("SELECT * FROM files WHERE parent=" . $file_id . " AND owner=" . $owner . $share . ";"); $count=0; @@ -46,27 +54,31 @@ function get_content($db, $file_id, $owner){ function get_path_to_empty_folder($db, $username, $folder_path){ + $owner = user_id($db, $username); + if($_SESSION["login"] && $_SESSION["userid"] == $owner){ - if($_SESSION["login"] && $_SESSION["userid"] == $owner){} + $share = ""; } else { - $share ="AND share='PUBLIC'"; + $share =" AND share='PUBLIC'"; } $folder_array_unsafe = explode("/",$folder_path); $length = count($folder_array_unsafe); - $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND fo lder='DIRECTORY' " . $share . ";"); + //echo "SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND folder='DIRECTORY' " . $share . ";"; exit; + + $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND folder='DIRECTORY' " . $share . ";"); $root_ar = $root_db->fetchArray(SQLITE3_NUM); $root_id = $root_ar[0]; if(empty($root_id[0])){ - return NOT_PUBLIC; + return FOLDER_NOT_PUBLIC; } $parentdir = $root_id; for($i=0; $i<$length; $i++){ - $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=". $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); if($parentdir != $prim_id[1]){ diff --git a/www/functions/func_download.php b/www/functions/func_download.php index 26b2188..64ca335 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -11,14 +11,23 @@ function check_if_file($db, $name, $folder_path){ $file_id = select_file_id($db, $owner, $folder_path); - $check_if_file_db = $db->query("SELECT folder FROM files WHERE id=".$file_id.";"); - $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM); + if($file_id){ + $check_if_file_db = $db->query("SELECT folder FROM files WHERE id=".$file_id.";"); + $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM); - if($check_if_file_ar[0] == "FILE"){ - return true; + if($check_if_file_ar[0] == "FILE"){ + return true; + } else { + return false; + } } else { + $content = get_path_to_empty_folder($db, $name, $folder_path); + print_empty_folder($content); + //get_404("/", "Protected file"); + exit; return false; } + } diff --git a/www/functions/func_select.php b/www/functions/func_select.php index af7b239..53f1fa6 100755 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -8,7 +8,6 @@ function select_file_id($db, $owner, $folder_path){ } $folder_array_unsafe = explode("/",$folder_path); - $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND folder='DIRECTORY' " . $share . ";"); $root_ar = $root_db->fetchArray(SQLITE3_NUM); @@ -16,24 +15,33 @@ function select_file_id($db, $owner, $folder_path){ if(empty($root_ar[0])){ failure("Seems like the user doesn't want to show his tree: " . $root_id); } + + $tmp_length = count($folder_array_unsafe); + + if(empty($folder_array_unsafe[$tmp_length-1])){ + $length = $tmp_length-1; + } else { + $length = $tmp_length; + } + $parentdir = SQLite3::escapeString($root_id); if(empty($folder_array_unsafe[0])){ return $root_id; // returns the primary key from the root dir } + //echo "Länge: ".$length." ".var_dump($folder_array_unsafe); exit; + for($i=0; $i<$length; $i++){ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); - if(empty($prim_id[0])){ - return $parentdir; //TODO; Return false because file not found - } if($parentdir != $prim_id[1]){ +/* $wrong_folder = $folder_array_unsafe[$i]; $working_path[0] = $wrong_folder; @@ -42,12 +50,15 @@ function select_file_id($db, $owner, $folder_path){ } get_404($working_path, $wrong_folder); +*/ return false; } $parentdir = $prim_id[0]; + var_dump($parentdir); echo "func_select, during for"; } + //var_dump($parentdir); echo "func_select, after for"; exit; return $parentdir; // returns the primary key from the last entry in the folder array } |