diff options
| -rw-r--r-- | www/invite.php | 13 | ||||
| -rw-r--r-- | www/register.php | 4 | ||||
| -rw-r--r-- | www/setup.php | 52 |
3 files changed, 49 insertions, 20 deletions
diff --git a/www/invite.php b/www/invite.php index f77e6f6..471e88c 100644 --- a/www/invite.php +++ b/www/invite.php @@ -17,7 +17,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { if($invite > 0){ -/*Generates the invite key*/ +/*Generates the invite key => [-_0-9a-zA-Z]{11}*/ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); @@ -39,14 +39,12 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'"; -// $db->exec("INSERT INT0 user (id, name, senpai, key, status, email) VALUES (NULL, '$id', '$key', 0, '$safe_email');"); -// $db->exec("UPDATE user SET invites='$invite' WHERE id='$id';"); if($db->exec(" BEGIN TRANSACTION; INSERT INTO user (id, name, senpai, key, status, email) VALUES (NULL, NULL, '$id', '$key', 0, '$safe_email'); UPDATE user SET invites='$invite' WHERE id='$id'; - COMMIT; - ")){ + COMMIT;") + ){ header("Refresh: 0; /invite?reason=success"); } else { header("Refresh: 0; /invite?reason=database"); @@ -56,6 +54,9 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { header("Refresh: 0; /invite?reason=invites"); } } else { + +/*Prints the formular if requested with GET*/ + foreach ($_GET as $name => $value) { echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; } @@ -67,5 +68,5 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { <input type='submit' name='submit' value='invite'> </form>"; - echo "ENDE"; + echo "END"; } diff --git a/www/register.php b/www/register.php index 69362ec..01ac54c 100644 --- a/www/register.php +++ b/www/register.php @@ -58,8 +58,8 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email'; CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, typ TEXT, public TEXT); INSERT INTO $safe_name (id, folder, name, typ, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN'); - COMMIT; - ")){ + COMMIT;") + ){ $_SESSION["login"] = true; $_SESSION["username"] = $name; header("Refresh: 0; /?reason=registration"); diff --git a/www/setup.php b/www/setup.php index 2ff5f52..00aa9ed 100644 --- a/www/setup.php +++ b/www/setup.php @@ -1,20 +1,48 @@ <? -$cleartext_password="password"; -$salt = uniqid(mt_rand(), true); -$password = "$salt"."$cleartext_password"; -$hash_password = md5($password); -for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); + +/*Sets up the database with the user table. Add ?drop to drop _everything_*/ $db = new SQLite3("../database/sqlite.db"); -if($db->exec("CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, senpai INTEGER, key TEXT, status INTEGER, invites INTEGER, salt TEXT, password TEXT, email TEXT UNIQUE);") && $db->exec("BEGIN TRANSACTION; INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', 'admin@iamfabulous.de'); COMMIT;")) { - echo "Success!"; -} else { - echo "Failure! :( <br>"; - echo "Salt: $salt, password: $hash_password"; +foreach ($_GET as $name => $value) { + if(preg_match("/drop(ped)?/i",$name)){ + $bool=true; + } } +if($bool){ + if($db->exec(" + BEGIN TRANSACTION; + PRAGMA writable_schema = 1; + delete from sqlite_master where type = 'table'; + PRAGMA writable_schema = 0; + COMMIT; + VACUUM;") + ){ + echo "dropped everything"; + } else { + echo "error with database"; + } +} else { + $cleartext_password="password"; + $salt = uniqid(mt_rand(), true); + $password = "$salt"."$cleartext_password"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + + if($db->exec(" + BEGIN TRANSACTION; + CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, senpai INTEGER, key TEXT, status INTEGER, invites INTEGER, salt TEXT, password TEXT, email TEXT UNIQUE); + INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', 'admin@iamfabulous.de'); + COMMIT;") + ) { + echo "Success!"; + } else { + echo "Failure! :( <br>"; + echo "Salt: $salt, password: $hash_password"; + } +} // INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111'); -// COMMIT;") |