diff options
| -rw-r--r-- | www/constant.php | 15 | ||||
| -rwxr-xr-x | www/functions/func_invite.php | 90 | ||||
| -rwxr-xr-x | www/functions/func_login.php | 10 | ||||
| -rwxr-xr-x | www/functions/func_register.php | 10 | ||||
| -rwxr-xr-x | www/include.php | 2 | ||||
| -rwxr-xr-x | www/index.php | 46 |
6 files changed, 101 insertions, 72 deletions
diff --git a/www/constant.php b/www/constant.php new file mode 100644 index 0000000..209ff0f --- /dev/null +++ b/www/constant.php @@ -0,0 +1,15 @@ +<? +define("EMPTY", 0); +define("LOGIN_SUCCESSFULL", 1); +define("LOGIN_DATABASE", 2); +define("LOGIN_PASSWORD", 3); +define("LOGOUT_SUCCESSFULL", 4); +define("LOGOUT_FAILURE", 5); +define("REGISTER_SUCCESSFULL", 6); +define("REGISTER_PASSWORD", 7); +define("REGISTER_EMAIL", 8); +define("REGISTER_DATABASE", 9); +define("REGISTER_PROHIBITED", 10); +define("INVITE_SUCCESSFULL", 11); +define("INVITE_INVITES", 12); +define("INVITE_DATABASE", 13); diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php index 79dec36..ad87a21 100755 --- a/www/functions/func_invite.php +++ b/www/functions/func_invite.php @@ -1,68 +1,54 @@ <?php function invite($db){ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - if(!$_SESSION["login"]){ - header("Refresh: 0; /login"); - return false; - } + $name=$_SESSION["username"]; + $safe_name = SQLite3::escapeString("$name"); - $name=$_SESSION["username"]; - $safe_name = SQLite3::escapeString("$name"); + $email=$_POST["email"]; + $safe_email=SQLite3::escapeString("$email"); - $email=$_POST["email"]; - $safe_email=SQLite3::escapeString("$email"); + $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';"); + $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); + $invite = $invite_ar[0]; - $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';"); - $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); - $invite = $invite_ar[0]; - - if($invite > 0){ + if($invite <= 0){ + return INVITE_INVITES; + } /*Generates the invite key => [-_0-9a-zA-Z]{11}*/ - $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); + $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); - $length = count($key_array); - $key = ""; + $length = count($key_array); + $key = ""; - for ($i=0;$i<11;$i++){ - $index = mt_rand(0,$length-1); - $key = "$key".$key_array[$index]; - } + for ($i=0;$i<11;$i++){ + $index = mt_rand(0,$length-1); + $key = "$key".$key_array[$index]; + } - $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; + $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';"); + $id_ar = $id_db->fetchArray(SQLITE3_NUM); + $id = $id_ar[0]; /*Generates the new user and decrease the invites*/ - $invite = $invite - 1; - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0); - UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "'; - COMMIT;") - ){ - $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration."; - - mail($email, "Invite", $subject, "From: mail@iamfabulous.de"); - - header("Refresh: 0; /invite?reason=success&key=" . $key); - return true; - - } else { - header("Refresh: 0; /invite?reason=database"); - return false; - } - - } else { - header("Refresh: 0; /invite?reason=invites"); - return false; - } - } else { - include("invite.php"); - return false; - } + $invite = $invite - 1; + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0); + UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "'; + COMMIT;") + ){ + + $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration."; + + mail($email, "Invite", $subject, "From: mail@iamfabulous.de"); + + return INVITE_SUCCESSFULL; + + } else { + return INVITE_DATABASE; + } } diff --git a/www/functions/func_login.php b/www/functions/func_login.php index a09b198..5a3dbc9 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -18,7 +18,7 @@ function login($db){ /*___Login___*/ if (!password_verify($password, $real_password)) { - return "failure"; + return LOGIN_PASSWORD; } if($db->exec(" @@ -33,17 +33,17 @@ function login($db){ $_SESSION["username"] = $username; $_SESSION["userid"] = $id; - return "success"; + return LOGIN_SUCCESSFULL; } else { - return "database"; + return LOGIN_DATABASE; } } function logout(){ if(session_destroy()){ - return "logout"; + return LOGOUT_SUCCESSFULL; } else { - return false; + return LOGOUT_FAILURE; } } diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 0555470..252467b 100755 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -9,11 +9,11 @@ function register($db){ /* checking for empty password etc. */ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - return "password"; + return REGISTER_PASSWORD; } if(!preg_match("/[^.+@.+]/", $email)){ - return "encoding"; + return REGISTER_EMAIL; } $safe_name = SQLite3::escapeString("$name"); @@ -30,7 +30,7 @@ function register($db){ $test_key = $test_key_ar[0]; if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ - return "prohibited"; + return REGISTER_PROHOBITED; } $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';"); @@ -57,10 +57,10 @@ function register($db){ $_SESSION["username"] = $name; $_SESSION["userid"] = $userid; - return "success"; + return REGISTER_SUCCESSFULL; } else { - return "database"; + return REGISTER_DATABASE; } } diff --git a/www/include.php b/www/include.php index ef1fe91..a9a411a 100755 --- a/www/include.php +++ b/www/include.php @@ -1,5 +1,7 @@ <?php +require_once("constanantt.php"); + $func_dir = "functions/"; require_once($func_dir . "func_failure.php"); // 404 and other errors diff --git a/www/index.php b/www/index.php index 3f6beea..79c7949 100755 --- a/www/index.php +++ b/www/index.php @@ -26,31 +26,56 @@ if(empty($_GET)){ switch($_GET["task"]){ case("login"): if($_SERVER['REQUEST_METHOD'] == 'POST'){ - $content = login($db); - if($content == "success"){ + $var = login($db); + if($var == LOGIN_SUCCESSFULL){ account($db); } else { - print_login($content); + print_login($var); } } else { - $content = ""; - print_login($content); + print_login(EMPTY); } break; + case("logout"): - $value = logout(); - if(!$value){ - print_login($value); + $var = logout(); + if($var == LOGOUT_SUCCESSFULL){ + print_login($var); } else { header("Refresh: 0; /httperror.php?e=500"); } break; + case("invite"): - invite($db); + if(!$_SESSION["login"]){ + print_login(EMPTY); + } + + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = invite($db); + if($var == INVITE_SUCCESSFULL){ + header("Refresh: 0; /"); //TODO Direct link to the file browser. + } else { + print_invite($var); + } + } else { + print_login(EMPTY); + } break; + case("register"): - register($db); + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = register($db); + if($var == REGISTER_SUCCESSFULL){ + account($db); + } else { + print_register($var); + } + } else { + print_register(EMPTY); + } break; + /* case("download"): //not implemented yet download(); break; @@ -58,6 +83,7 @@ if(empty($_GET)){ case("user"): account($db); break; + default: get_404($_GET["task"], $_GET["task"]); break; |