summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--blob/nginx_rewrite_rules8
-rw-r--r--www/functions.php242
-rw-r--r--www/index.php98
3 files changed, 303 insertions, 45 deletions
diff --git a/blob/nginx_rewrite_rules b/blob/nginx_rewrite_rules
index 376a10f..10c6edd 100644
--- a/blob/nginx_rewrite_rules
+++ b/blob/nginx_rewrite_rules
@@ -1,18 +1,18 @@
location ~* ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
- rewrite ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /login.php?$1 last;
+ rewrite ^/?login(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=login&arguments=$1 last;
}
location ~* ^/?logout([?/]?.*) {
- rewrite ^/?logout([?/]?.*) /login.php?logout last;
+ rewrite ^/?logout([?/]?.*) /index.php?task=logout&arguments=$1 last;
}
location ~* ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
- rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /register.php?$1 last;
+ rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=register&arguments=$1 last;
}
location ~* ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {
- rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /invite.php?$1 last;
+ rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=invite&arguments=$1 last;
}
location ~* \.php(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? {} #empty block to catch all
diff --git a/www/functions.php b/www/functions.php
new file mode 100644
index 0000000..56f11ad
--- /dev/null
+++ b/www/functions.php
@@ -0,0 +1,242 @@
+<?
+
+/* --LOGIN-- */
+
+function login(){
+ if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ /*___Database Query: Login___*/
+ $unsafe_username = $_POST["username"];
+ $unsafe_passwort = $_POST["password"];
+ $username = SQLite3::escapeString("$unsafe_username");
+ $passwort = SQLite3::escapeString("$unsafe_passwort");
+
+ $db = new SQLite3("../database/sqlite.db");
+ $salt_db = $db->query("SELECT salt FROM user WHERE name='$username';");
+ while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+ foreach($salt_array as $firstelement){
+ $salt=$firstelement;
+ }
+ }
+
+ $password = "$salt"."$passwort";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $real_password_db = $db->query("SELECT password FROM user WHERE name='$username';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+ /*___Login___*/
+ if ($real_password == $hash_password) {
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='$username'), (SELECT datetime()) );
+ COMMIT;
+ ")){
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = "$unsafe_username";
+
+ header("Refresh: 0; /");
+
+ } else {
+ header("Refresh: 0; login?reason=database");
+ }
+ } else {
+ header("Refresh: 0; login?reason=failure");
+ }
+ } else {
+
+ /*Prints the GET version*/
+
+ if($_SESSION["login"]){
+ header("Refresh: 0; /");
+ } else {
+ echo $logout;
+
+ echo "<form method='post' action='/login.php'>
+ <p>Name: <input type='text' name='username'></p>
+ <p>Password: <input type='password' name='password'>
+ <p><input type='submit' name='submit' value='login'></p>
+ </form>";
+ }
+ }
+}
+
+/* --LOGOUT-- */
+
+function logout(){
+ session_destroy();
+ header("Refresh: 0; /login?success");
+ exit;
+}
+
+/* --INVITE-- */
+
+function invite(){
+ if($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $name=$_SESSION["username"];
+ $safe_name = SQLite3::escapeString("$name");
+
+ $email=$_POST["email"];
+ $safe_email=SQLite3::escapeString("$email");
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+ if($invite > 0){
+
+ /*Generates the invite key => [-_0-9a-zA-Z]{11}*/
+
+ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($key_array);
+ $key = "";
+
+ for ($i=0;$i<11;$i++){
+ $index = mt_rand(0,$length-1);
+ $key = "$key".$key_array[$index];
+ }
+
+ $id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';");
+ $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+ $id = $id_ar[0];
+
+ /*Generates the new user and decrease the invites*/
+
+ $invite = $invite - 1;
+
+ echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'";
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '$safe_email', '$id', '$key', 0);
+ UPDATE user SET invites='$invite' WHERE id='$id';
+ COMMIT;")
+ ){
+ header("Refresh: 0; /invite?reason=success");
+ } else {
+ header("Refresh: 0; /invite?reason=database");
+ }
+
+ } else {
+ header("Refresh: 0; /invite?reason=invites");
+ }
+ } else {
+
+ /*Prints the formular if requested with GET*/
+
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+ }
+
+ echo "Hallo $name
+ <form method='post' action='/invite.php'>
+ <p> E-Mail: <input type='text' name='email'></p>
+ <input type='hidden' name='username' value='$_SESSION[username]'>
+ <input type='submit' name='submit' value='invite'>
+ </form>";
+
+ echo "END";
+ }
+}
+
+/* --REGISTER-- */
+
+function register(){
+ if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ session_start();
+
+ $name = $_POST["name"];
+ $cleartext_password = $_POST["pswd"];
+ $second_password = $_POST["2ndpswd"];
+ $email = $_POST["email"];
+
+ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+ header("Refresh: 0; register?reason=password");
+ exit;
+ }
+
+ if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
+ header("Refresh: 0; register?reason=encoding");
+ exit;
+ }
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $safe_name = SQLite3::escapeString("$name");
+ $safe_email = SQLite3::escapeString("$email");
+
+ /*Checks the validation of the registration attempt*/
+
+ $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';");
+ $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
+ $test_status_int = $test_status_arr[0];
+
+ $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';");
+ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_arr[0];
+
+ if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
+ header("Refresh: 0; /register?reason=prohibited");
+ exit;
+ } else {
+
+ $id_db = $db->query("SELECT id FROM user WHERE email='$safe_email';");
+ $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+ $id = $id_ar[0];
+
+ /*Generates the encrypted password and the database transactions*/
+
+ $salt = uniqid(mt_rand(), true);
+ $password = "$salt"."$cleartext_password";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', invites=5, status=1, register=(SELECT datetime()) WHERE id=$id;
+ INSERT INTO files (id, parent, owner, name, folder, mime, size, share, extra) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', NULL);
+ COMMIT;")
+ ){
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $name;
+ header("Refresh: 0; /register?reason=registration");
+ } else {
+ header("Refresh: 0; /register?reason=database");
+ }
+ }
+ } else {
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+ }
+
+ echo "<form method='post' action='register.php'>
+ <p>Name: <input type='text' name='name'></p>
+ <p>pswd: <input type='password' name='pswd'></p>
+ <p>2ndpsdw: <input type='password' name='2ndpswd'></p>
+ <p>key: <input type='text' name='key'></p>
+ <p>email: <input type='text' name='email'></p>
+ <p><input type='submit'></p>
+ </form>
+ ";
+ }
+}
+
+/* --PAGE NOT FOUND - 404 -- */
+
+function 404(){
+ echo "Sorry, page not found.";
+}
+
diff --git a/www/index.php b/www/index.php
index b05b565..726b1eb 100644
--- a/www/index.php
+++ b/www/index.php
@@ -2,17 +2,64 @@
session_start();
-echo $_GET[name];
-echo $_GET[folder];
+require_once("functions.php");
-if($_SESSION["login"] && $_GET["name"] != $_SESSION["username"]){
- header("Refresh: 0; /$_SESSION[username]");
- exit;
+if(empty($_GET)){
+ if($_SESSION["login"]){
+ header("Refresh: 0; /$_SESSION[username]");
+ exit;
+ } else {
+ header("Refresh: 0; /login");
+ exit;
+ }
+} else {
+
+ $db = new SQLite3("../database/sqlite.db");
+ $name = SQLite3::escapeString("$_GET[name]");
+
+ if(empty($_GET["name"])){
+ switch($_GET["task"]){
+ case("login"):
+ login();
+ break;
+ case("logout"):
+ logout();
+ break;
+ case("invite"):
+ invite();
+ break;
+ case("register"):
+ register();
+ break;
+ case("download"):
+ register();
+ break;
+ case("user"):
+ user();
+ break;
+ default:
+ 404();
+ break;
+ }
+ } else {
+ $name_id_db = $db->query("SELECT id FROM user WHERE name='$name';");
+ $name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM);
+
+ if(empty($name_id_ar)){
+ if($_SESSION["login"]){
+ $_GET["folder"] = "" . $_GET["name"] . "" . $_GET["folder"] . "";
+ select();
+ } else {
+ 404();
+ }
+ } else {
+ select();
+ }
+ }
}
-echo "<br><br>Currently loged in as: ";
-echo $_SESSION["username"];
+echo "loged in as: " . $_SESSION["username"];
$safe_name=SQLite3::escapeString("$_SESSION[username]");
@@ -24,41 +71,7 @@ $safe_name=SQLite3::escapeString("$_SESSION[username]");
echo "<br><br>";
echo "You have currently $invite invites.";
-echo "<br><br>";
-
-if(empty($_GET)){
- if($_SESSION[login]){
- header("Refresh: 0; $_SESSION[username]");
- } else {
-
- header("Refresh: 0; /login");
- }
-} else {
-
- #print_r($_GET);
- #$ar =array($_GET);
- #echo "<br> ";
- #echo $ar[0];
- #echo "<br> ";
-
- $i = 0;
- foreach ($_GET as $name => $value) { //value leer?
- $args[$i] = $name;
-// echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
- $i++;
- }
-
- $length = count($args);
- for ($i=0;$i<$length;$i++){
- echo "$args[$i] <br>";
- }
-
- echo "<br><br>Ende";
- #header("Refresh: 0; /login");
-
-}
-?>
<form method="post" action="testreg.php">
<p>Name: <input type="text" name="name"></p>
<p>pswd: <input type="text" name="pswd"></p>
@@ -67,3 +80,6 @@ if(empty($_GET)){
<p>email: <input type="text" name="email"></p>
<p><input type="submit"></p>
</form>
+
+*/
+?>