diff options
| -rw-r--r-- | www/constants.php | 1 | ||||
| -rwxr-xr-x | www/functions/func_interface.php | 12 | ||||
| -rwxr-xr-x | www/functions/func_upload.php | 13 | ||||
| -rwxr-xr-x | www/index.php | 24 | ||||
| -rwxr-xr-x | www/login.php | 2 |
5 files changed, 48 insertions, 4 deletions
diff --git a/www/constants.php b/www/constants.php index e98111e..3fcd67b 100644 --- a/www/constants.php +++ b/www/constants.php @@ -45,6 +45,7 @@ define("UPLOAD_QUOTA", 34); define("UPLOAD_FILE_HANDLING", 35); define("UPLOAD_MOVING", 36); define("UPLOAD_DUPLICATE", 37); +define("UPLOAD_FOLDER_NOT_OWNER", 67); define("MKDIR_SLASH_IN_FOLDER_NAME", 38); //check TODO diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php index a86fe6d..b87651a 100755 --- a/www/functions/func_interface.php +++ b/www/functions/func_interface.php @@ -3,3 +3,15 @@ function print_invite($var){ include("invite.php"); } + +function print_recover_password(){ + echo " + <!DOCTYPE html> + <html> + <body> + <form method='POST' action='/password_reset'> + <p>E-Mail <input type='text' name='email'></p> + </form> + </body> + "; +} diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php index 55d9492..8059191 100755 --- a/www/functions/func_upload.php +++ b/www/functions/func_upload.php @@ -2,12 +2,13 @@ /* This was tested with this interface, where PWD the primary key from the working directory is: +UPDATE 26.3. : Should now accept the path as an argument. <!DOCTYPE html> <form method='post' action='/upload.php' enctype="multipart/form-data"> <p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p> -<p>PWD: <input type='text' name='pwd'></p><!-- an INTEGER!! --> +<p>PWD: <input type='text' name='path'></p> <p>Share: <input type='text' name='share'> <p><input type='submit' name='submit' value='upload'></p> </form> @@ -36,11 +37,19 @@ function upload($db){ return UPLOAD_UPLOAD; } - $parentdir = SQLite3::escapeString("$_POST[pwd]"); + $parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]); + //$parentdir = SQLite3::escapeString("$_POST[pwd]"); if(!preg_match("/[0-9]+/", $parentdir)){ return UPLOAD_PARENTFOLDER; } + $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";"); + $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM); + + if($folder_owner_ar[0] != $_SESSION["userid"]){ + return UPLOAD_FOLDER_NOT_OWNER; + } + $ownername = SQLite3::escapeString($_SESSION['username']); $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); diff --git a/www/index.php b/www/index.php index 4b09452..5866411 100755 --- a/www/index.php +++ b/www/index.php @@ -24,6 +24,10 @@ if(empty($_GET)){ switch($_GET["task"]){ case("login"): if($_SERVER['REQUEST_METHOD'] == 'POST'){ + if($_SESSION["login"]){ + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); + exit; + } $var = login($db); if($var == LOGIN_SUCCESSFULL){ header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); @@ -42,6 +46,11 @@ if(empty($_GET)){ break; case("logout"): + if(!$_SESSION["login"]){ + print_login(constant("EMPTY")); + exit; + } + $var = logout(); if($var == LOGOUT_SUCCESSFULL){ print_login($var); @@ -53,6 +62,7 @@ if(empty($_GET)){ case("invite"): if(!$_SESSION["login"]){ print_login(constant("EMPTY")); + exit; } if($_SERVER['REQUEST_METHOD'] == 'POST'){ @@ -85,7 +95,7 @@ if(empty($_GET)){ } break; - case("download"): //not implemented yet + case("download"): if(!isset($_GET["hash"])){ $download_hash = ""; } else { @@ -107,6 +117,18 @@ if(empty($_GET)){ account($db); break; + case("password_recover"): + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = recover_password($db); //TODO: Print error message + if($var == RECOVER_PROHIBITED || $var = RECOVER_EMAIL){ + echo $var; + exit; + } + } else { + print_recover_password(); + } + break; + default: get_404($_GET["task"], $_GET["task"]); //TODO: Commit EMPTY constant break; diff --git a/www/login.php b/www/login.php index d520a18..68cfadb 100755 --- a/www/login.php +++ b/www/login.php @@ -49,7 +49,7 @@ function print_login($case){ <input type="text" placeholder="username" name="username" id="username-input" class="login-input" value="'. $username .'" required> <input type="password" placeholder="password" name="password" id="password-input" class="login-input" required> <input type="submit" name="login" id="button-input" class="login-input" value="login"> - <a href="recover-password.php" id="recover-password-link">recover password</a> + <a href="/password_recover" id="recover-password-link">recover password</a> </form> </div>'; |