diff options
| -rwxr-xr-x | blob/nginx_rewrite_rules | 23 | ||||
| -rw-r--r-- | www/browse.php | 47 | ||||
| -rw-r--r-- | www/constants.php | 3 | ||||
| -rw-r--r-- | www/functions/func_folder.php | 4 | ||||
| -rwxr-xr-x | www/functions/func_rewrite.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_select.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_upload.php | 39 | ||||
| -rwxr-xr-x | www/index.php | 16 | ||||
| -rwxr-xr-x | www/setup.php | 2 | ||||
| -rw-r--r-- | www/static/browser.css | 59 |
10 files changed, 130 insertions, 67 deletions
diff --git a/blob/nginx_rewrite_rules b/blob/nginx_rewrite_rules index 34a4f20..eb6b0a2 100755 --- a/blob/nginx_rewrite_rules +++ b/blob/nginx_rewrite_rules @@ -8,35 +8,38 @@ location /static {} #location ~* ^/.+[^/].+\.css {} location ~* ^/?login/?([a-z0-9]+=[a-z0-9]+(&[a-z0-9]+=[a-z0-9]+)?)?$ { - rewrite ^/?login([?/]?.*) /index.php?task=login&arguments=$1 last; + rewrite ^/?login([?/]?.*) /index.php?task=login&arguments=$1 last; } location ~* ^/?logout/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { - rewrite ^/?logout([?/]?.*) /index.php?task=logout&arguments=$1 last; + rewrite ^/?logout([?/]?.*) /index.php?task=logout&arguments=$1 last; } location ~* ^/?register/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { - rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=register&arguments=$1 last; + rewrite ^/?register(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=register&arguments=$1 last; } location ~* ^/?invite/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { - rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=invite&arguments=$1 last; + rewrite ^/?invite(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=invite&arguments=$1 last; } location ~* ^/?user/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { - rewrite ^/?user(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=user&arguments=$1 last; + rewrite ^/?user(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=user&arguments=$1 last; } location ~* ^/?download/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { - rewrite ^/?download(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=download&arguments=$1 last; + rewrite ^/?download(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=download&arguments=$1 last; } -#location ~* \.php(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ {} #empty block to catch all +location ~* ^/password_recover/?(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ { + rewrite ^/?password_recover(\?[0-9a-zA-Z]*(=[0-9a-zA-Z]*)?)? /index.php?task=password_recover&arguments=$1 last; +} +#location ~* \.php(\?[0-9a-zA-Z]+(=[0-9a-zA-Z]*)?)?$ {} #empty block to catch all location / { - rewrite ^/([0-9a-zA-Z-_]+)/(.*) /index.php?name=$1&folder=$2 last; - rewrite ^/([0-9a-zA-Z-_]+)$ /index.php?name=$1&folder= last; - rewrite ^/$ /index.php last; + rewrite ^/([0-9a-zA-Z-_]+)/(.*) /index.php?name=$1&folder=$2 last; + rewrite ^/([0-9a-zA-Z-_]+)$ /index.php?name=$1&folder= last; + rewrite ^/$ /index.php last; break; } diff --git a/www/browse.php b/www/browse.php index d01df6e..a4b9e84 100644 --- a/www/browse.php +++ b/www/browse.php @@ -7,8 +7,11 @@ function print_browser($content){ if($_SERVER['REQUEST_METHOD'] == 'POST'){ //echo "created_folder : ". $_POST["foldername"] . " in ". $_GET["folder"]; - - create_folder($_POST["path"], $_POST["foldername"], /*$_POST["public"]?*/"PUBLIC"/*:"PRIVATE"*/); + if($_POST["task"]=="new-folder"){ + create_folder($_POST["path"], $_POST["foldername"], /*$_POST["public"]?*/"PUBLIC"/*:"PRIVATE"*/); + }elseif($_POST["task"]=="upload"){ + upload($_POST["path"]); + } browse(collect_content($GLOBALS["db"], $_SESSION["username"] , $_POST["path"])); }else{ browse(collect_content($GLOBALS["db"], $_GET["name"] , $_GET["folder"])); @@ -24,7 +27,7 @@ function browse($content){ $file_list = ""; - if($content){ + if($content != EMPTY_FOLDER){ foreach($content as $file){ $file_list .= get_item($file); } @@ -34,23 +37,45 @@ function browse($content){ <script> function showNewFolder(){ document.getElementById("new-folder-bg").style.visibility = "visible"; + return; } function hideNewFolder(){ - if(document.getElementById("new-folder-name").value!=""){ - document.getElementById("new-folder-bg").style.visibility = "hidden"; - } + document.getElementById("new-folder-bg").style.visibility = "hidden"; + return; + } + + function showUpload(){ + document.getElementById("upload-bg").style.visibility = "visible"; + return; + } + function hideUpload(){ + document.getElementById("upload-bg").style.visibility = "hidden"; return; } </script> <div id="new-folder-bg"> <div id="new-folder-area"> - <h1 class="new-folder-"> New Folder </h1> + <h1 class="new-folder"> New Folder </h1> <form id="new-folder-form" method="post" action="/'.$_GET["name"]."/".$_GET["folder"].'"> <input class="new-folder-input" id="new-folder-name" type="text" placeholder="name" name="foldername" required> <input type="hidden" value="'.$_GET["folder"].'" name="path"> - <label style="display:inline">Public</label><input style="display:inline; margin-left: 5px;" class="new-folder-input" type="checkbox" name="public"> - <input style="display:block" onclick="hideNewFolder()" type="submit" id="button-input" class="new-folder-input" value="create"> + <input type="hidden" value="new-folder" name="task"> + <label>Public</label><input style="display:inline; margin-left: 5px;" class="new-folder-input" type="checkbox" name="public"> + <input onclick="hide-new-folder()" type="submit" id="button-input" class="new-folder-input" value="create"> + </form> + </div> + </div> + + <div id="upload-bg"> + <div id="upload-area"> + <h1 class="upload"> Upload </h1> + <form id="upload-form" method="post" action="/'.$_GET["name"]."/".$_GET["folder"].'" enctype="multipart/form-data"> + <input class="upload-input" id="upload-file" type="file" placeholder="file" name="userfile" size=" 500000000" maxlength="100000000000000" required> + <input type="hidden" value="'.$_GET["folder"].'" name="path"> + <input type="hidden" value="upload" name="task"> + <label>Public</label><input class="upload-input" type="checkbox" name="share"> + <input onclick="hide-upload()" type="submit" id="button-input" class="upload-input" value="upload"> </form> </div> </div> @@ -79,7 +104,7 @@ function get_item($file){ function print_menu(){ echo '<div id="menu"> - <div class="menu-item" id="new-item" onclick="showNewFolder()" ><img src="/static/img/icon_new.svg" width="45px" onclick="toggleNewFolder()"></div> - <div class="menu-item" id="upload-item"><img src="/static/img/icon_upload.svg" width="45px"></div> + <div class="menu-item" id="new-item" onclick="showNewFolder()" ><img src="/static/img/icon_new.svg" width="45px" onclick="showNewFolder()"></div> + <div class="menu-item" id="upload-item" onclick="showUpload()" ><img src="/static/img/icon_upload.svg" width="45px" onclick="showUpload()" ></div> </div><!-- div menu-->'; } diff --git a/www/constants.php b/www/constants.php index 22ab24f..6324d49 100644 --- a/www/constants.php +++ b/www/constants.php @@ -40,12 +40,11 @@ define("UPLOAD_SUCCESS", 29); define("UPLOAD_DATABASE", 30); define("UPLOAD_LOGIN", 31); define("UPLOAD_UPLOAD", 32); -define("UPLOAD_PARENTFOLDER", 33); // cur. tested if integer. Later should be if owner and uploader the same person +define("UPLOAD_FOLDER_NOT_OWNER", 33); define("UPLOAD_QUOTA", 34); define("UPLOAD_FILE_HANDLING", 35); define("UPLOAD_MOVING", 36); define("UPLOAD_DUPLICATE", 37); -define("UPLOAD_FOLDER_NOT_OWNER", 67); define("SLASH_IN_FOLDER_NAME", 38); //check TODO diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php index ab77a1c..636b743 100644 --- a/www/functions/func_folder.php +++ b/www/functions/func_folder.php @@ -1,6 +1,6 @@ <?php -function database_mkdir($file_id, $new_folder_name, $share){ +function database_mkdir($db, $file_id, $new_folder_name, $share){ if($db->exec(" BEGIN TRANSACTION; INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', ''); @@ -42,7 +42,7 @@ function create_folder($path, $new_folder_name, $share){ } } - if(database_mkdir($file_id, $new_folder_name, $share)){ + if(database_mkdir($db, $file_id, $new_folder_name, $share)){ return MKDIR_SUCCESS; } else { return MKDIR_DATABASE; diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php index d9f694d..0a123d6 100755 --- a/www/functions/func_rewrite.php +++ b/www/functions/func_rewrite.php @@ -16,7 +16,9 @@ function rewrite($db){ } if($_SESSION["login"]){ + $scheme = $GLOBALS["scheme"]; header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . ""); + exit; } return false; diff --git a/www/functions/func_select.php b/www/functions/func_select.php index ae76121..9f10cd6 100755 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -32,7 +32,7 @@ function select_file_id($db, $owner, $folder_path){ for($i=0; $i<$length; $i++){ - $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "' COLLATE NOCASE;"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php index eb3061b..c8ef93a 100755 --- a/www/functions/func_upload.php +++ b/www/functions/func_upload.php @@ -1,20 +1,5 @@ <?php -/* This was tested with this interface, where PWD the primary key from the working directory is: - -UPDATE 26.3. : Should now accept the path as an argument. - -<!DOCTYPE html> -<form method='post' action='/upload.php' enctype="multipart/form-data"> -<p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p> - -<p>PWD: <input type='text' name='path'></p> -<p>Share: <input type='text' name='share'> -<p><input type='submit' name='submit' value='upload'></p> -</form> - -*/ - function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){ if($db->exec(" BEGIN TRANSACTION; @@ -27,7 +12,9 @@ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $si } } -function upload($db){ +function upload($path){ + + $db = $GLOBALS["db"]; set_time_limit(0); @@ -39,11 +26,7 @@ function upload($db){ return UPLOAD_UPLOAD; } - $parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]); - //$parentdir = SQLite3::escapeString("$_POST[pwd]"); - if(!preg_match("/[0-9]+/", $parentdir)){ - return UPLOAD_PARENTFOLDER; - } + $parentdir = select_file_id($db, $_SESSION["userid"], $path); $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";"); $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM); @@ -52,10 +35,7 @@ function upload($db){ return UPLOAD_FOLDER_NOT_OWNER; } - $ownername = SQLite3::escapeString($_SESSION['username']); - $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); - $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); - $owner = $owner_ar[0]; + $owner = $_SESSION["userid"]; $overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;"); $overall_size = 0; @@ -64,7 +44,7 @@ function upload($db){ $overall_size = $overall_size + $row[$count]; $count++; } - + if($overall_size > 2147483648){ // == 2GB return UPLOAD_QUOTA; } @@ -73,7 +53,12 @@ function upload($db){ $folder = "FILE"; $mime = $_FILES['userfile']['type']; $size = $_FILES['userfile']['size']; - $share = SQLite3::escapeString($_POST['share']); + + if(isset($_POST["share"])){ + $share = "PUBLIC"; + } else { + $share = "PRIVATE"; + } $uploaddir = "../files/"; diff --git a/www/index.php b/www/index.php index 5775b86..d7adf38 100755 --- a/www/index.php +++ b/www/index.php @@ -32,11 +32,12 @@ if(empty($_GET)){ if(empty($_GET["name"])){ switch($_GET["task"]){ case("login"): + if($_SESSION["login"]){ + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); + exit; + } + if($_SERVER['REQUEST_METHOD'] == 'POST'){ - if($_SESSION["login"]){ - header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); - exit; - } $var = login($db); if($var == LOGIN_SUCCESSFULL){ header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/".$_SESSION["username"]); @@ -45,12 +46,7 @@ if(empty($_GET)){ print_login($var); } } else { - if(!$_SESSION["login"]){ - print_login(constant("EMPTY")); - } else { - header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION["username"]); - exit; - } + print_login(constant("EMPTY")); } break; diff --git a/www/setup.php b/www/setup.php index 93551aa..d2290c3 100755 --- a/www/setup.php +++ b/www/setup.php @@ -64,9 +64,9 @@ if($bool){ $_SESSION["username"] = "admin"; $_SESSION["userid"] = 1; + header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/admin"); echo "Success! You will redirected any moment."; include("include.php"); - header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/admin"); } else { echo "Failure! :( <br>"; echo "Your password: ".$hash_password; diff --git a/www/static/browser.css b/www/static/browser.css index a6031dc..c040695 100644 --- a/www/static/browser.css +++ b/www/static/browser.css @@ -86,7 +86,7 @@ td{ } -input.new-folder-input[type=text], input.new-folder-input[type=checkbox]{ +input.new-folder-input[type=text]{ border: none; box-shadow: inset 0px 0px 1px 1px #1F3D4C; border-radius: 0; @@ -94,21 +94,74 @@ input.new-folder-input[type=text], input.new-folder-input[type=checkbox]{ font-size: 25px; margin-top: 15px; width: 395px; - display:block; padding-left: 5px; } +/*input.new-folder-input[type=checkbox]*/ + +input[type=checkbox]{ + display:inline; + margin-left: 5px; + width: 10px; +} + + input.new-folder-input:focus{ background: #D6E0E5 } + +#upload-bg{ + width: 100%; + height: 100%; + background: white; + position: fixed; + z-index: 99; + top: 0px; + opacity: 0.75; + visibility: hidden; +} + +#upload-form{ + +} + +#upload-area{ + height: 190px; + width: 400px; + position: fixed; + top: 50%; + margin-top: -100px; + + padding: 10px; + + left: 50%; + margin-left: -200px; + + border: 1px solid black; +} + + + +input.upload-input[type=file]{ + border: none; + margin-top: 15px; + margin-bottom: 15px; + display:block; + padding-left: 5px; +} + #button-input{ height: 40px; width: 120px; - display:inline; border: none; box-shadow: inset 0px 0px 1px 1px #1F3D4C; border-radius: 0; font-size: 25px; margin-top: 15px; + display:block; +} +label{ + display: inline; } +dis
\ No newline at end of file |