diff options
| -rw-r--r-- | www/functions/func_delete.php | 8 | ||||
| -rw-r--r-- | www/functions/func_download.php | 17 | ||||
| -rwxr-xr-x | www/functions/func_login.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_select.php | 2 | ||||
| -rwxr-xr-x | www/include.php | 5 |
5 files changed, 19 insertions, 15 deletions
diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php index aaf6e3e..a79cd36 100644 --- a/www/functions/func_delete.php +++ b/www/functions/func_delete.php @@ -1,7 +1,7 @@ <?php /* - expected state: broken + expected state: tested; but broken */ function delete_file($user, $path){ @@ -60,7 +60,7 @@ function delete_file($user, $path){ } } - for($i=0; $<count($hash_ar); $i++){ + for($i=0; $i<count($hash_ar); $i++){ if(!unlink($uploaddir.$file_hash.".gz")){ if(!$file_hash[$i] != ""){ return DELETE_FILE_UNLINK; @@ -89,7 +89,7 @@ function delete_folder($user, $path){ $folder_id = select_file_id($db, $user, $path); - $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id:";"); + $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id.";"); $folder_owner_ar = $db->fetchArray(SQLITE3_NUM); if($folder_owner_ar[0] != $_SESSION["userid"]){ @@ -169,7 +169,7 @@ function delete_user($user, $password, $password_verify){ } } - for($i=0; $<count($hash_ar); $i++){ + for($i=0; $ii<count($hash_ar); $i++){ if(!unlink($uploaddir.$hash_ar[$i].".gz")){ if($hash_ar[$i] != ""){ return DELETE_USER_FILE_DELETE; diff --git a/www/functions/func_download.php b/www/functions/func_download.php index 9b3a489..035e5b4 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -1,7 +1,7 @@ <?php /* - Expected state: broken. + Expected state: tested, broken. */ function start_file_download($user, $path){ @@ -10,7 +10,7 @@ function start_file_download($user, $path){ $owner = user_id($db, $user); - $file_id = select_file_id($db, $owner, $path) + $file_id = select_file_id($db, $owner, $path); /* $file_id_db = $db->query("SELECT id, owner, share FROM files WHERE parent=" . $folder_id . "); $file_id_ar = $file_id_db->fetchArray(SQLITE3_NUM); @@ -65,15 +65,16 @@ function download_file($db, $file_id){ $uploaddir = "../files/"; $gzip_file = $uploaddir . $file_hash . ".gz"; - $fp = gzopen($gzip_file, 'r') - $uncompressed_file = gzread($fp, filesize($fp)); - header("Content-Type: ".$file_mime); - header("Content-Disposition: attachment; filename=\"".$file_name."\""); - if(!readfile($uncompressed_file)){ + $uncompressed_file = readgzfile($gzip_file); + + if($uncompressed_file){ + header("Content-Type: ".$file_mime); + header("Content-Disposition: attachment; filename=\"".$file_name."\""); + return true; + } else { return false; } - return true; } diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 3074b32..9deb27b 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -9,6 +9,8 @@ function login($db){ $pepper = file_get_contents("../database/pepper.txt"); $password = $password . $pepper; + $real_password = ""; + $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';"); while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ foreach($real_password_array as $secondelement){ diff --git a/www/functions/func_select.php b/www/functions/func_select.php index a720feb..c19efe7 100755 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -24,7 +24,7 @@ function select_file_id($db, $owner, $folder_path){ for($i=0; $i<$length; $i++){ - $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); diff --git a/www/include.php b/www/include.php index 8bd840b..94eaba9 100755 --- a/www/include.php +++ b/www/include.php @@ -15,8 +15,9 @@ require_once($func_dir . "func_user.php"); // gets the userid and account speci require_once($func_dir . "func_content.php"); // get the vfs content require_once($func_dir . "func_password.php"); // changes the user password require_once($func_dir . "func_folder.php"); // creates a new folder -//require_once($func_dir . "func_delete.php"); // deletes files, folder and user -//require_once($func_dir . "func_download.php"); // handles the file download +require_once($func_dir . "func_delete.php"); // deletes files, folder and user +require_once($func_dir . "func_download.php"); // handles the file download +require_once($func_dir . "func_upload.php"); // handles the file upload require_once("login.php"); // prints the login page require_once("register.php"); // prints the register page |