diff options
Diffstat (limited to 'www/functions.php')
| -rw-r--r-- | www/functions.php | 333 |
1 files changed, 10 insertions, 323 deletions
diff --git a/www/functions.php b/www/functions.php index 34e1a53..76b4ba1 100644 --- a/www/functions.php +++ b/www/functions.php @@ -1,325 +1,12 @@ <? -require_once("select_function.php"); - -/* --LOGIN-- */ - -function login($db){ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - /*___Database Query: Login___*/ - $unsafe_username = $_POST["username"]; - $unsafe_passwort = $_POST["password"]; - $username = SQLite3::escapeString("$unsafe_username"); - $passwort = SQLite3::escapeString("$unsafe_passwort"); - - $salt_db = $db->query("SELECT salt FROM user WHERE name='$username';"); - while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ - foreach($salt_array as $firstelement){ - $salt=$firstelement; - } - } - - $password = "$salt"."$passwort"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - $real_password_db = $db->query("SELECT password FROM user WHERE name='$username';"); - while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ - foreach($real_password_array as $secondelement){ - $real_password=$secondelement; - } - } - - /*___Login___*/ - if ($real_password == $hash_password) { - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='$username'), (SELECT datetime()) ); - COMMIT; - ")){ - - $_SESSION["login"] = true; - $_SESSION["username"] = "$unsafe_username"; - - header("Refresh: 0; /"); - - } else { - header("Refresh: 0; login?reason=database&username=" . $unsafe_username); - } - } else { - header("Refresh: 0; login?reason=failure&username=" . $unsafe_username); - } - } else { - - /*Prints the GET version*/ - - if($_SESSION["login"]){ - header("Refresh: 0; /"); - } else { -/* foreach ($_GET as $argument => $value) { - if(preg_match("/success/",$argument)) - $logout="Log out was succesfull!"; - } - - if($logout){ - header("Refresh: 0; login?reason=logout&username=" . $unsafe_username); - } - - echo "<form method='post' action='/login'> - <p>Name: <input type='text' name='username'></p> - <p>Password: <input type='password' name='password'> - <p><input type='submit' name='submit' value='login'></p> - </form>"; -*/ - include("login.php"); - - } - } - exit; -} - -/* --LOGOUT-- */ - -function logout(){ - $username=$_SESSION["username"]; - session_destroy(); - header("Refresh: 0; login?reason=logout&username=" . $username); - exit; -} - -/* --INVITE-- */ - -function invite($db){ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - if(!$_SESSION["login"]){ - header("Refresh: 0; /login"); - } - - $name=$_SESSION["username"]; - $safe_name = SQLite3::escapeString("$name"); - - $email=$_POST["email"]; - $safe_email=SQLite3::escapeString("$email"); - - $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); - $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); - $invite = $invite_ar[0]; - - if($invite > 0){ - - /*Generates the invite key => [-_0-9a-zA-Z]{11}*/ - - $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); - - $length = count($key_array); - $key = ""; - - for ($i=0;$i<11;$i++){ - $index = mt_rand(0,$length-1); - $key = "$key".$key_array[$index]; - } - - $id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - - /*Generates the new user and decrease the invites*/ - - $invite = $invite - 1; - - echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'"; - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '$safe_email', '$id', '$key', 0); - UPDATE user SET invites='$invite' WHERE id='$id'; - COMMIT;") - ){ - $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration."; - mail($email, "Invite", $subject, "From: mail@iamfabulous.de"); - header("Refresh: 0; /invite?reason=success"); - } else { - header("Refresh: 0; /invite?reason=database"); - } - - } else { - header("Refresh: 0; /invite?reason=invites"); - } - } else { - - /*Prints the formular if requested with GET*/ - - foreach ($_GET as $name => $value) { - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - } - - echo "Hallo $name - <form method='post' action='/invite'> - <p> E-Mail: <input type='text' name='email'></p> - <input type='hidden' name='username' value='$_SESSION[username]'> - <input type='submit' name='submit' value='invite'> - </form>"; - - echo "END"; - } - exit; -} - -/* --REGISTER-- */ - -function register($db){ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - $name = $_POST["username"]; - $cleartext_password = $_POST["pswd"]; - $second_password = $_POST["2ndpswd"]; - $email = $_POST["email"]; - - /* checking for empty password etc. */ - - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); - exit; - } - - /* TODO: allow full unicode */ - - if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); - exit; - } - - $safe_name = SQLite3::escapeString("$name"); - $safe_email = SQLite3::escapeString("$email"); - - /*Checks the validation of the registration attempt*/ - - $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; - - $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; - - if (empty($test_status_db) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ - header("Refresh: 0; /register?reason=prohibited"); - exit; - } else { - - $id_db = $db->query("SELECT id FROM user WHERE email='$safe_email';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - - /*Generates the encrypted password and the database transactions*/ - - $salt = uniqid(mt_rand(), true); - $password = "$salt"."$cleartext_password"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - if($db->exec(" - BEGIN TRANSACTION; - UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', invites=5, status=1, register=(SELECT datetime()) WHERE id=$id; - INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, ''); - COMMIT;") - ){ - $_SESSION["login"] = true; - $_SESSION["username"] = $name; - header("Refresh: 0; /user?reason=welcome"); - } else { - header("Refresh: 0; /register?reason=database"); - } - } - } else { - /* foreach ($_GET as $name => $value) { - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - } - - echo "<form method='post' action='register'> - <p>Name: <input type='text' name='name'></p> - <p>pswd: <input type='password' name='pswd'></p> - <p>2ndpsdw: <input type='password' name='2ndpswd'></p> - <p>key: <input type='text' name='key'></p> - <p>email: <input type='text' name='email'></p> - <p><input type='submit'></p> - </form> - ";*/ - - include("register.php"); - } - exit; -} - -/* --PAGE NOT FOUND - 404 -- */ - -function get_404($working_path, $wrong_folder){ - include("404.php"); - exit; -} - -//function select($db){ - - - -/* $i = 0; - foreach ($_GET as $name => $value) { //value leer? - $args[$i] = $name; - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - $i++; - } - echo "Presented by func select()!"; -*/ -//} - -function rewrite($db){ - - /* test if first argument a username or folder */ - - $name = SQLite3::escapeString("$_GET[name]"); - - $name_id_db = $db->query("SELECT id FROM user WHERE name='$name';"); - $name_id_ar = $name_id_db->fetchArray(SQLITE3_NUM); - - if(empty($name_id_ar)){ - - /* if first argument wasn't valid, rewrite the URL to include the username */ - - if($_SESSION["login"]){ - header("Refresh: 0; /" . $_SESSION[username] . "/" . $_GET["name"] . "/" . $_GET["folder"] . ""); - exit; - } else { - - $wrong_folder = $_GET["name"]; - $working_path = $_GET["name"]; - - get_404($working_path, $wrong_folder); - } - return false; - } - - return true; -} - -function failure($reason){ - echo "A 404 error occurred. <br>"; - echo $reason; - exit; -} - - -function user($db){ - echo "loged in as: " . $_SESSION["username"]; - $safe_name=SQLite3::escapeString("$_SESSION[username]"); - $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); - $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); - $invite = $invite_ar[0]; - - echo "<br><br>"; - echo "You have currently $invite invites. <br>"; -} +$func_dir = "functions/"; + +require_once($func_dir . "func_failure.php"); // 404 and other errors +require_once($func_dir . "func_interface.php"); // presents the vfs content +require_once($func_dir . "func_invite.php"); // handles the invite routine +require_once($func_dir . "func_login.php"); // handles also logout +require_once($func_dir . "func_register.php"); // processing the registration +require_once($func_dir . "func_rewrite.php"); // rewrites URL if user forgot to add the username while loged in +require_once($func_dir . "func_select.php"); // get the actual vfs content +require_once($func_dir . "func_user.php"); // account specific stuff |