summaryrefslogtreecommitdiff
path: root/www/functions/func_delete.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_delete.php')
-rw-r--r--www/functions/func_delete.php114
1 files changed, 108 insertions, 6 deletions
diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php
index 2dab9e2..821f1aa 100644
--- a/www/functions/func_delete.php
+++ b/www/functions/func_delete.php
@@ -1,11 +1,23 @@
<?php
function delete_file($user, $path){
+
+ if(!$_SESSION["login"]){
+ return DELETE_FILE_LOGIN;
+ }
+
$db = $GLOBALS["db"];
$uploaddir = "../files/";
$file_id = select_file_id($db, $user, $path);
+ $file_owner_db = $db->query("SELECT owner FROM files WHERE id=".$file_id.";");
+ $file_owner_ar = $file_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($file_owner_ar[0] != $_SESSION["userid"]){
+ return DELETE_FILE_NOT_OWNER;
+ }
+
$check_if_file_db = $db->query("SELECT folder, hash FROM files WHERE id=".$file_id.";");
$check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM);
@@ -15,8 +27,41 @@ function delete_file($user, $path){
$file_hash = $check_if_file_ar[1];
- if(!unlink($uploaddir.$file_hash.".gz")){
- return DELETE_FILE_UNLINK;
+ $hash_array_db = $db->query("SELECT hash FROM files WHERE hash='".$file_hash.";'");
+ $count = 0;
+
+ while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){
+ $hash_ar[$count] = $row1[0];
+ $count++;
+ }
+
+ $count = 0;
+
+ for($i=0; $i<count($hash_ar); $i++){
+ $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]. "';");
+ while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){
+ if($row2[1] != $_SESSION["userid"]){
+ $saved_files[$count] = $hash_ar[$i];
+ }
+ $count++;
+ }
+ }
+
+ for($i=0; $i<count($saved_files); $i++){
+ $cur = $saved_files[$i];
+ for($j=0; $j<count($hash_ar); $j++){
+ if($cur == $hash_ar[$j]){
+ $hash_ar[$j] = "";
+ }
+ }
+ }
+
+ for($i=0; $<count($hash_ar); $i++){
+ if(!unlink($uploaddir.$file_hash.".gz")){
+ if(!$file_hash[$i] != ""){
+ return DELETE_FILE_UNLINK;
+ }
+ }
}
if($db->exec("
@@ -30,15 +75,70 @@ function delete_file($user, $path){
}
}
-function delete_user($user){
+function delete_folder($user, $path){
+
+ if(!$_SESSION["login"]){
+ return DELETE_FOLDER_LOGIN;
+ }
+
+ $db = $GLOBALS["db"];
+
+ $folder_id = select_file_id($db, $user, $path);
+
+ $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id:";");
+ $folder_owner_ar = $db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return DELETE_FOLDER_NOT_OWNER;
+ }
+
+ $folder_content_db = $db->query("SELECT id FROM files WHERE parent=".$folder_id.";");
+ $folder_content_ar = $folder_content_db->fetchArray(SQLITE3_NUM);
+
+ if(empty($folder_content_ar[0])){
+ return DELETE_FOLDER_NOT_EMPTY;
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ DELETE FROM files WHERE id=".$folder_id.";
+ COMMIT;
+ ")){
+ return DELETE_FOLDER_SUCCESS;
+ } else {
+ return DELETE_FOLDER_DATABASE;
+ }
+}
+
+function delete_user($user, $password, $password_verify){
+
+ if(!$_SESSION["login"]){
+ return DELETE_USER_LOGIN;
+ }
+
$db = $GLOBALS["db"];
$uploaddir = "../files/";
$owner = user_id($db, $user);
+ if(($password != $password_verify ) || $password = ""){
+ return DELETE_USER_EMPTY_PASSWORD;
+ }
+
+ $password_hash_db = $db->query("SELECT password FROM user WHERE id=".$owner.";");
+ $password_hash_ar = $password_hash_db->fetchArray(SQLITE3_NUM);
+
+ $admin_password_hash_db = $db->query("SELECT password FROM user WHERE id=1;");
+ $admin_password_hash_ar = $admin_password_hash_db->fetchArray(SQLITE3_NUM);
+
+ if(!password_verify($password, $password_hash_ar[0]) || !password_verify($password, $admin_password_hash_ar[0])){
+ return DELETE_USER_WRONG_PASSWORD;
+ }
+
$hash_array_db = $db->query("SELECT hash FROM files WHERE folder='FILE' AND owner=".$owner.";");
$count = 0;
+
while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){
$hash_ar[$count] = $row1[0];
$count++;
@@ -47,7 +147,7 @@ function delete_user($user){
$count = 0;
for($i=0; $i<count($hash_ar); $i++){
- $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash=".$hash_ar[$i].";");
+ $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]."';");
while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){
if($row2[1] != $_SESSION["userid"]){
$saved_files[$count] = $hash_ar[$i];
@@ -57,7 +157,7 @@ function delete_user($user){
}
for($i=0; $i<count($saved_files); $i++){
- $cur = $saved_files[$i]:
+ $cur = $saved_files[$i];
for($j=0;$j<count($hash_ar); $j++){
if($cur == $hash_ar[$j]){
$hash_ar[$j] = "";
@@ -67,7 +167,9 @@ function delete_user($user){
for($i=0; $<count($hash_ar); $i++){
if(!unlink($uploaddir.$hash_ar[$i].".gz")){
- return DELETE_USER_FILE_DELETE;
+ if($hash_ar[$i] != ""){
+ return DELETE_USER_FILE_DELETE;
+ }
}
}