diff options
Diffstat (limited to 'www/functions')
| -rw-r--r-- | www/functions/func_register.php | 14 | ||||
| -rw-r--r-- | www/functions/func_select.php | 19 |
2 files changed, 14 insertions, 19 deletions
diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 3fc9949..10f1d5d 100644 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -10,14 +10,14 @@ function register($db){ /* checking for empty password etc. */ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); + header("Refresh: 0; /register?reason=password"); return false; } /* TODO: allow full unicode */ if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); + header("Refresh: 0; /register?reason=encoding"); return false; } @@ -27,14 +27,14 @@ function register($db){ /*Checks the validation of the registration attempt*/ $test_status_db = $db->query("SELECT status FROM user WHERE email='" . $safe_email . "';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; + $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM); + $test_status_int = $test_status_ar[0]; $test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; + $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM); + $test_key = $test_key_ar[0]; - if (empty($test_status_db) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ + if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){ header("Refresh: 0; /register?reason=prohibited"); return false; } else { diff --git a/www/functions/func_select.php b/www/functions/func_select.php index 4ca9e66..ca3c53f 100644 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -13,28 +13,22 @@ function select($db){ } $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); - if(empty($owner_db)){ + $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); + if(empty($owner_ar)){ failure("This user doesn't exist."); } - $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); $owner = $owner_ar[0]; $folder_array_unsafe = explode("/",$_GET["folder"]); $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); - if(empty($root_db)){ - failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please."); - } $root_ar = $root_db->fetchArray(SQLITE3_NUM); if(empty($root_ar)){ - failure("empty"); - } - $root_id = $root_ar[0]; - if(!$root_id > 0){ failure("Seems like the user doesn't want to show his tree: " . $root_id); } + $root_id = $root_ar[0]; $parentdir = SQLite3::escapeString($root_id); $temp_id = $root_id; @@ -42,10 +36,12 @@ function select($db){ if(!empty($folder_array_unsafe[$i])){ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); - if(empty($parentdir_db)){ + + $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if(empty($prim_id)){ failure("Database error."); } - $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if($parentdir != $prim_id[1]){ $wrong_folder = $folder_array_unsafe[$i]; @@ -76,7 +72,6 @@ function select($db){ $content[$count][6] = $row[6]; $content[$count][7] = $row[7]; $content[$count][8] = $row[8]; - //echo "<a href='/". $user . "/" . $content[$count][3] . "'>" . $content[$count][3] . "</a><br>"; $count++; } |