summaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions')
-rwxr-xr-xwww/functions/func_interface.php12
-rwxr-xr-xwww/functions/func_upload.php13
2 files changed, 23 insertions, 2 deletions
diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php
index a86fe6d..b87651a 100755
--- a/www/functions/func_interface.php
+++ b/www/functions/func_interface.php
@@ -3,3 +3,15 @@
function print_invite($var){
include("invite.php");
}
+
+function print_recover_password(){
+ echo "
+ <!DOCTYPE html>
+ <html>
+ <body>
+ <form method='POST' action='/password_reset'>
+ <p>E-Mail <input type='text' name='email'></p>
+ </form>
+ </body>
+ ";
+}
diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
index 55d9492..8059191 100755
--- a/www/functions/func_upload.php
+++ b/www/functions/func_upload.php
@@ -2,12 +2,13 @@
/* This was tested with this interface, where PWD the primary key from the working directory is:
+UPDATE 26.3. : Should now accept the path as an argument.
<!DOCTYPE html>
<form method='post' action='/upload.php' enctype="multipart/form-data">
<p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p>
-<p>PWD: <input type='text' name='pwd'></p><!-- an INTEGER!! -->
+<p>PWD: <input type='text' name='path'></p>
<p>Share: <input type='text' name='share'>
<p><input type='submit' name='submit' value='upload'></p>
</form>
@@ -36,11 +37,19 @@ function upload($db){
return UPLOAD_UPLOAD;
}
- $parentdir = SQLite3::escapeString("$_POST[pwd]");
+ $parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]);
+ //$parentdir = SQLite3::escapeString("$_POST[pwd]");
if(!preg_match("/[0-9]+/", $parentdir)){
return UPLOAD_PARENTFOLDER;
}
+ $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";");
+ $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return UPLOAD_FOLDER_NOT_OWNER;
+ }
+
$ownername = SQLite3::escapeString($_SESSION['username']);
$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);