summaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions')
-rw-r--r--www/functions/func_delete.php2
-rw-r--r--www/functions/func_download.php26
-rwxr-xr-xwww/functions/func_invite.php4
-rwxr-xr-xwww/functions/func_rewrite.php2
4 files changed, 23 insertions, 11 deletions
diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php
index a79cd36..17da1c4 100644
--- a/www/functions/func_delete.php
+++ b/www/functions/func_delete.php
@@ -1,7 +1,7 @@
<?php
/*
- expected state: tested; but broken
+ expected state: tested?; but broken
*/
function delete_file($user, $path){
diff --git a/www/functions/func_download.php b/www/functions/func_download.php
index 5770da4..e3e36aa 100644
--- a/www/functions/func_download.php
+++ b/www/functions/func_download.php
@@ -1,8 +1,7 @@
<?php
/*
- Expected state: tested, but broken.
- Works if you are loged in, fatal error if not.
+ Expected state: tested, should work.
*/
function check_if_file($db, $name, $folder_path){
@@ -63,11 +62,21 @@ function start_file_download($user, $path){
}
function check_file_hash($db, $file_id, $download_hash){
- $check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
+ if(preg_match("/[^0-9]/", $file_id)){
+ return DOWNLOAD_FALSE_ID;
+ }
+
+ $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
$check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
- if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){
- return false;
+ if($check_hash_ar[0] != "FILE"){
+ return DOWNLOAD_NOT_FILE;
+ }
+
+ if($check_hash_ar[1] != "PUBLIC"){
+ if($check_hash_ar[0] != $download_hash){
+ return DOWNLOAD_PRIVATE_FILE;
+ }
}
if(!download_file($db, $file_id)){
@@ -80,12 +89,13 @@ function check_file_hash($db, $file_id, $download_hash){
function download_file($db, $file_id){
- $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
+ $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
$file_ar = $file_db->fetchArray(SQLITE3_NUM);
$file_name = $file_ar[0];
$file_mime = $file_ar[1];
- $file_hash = $file_ar[2];
+ $file_size = $file_ar[2];
+ $file_hash = $file_ar[3];
$uploaddir = "../files/";
$gzip_file = $uploaddir . $file_hash . ".gz";
@@ -94,6 +104,8 @@ function download_file($db, $file_id){
header("Content-Type: ".$file_mime);
header("Content-Disposition: attachment; filename=\"".$file_name."\"");
+ header("Content-Length: ".$file_size);
+ set_time_limit(0);
$uncompressed_file = readgzfile($gzip_file);
if($uncompressed_file){
diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php
index b37ea09..00a678d 100755
--- a/www/functions/func_invite.php
+++ b/www/functions/func_invite.php
@@ -34,13 +34,13 @@ function invite($db){
$key = "$key".$key_array[$index];
}
- $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';");
+ $id_db = $db->query("SELECT id FROM USER WHERE name='" . $safe_name . "';");
$id_ar = $id_db->fetchArray(SQLITE3_NUM);
$id = $id_ar[0];
/*Generates the new user and decrease the invites*/
- $invite = $invite - 1;
+ $invite = $invite-1;
if($db->exec("
BEGIN TRANSACTION;
diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php
index a58c7f9..d9f694d 100755
--- a/www/functions/func_rewrite.php
+++ b/www/functions/func_rewrite.php
@@ -16,7 +16,7 @@ function rewrite($db){
}
if($_SESSION["login"]){
- header("Refresh: 0; /" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . "");
+ header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . "");
}
return false;