diff options
Diffstat (limited to 'www')
| -rw-r--r-- | www/constants.php | 5 | ||||
| -rw-r--r-- | www/functions/func_folder.php | 29 | ||||
| -rwxr-xr-x | www/functions/func_interface.php | 8 | ||||
| -rwxr-xr-x | www/functions/func_login.php | 2 | ||||
| -rw-r--r-- | www/functions/func_password.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_register.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_rewrite.php | 2 | ||||
| -rwxr-xr-x | www/functions/func_select.php | 11 | ||||
| -rwxr-xr-x | www/functions/func_user.php | 17 | ||||
| -rwxr-xr-x | www/include.php | 1 | ||||
| -rwxr-xr-x | www/index.php | 2 |
11 files changed, 52 insertions, 29 deletions
diff --git a/www/constants.php b/www/constants.php index 61f7839..9d3bd7f 100644 --- a/www/constants.php +++ b/www/constants.php @@ -29,3 +29,8 @@ define("PASSWORD_DATABASE", 20); define("RECOVER_SUCCESS", 21); define("RECOVER_EMAIL", 22); define("RECOVER_PROHIBITED", 23); + +define("MKDIR_SUCCESS", 24); +define("MKDIR_OWNER", 25); +define("MKDIR_LOGIN", 26); +define("MKDIR_DATABASE", 27); diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php new file mode 100644 index 0000000..8b1ed12 --- /dev/null +++ b/www/functions/func_folder.php @@ -0,0 +1,29 @@ +<?php + +function mkdir($path, $new_folder_name, $share){ + + $db = $GLOBALS["db"]; + + if(!$_SESSION["login"]){ + return MKDIR_LOGIN; + } + + $file_id = select_file_id($db, $_SESSION["userid"], $path); + + $owner_db = $db->query("SELECT owner FROM files WHERE id=" . SQLite3::escapeString('$file_id') . ";"); + $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); + + if($owner_ar[0] != $_SESSION["userid"]){ + return MKDIR_OWNER; + } + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", " . SQLite3::escapeString('$new_folder_name') . ", 'DIRECTORY', 0, " . SQLite3::escapeString('$share') . ", ''); + COMMIT; + ")){ + return MKDIR_SUCCESS; + } else { + return MKDIR_DATABASE; + } +} diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php index 05f8f3b..e6aa3f1 100755 --- a/www/functions/func_interface.php +++ b/www/functions/func_interface.php @@ -1,14 +1,14 @@ <?php -function collect_content($db){ - $owner = user($db, $_GET["name"]); +function collect_content($db,$username, $folder_path){ + $owner = user_id($db, $username); if(!$owner){ failure("This user doesn't exist!"); } - $file_id = select_file_id($db, $owner); - + $file_id = select_file_id($db, $owner, $folder_path); + $content = get_content($db, $file_id, $owner); if(!$content){ diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 8088cd5..3074b32 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -27,7 +27,7 @@ function login($db){ COMMIT; ")){ - $id = user($db, $username); + $id = user_id($db, $username); $_SESSION["login"] = true; $_SESSION["username"] = $username; diff --git a/www/functions/func_password.php b/www/functions/func_password.php index 486e9ba..40a0212 100644 --- a/www/functions/func_password.php +++ b/www/functions/func_password.php @@ -2,7 +2,7 @@ function change_password($db, $first_password, $second_password){ if($_SESSION["login"]){ - $username = user($db, $_SESSION["username"]); + $username = user_id($db, $_SESSION["username"]); } else { $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';"); $username_ar = $username_db->fetchArray(SQLITE3_NUM); diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 026ac3b..be8c197 100755 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -65,7 +65,7 @@ function register($db){ COMMIT;") ){ - $userid = user($db, $safe_name); + $userid = user_id($db, $safe_name); $_SESSION["login"] = true; $_SESSION["username"] = $name; diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php index 8e8e45f..48131f8 100755 --- a/www/functions/func_rewrite.php +++ b/www/functions/func_rewrite.php @@ -3,7 +3,7 @@ function rewrite($db){ /* test if first argument a username or folder */ - $name = user($db, $_GET["name"]); + $name = user_id($db, $_GET["name"]); if($name == ""){ diff --git a/www/functions/func_select.php b/www/functions/func_select.php index 5181b9a..1599b9b 100755 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -1,5 +1,5 @@ <?php -function select_file_id($db, $owner){ +function select_file_id($db, $owner, $folder_path){ if($_SESSION["login"] && $_SESSION["userid"] == $owner){ // TODO: Check if loged in user really the user who does the query - fix 12.3.14 $share=""; // to print all files, even hidden ones @@ -7,7 +7,7 @@ function select_file_id($db, $owner){ $share ="AND share='PUBLIC'"; // just use files with the correct permissions } - $folder_array_unsafe = explode("/",$_GET["folder"]); + $folder_array_unsafe = explode("/",$folder_path); $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); @@ -23,12 +23,13 @@ function select_file_id($db, $owner){ } for($i=0; $i<$length; $i++){ - + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); - if(empty($prim_id)){ - failure("Database error."); + + if(empty($prim_id[0])){ + return $parentdir; } if($parentdir != $prim_id[1]){ diff --git a/www/functions/func_user.php b/www/functions/func_user.php index 5ee342f..bc72a93 100755 --- a/www/functions/func_user.php +++ b/www/functions/func_user.php @@ -11,27 +11,14 @@ function account($db){ return true; } -function user($db, $user){ +function user_id($db, $user){ $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); - if(empty($owner_ar)){ + if(empty($owner_ar[0])){ return false; } $owner = $owner_ar[0]; return $owner; } - -function user_is_owner($username, $file_id){ - $db = $GLOBALS["db"]; - - $owner_db = $db->query("SELECT owner FROM files WHERE id=". SQLite3::escapeString('$file_id') . ";"); - $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); - - if($owner_ar[0] != $username){ - return false; - } else { - return true; - } -} diff --git a/www/include.php b/www/include.php index abbe4d9..dc8ca72 100755 --- a/www/include.php +++ b/www/include.php @@ -14,6 +14,7 @@ require_once($func_dir . "func_select.php"); // get the primary key from the la require_once($func_dir . "func_user.php"); // gets the userid and account specific stuff require_once($func_dir . "func_content.php"); // get the vfs content require_once($func_dir . "func_password.php"); // changes the user password +require_once($func_dir . "func_folder.php"); // creates a new folder require_once("login.php"); // prints the login page require_once("register.php"); // prints the register page diff --git a/www/index.php b/www/index.php index 56056c5..7af88c6 100755 --- a/www/index.php +++ b/www/index.php @@ -93,7 +93,7 @@ if(empty($_GET)){ /* shows the user content, main function */ if(rewrite($db)){ - $content = collect_content($db); + $content = collect_content($db, $_GET["name"], $_GET["folder"]); print_browser($content); } } |