summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
Diffstat (limited to 'www')
-rw-r--r--www/functions.php7
-rw-r--r--www/login.php2
-rw-r--r--www/upload.php57
3 files changed, 64 insertions, 2 deletions
diff --git a/www/functions.php b/www/functions.php
index dfe75ad..46b3149 100644
--- a/www/functions.php
+++ b/www/functions.php
@@ -68,11 +68,14 @@ function login($db){
echo $logout;
}
- echo "<form method='post' action='/login'>
+/* echo "<form method='post' action='/login'>
<p>Name: <input type='text' name='username'></p>
<p>Password: <input type='password' name='password'>
<p><input type='submit' name='submit' value='login'></p>
</form>";
+*/
+ include("login.php");
+
}
}
exit;
@@ -130,6 +133,8 @@ function invite($db){
UPDATE user SET invites='$invite' WHERE id='$id';
COMMIT;")
){
+ $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+ mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
header("Refresh: 0; /invite?reason=success");
} else {
header("Refresh: 0; /invite?reason=database");
diff --git a/www/login.php b/www/login.php
index e9c839b..e65cfef 100644
--- a/www/login.php
+++ b/www/login.php
@@ -2,7 +2,7 @@
<div class="login-area">
<h1 class="login-area"> Log in </h1>
- <form id="login-form">
+ <form id="login-form" method='post' action='/login'>
<input type="text" placeholder="username" name="username" id="username-input" class="login-input">
<input type="password" placeholder="password" name="password" id="password-input" class="login-input">
diff --git a/www/upload.php b/www/upload.php
new file mode 100644
index 0000000..cd8c3af
--- /dev/null
+++ b/www/upload.php
@@ -0,0 +1,57 @@
+<?
+
+function error($reason){
+ echo "Failure! <br>";
+ echo $reason;
+ exit;
+}
+
+function upload($db){
+
+ if(!$_SESSION["login"]){
+ error("Operation not permitted.");
+ exit;
+ }
+
+ if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){
+ error("Error while proceding the upload: " . $_FILES['userfile']['error']);
+ }
+
+ $parentdir = SQLite3::escapeString("$_POST[pwd]");
+ if(!preg_match("/[0-9]+/", $parentdir)){
+ error("Invalid parent folder.");
+ }
+
+ $ownername = SQLite3::escapeString($_SESSION['username']);
+ $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
+ $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+ $owner = $owner_ar[0];
+
+ $filename = $_FILE['userfile']['name'];
+ $folder = "FILE";
+ $mime = $_FILE['userfile']['type'];
+ $size = $_FILE['userfile']['size'];
+ $share = SQLite3::escapeString('$_POST[share]');
+
+ $uploaddir = "../files/";
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
+ COMMIT;
+ ")){
+ $id = SQLite3::lastInsertRowID();
+ if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){
+ if(rename($uploaddir . $filename, $uploaddir . $id)){
+ echo "Success!";
+ } else {
+ echo "Failure!";
+ }
+
+ } else {
+ error("Upload failed");
+ exit;
+ }
+ }
+
+}