From bafaf5fad9266612c172c58360587832b8edb1b9 Mon Sep 17 00:00:00 2001 From: moehm Date: Wed, 19 Mar 2014 19:29:43 +0100 Subject: Added delete_folder and fixed some security issues. --- www/functions/func_delete.php | 114 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 108 insertions(+), 6 deletions(-) (limited to 'www/functions/func_delete.php') diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php index 2dab9e2..821f1aa 100644 --- a/www/functions/func_delete.php +++ b/www/functions/func_delete.php @@ -1,11 +1,23 @@ query("SELECT owner FROM files WHERE id=".$file_id.";"); + $file_owner_ar = $file_owner_db->fetchArray(SQLITE3_NUM); + + if($file_owner_ar[0] != $_SESSION["userid"]){ + return DELETE_FILE_NOT_OWNER; + } + $check_if_file_db = $db->query("SELECT folder, hash FROM files WHERE id=".$file_id.";"); $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM); @@ -15,8 +27,41 @@ function delete_file($user, $path){ $file_hash = $check_if_file_ar[1]; - if(!unlink($uploaddir.$file_hash.".gz")){ - return DELETE_FILE_UNLINK; + $hash_array_db = $db->query("SELECT hash FROM files WHERE hash='".$file_hash.";'"); + $count = 0; + + while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){ + $hash_ar[$count] = $row1[0]; + $count++; + } + + $count = 0; + + for($i=0; $iquery("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]. "';"); + while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){ + if($row2[1] != $_SESSION["userid"]){ + $saved_files[$count] = $hash_ar[$i]; + } + $count++; + } + } + + for($i=0; $iexec(" @@ -30,15 +75,70 @@ function delete_file($user, $path){ } } -function delete_user($user){ +function delete_folder($user, $path){ + + if(!$_SESSION["login"]){ + return DELETE_FOLDER_LOGIN; + } + + $db = $GLOBALS["db"]; + + $folder_id = select_file_id($db, $user, $path); + + $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id:";"); + $folder_owner_ar = $db->fetchArray(SQLITE3_NUM); + + if($folder_owner_ar[0] != $_SESSION["userid"]){ + return DELETE_FOLDER_NOT_OWNER; + } + + $folder_content_db = $db->query("SELECT id FROM files WHERE parent=".$folder_id.";"); + $folder_content_ar = $folder_content_db->fetchArray(SQLITE3_NUM); + + if(empty($folder_content_ar[0])){ + return DELETE_FOLDER_NOT_EMPTY; + } + + if($db->exec(" + BEGIN TRANSACTION; + DELETE FROM files WHERE id=".$folder_id."; + COMMIT; + ")){ + return DELETE_FOLDER_SUCCESS; + } else { + return DELETE_FOLDER_DATABASE; + } +} + +function delete_user($user, $password, $password_verify){ + + if(!$_SESSION["login"]){ + return DELETE_USER_LOGIN; + } + $db = $GLOBALS["db"]; $uploaddir = "../files/"; $owner = user_id($db, $user); + if(($password != $password_verify ) || $password = ""){ + return DELETE_USER_EMPTY_PASSWORD; + } + + $password_hash_db = $db->query("SELECT password FROM user WHERE id=".$owner.";"); + $password_hash_ar = $password_hash_db->fetchArray(SQLITE3_NUM); + + $admin_password_hash_db = $db->query("SELECT password FROM user WHERE id=1;"); + $admin_password_hash_ar = $admin_password_hash_db->fetchArray(SQLITE3_NUM); + + if(!password_verify($password, $password_hash_ar[0]) || !password_verify($password, $admin_password_hash_ar[0])){ + return DELETE_USER_WRONG_PASSWORD; + } + $hash_array_db = $db->query("SELECT hash FROM files WHERE folder='FILE' AND owner=".$owner.";"); $count = 0; + while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){ $hash_ar[$count] = $row1[0]; $count++; @@ -47,7 +147,7 @@ function delete_user($user){ $count = 0; for($i=0; $iquery("SELECT id, owner FROM files WHERE folder='FILE' AND hash=".$hash_ar[$i].";"); + $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]."';"); while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){ if($row2[1] != $_SESSION["userid"]){ $saved_files[$count] = $hash_ar[$i]; @@ -57,7 +157,7 @@ function delete_user($user){ } for($i=0; $i