From f471b2130461efa25c62dbe8b015da6219cf3498 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sat, 29 Mar 2014 20:26:26 +0100
Subject: Improved the ban system and the download mechanism.

---
 www/functions/func_download.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'www/functions/func_download.php')

diff --git a/www/functions/func_download.php b/www/functions/func_download.php
index b62e13f..64c5d90 100644
--- a/www/functions/func_download.php
+++ b/www/functions/func_download.php
@@ -64,16 +64,18 @@ function check_file_hash($db, $file_id, $download_hash){
 		return DOWNLOAD_FALSE_ID;
 	}
 
-	$check_hash_db = $db->query("SELECT folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
+	$check_hash_db = $db->query("SELECT owner, folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
 	$check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
 
-	if($check_hash_ar[0] != "FILE"){
+	if($check_hash_ar[1] != "FILE"){
 		return DOWNLOAD_NOT_FILE;
 	}
 
-	if($check_hash_ar[1] != "PUBLIC"){
-		if($check_hash_ar[2] != $download_hash){
-			return DOWNLOAD_PRIVATE_FILE;
+	if($check_hash_ar[2] != "PUBLIC"){
+		if($_SESSION["userid"] != $check_hash_ar[0]){
+			if($check_hash_ar[3] != $download_hash){
+				return DOWNLOAD_PRIVATE_FILE;
+			}
 		}
 	}
 
-- 
cgit v1.2.3