From cb74ce9e9702677225102fc06b5adda8ce692cdc Mon Sep 17 00:00:00 2001 From: moehm Date: Wed, 26 Mar 2014 13:06:09 +0100 Subject: More improvements. Fix in the index, also added password_recover and changed the requirements for the upload interface. --- www/functions/func_interface.php | 12 ++++++++++++ www/functions/func_upload.php | 13 +++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) (limited to 'www/functions') diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php index a86fe6d..b87651a 100755 --- a/www/functions/func_interface.php +++ b/www/functions/func_interface.php @@ -3,3 +3,15 @@ function print_invite($var){ include("invite.php"); } + +function print_recover_password(){ + echo " + + + + + + "; +} diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php index 55d9492..8059191 100755 --- a/www/functions/func_upload.php +++ b/www/functions/func_upload.php @@ -2,12 +2,13 @@ /* This was tested with this interface, where PWD the primary key from the working directory is: +UPDATE 26.3. : Should now accept the path as an argument. @@ -36,11 +37,19 @@ function upload($db){ return UPLOAD_UPLOAD; } - $parentdir = SQLite3::escapeString("$_POST[pwd]"); + $parentdir = select_file_id($db, $_SESSION["userid"], $_POST["path"]); + //$parentdir = SQLite3::escapeString("$_POST[pwd]"); if(!preg_match("/[0-9]+/", $parentdir)){ return UPLOAD_PARENTFOLDER; } + $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";"); + $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM); + + if($folder_owner_ar[0] != $_SESSION["userid"]){ + return UPLOAD_FOLDER_NOT_OWNER; + } + $ownername = SQLite3::escapeString($_SESSION['username']); $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); -- cgit v1.2.3