From e009b1e84dcbcc83f39652695eb86c6e64cc6a11 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 26 Mar 2014 03:07:06 +0100 Subject: Now conform to HTTP/1.1. Also integrated func_download. --- www/functions/func_delete.php | 2 +- www/functions/func_download.php | 26 +++++++++++++++++++------- www/functions/func_invite.php | 4 ++-- www/functions/func_rewrite.php | 2 +- 4 files changed, 23 insertions(+), 11 deletions(-) (limited to 'www/functions') diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php index a79cd36..17da1c4 100644 --- a/www/functions/func_delete.php +++ b/www/functions/func_delete.php @@ -1,7 +1,7 @@ query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); + if(preg_match("/[^0-9]/", $file_id)){ + return DOWNLOAD_FALSE_ID; + } + + $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM); - if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){ - return false; + if($check_hash_ar[0] != "FILE"){ + return DOWNLOAD_NOT_FILE; + } + + if($check_hash_ar[1] != "PUBLIC"){ + if($check_hash_ar[0] != $download_hash){ + return DOWNLOAD_PRIVATE_FILE; + } } if(!download_file($db, $file_id)){ @@ -80,12 +89,13 @@ function check_file_hash($db, $file_id, $download_hash){ function download_file($db, $file_id){ - $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); + $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); $file_ar = $file_db->fetchArray(SQLITE3_NUM); $file_name = $file_ar[0]; $file_mime = $file_ar[1]; - $file_hash = $file_ar[2]; + $file_size = $file_ar[2]; + $file_hash = $file_ar[3]; $uploaddir = "../files/"; $gzip_file = $uploaddir . $file_hash . ".gz"; @@ -94,6 +104,8 @@ function download_file($db, $file_id){ header("Content-Type: ".$file_mime); header("Content-Disposition: attachment; filename=\"".$file_name."\""); + header("Content-Length: ".$file_size); + set_time_limit(0); $uncompressed_file = readgzfile($gzip_file); if($uncompressed_file){ diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php index b37ea09..00a678d 100755 --- a/www/functions/func_invite.php +++ b/www/functions/func_invite.php @@ -34,13 +34,13 @@ function invite($db){ $key = "$key".$key_array[$index]; } - $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';"); + $id_db = $db->query("SELECT id FROM USER WHERE name='" . $safe_name . "';"); $id_ar = $id_db->fetchArray(SQLITE3_NUM); $id = $id_ar[0]; /*Generates the new user and decrease the invites*/ - $invite = $invite - 1; + $invite = $invite-1; if($db->exec(" BEGIN TRANSACTION; diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php index a58c7f9..d9f694d 100755 --- a/www/functions/func_rewrite.php +++ b/www/functions/func_rewrite.php @@ -16,7 +16,7 @@ function rewrite($db){ } if($_SESSION["login"]){ - header("Refresh: 0; /" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . ""); + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . ""); } return false; -- cgit v1.2.3