From 1246415f35b3a45486808d27b0649b373f2740d2 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 16 Mar 2014 20:38:23 +0100
Subject: Added new constant 'REGISTER_INVITEKEY'

---
 www/constants.php               | 11 ++++++++---
 www/functions/func_register.php |  8 ++++++--
 www/functions/func_select.php   |  4 ++--
 3 files changed, 16 insertions(+), 7 deletions(-)

(limited to 'www')

diff --git a/www/constants.php b/www/constants.php
index ece68b4..9ea8a5d 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -1,15 +1,20 @@
 <?php
 define("EMPTY", 0);
+
 define("LOGIN_SUCCESSFULL", 1);
 define("LOGIN_DATABASE", 2);
 define("LOGIN_PASSWORD", 3);
+
 define("LOGOUT_SUCCESSFULL", 4);
 define("LOGOUT_FAILURE", 5);
+
 define("REGISTER_SUCCESSFULL", 6);
 define("REGISTER_PASSWORD", 7);
 define("REGISTER_EMAIL", 8);
 define("REGISTER_DATABASE", 9);
 define("REGISTER_PROHIBITED", 10);
-define("INVITE_SUCCESSFULL", 11);
-define("INVITE_INVITES", 12);
-define("INVITE_DATABASE", 13);
+define("REGISTER_INVITEKEY", 12);
+
+define("INVITE_SUCCESSFULL", 13);
+define("INVITE_INVITES", 14);
+define("INVITE_DATABASE", 15);
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 8321339..fc93058 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -25,12 +25,16 @@ function register($db){
         $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM);
         $test_status_int = $test_status_ar[0];
 
+        if (empty($test_status_ar) || $test_status_int != 0){
+		return REGISTER_PROHIBITED;
+	}
+
         $test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';");
         $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM);
         $test_key = $test_key_ar[0];
 
-        if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
-		return REGISTER_PROHIBITED;
+        if ($test_key != $_POST["key"] || $test_key == ""){
+		return REGISTER_INVITEKEY;
 	}
 
         $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';");
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index 204f2d7..f0dc601 100755
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -2,9 +2,9 @@
 function select($db, $owner){
 
 	if($_SESSION["login"] && $_SESSION["userid"] == $owner){ 	// TODO: Check if loged in user really the user who does the query - fix 12.3.14
-		$share="";
+		$share="";						// to print all files, even hidden ones
 	} else {
-		$share ="AND share='PUBLIC'";
+		$share ="AND share='PUBLIC'";				// just use files with the correct permissions
 	}
 	
 	if(empty($_GET["folder"])){
-- 
cgit v1.2.3