From 66b515b718fb2de57462c1aa172d89b94936cef5 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 10 Mar 2014 18:08:08 +0100
Subject: file upload

---
 www/functions.php |  7 ++++++-
 www/login.php     |  2 +-
 www/upload.php    | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 www/upload.php

(limited to 'www')
diff --git a/www/functions.php b/www/functions.php
index dfe75ad..46b3149 100644
--- a/www/functions.php
+++ b/www/functions.php
@@ -68,11 +68,14 @@ function login($db){
 				echo $logout;
 			}
 
-			echo "<form method='post' action='/login'>
+/*			echo "<form method='post' action='/login'>
 				<p>Name: <input type='text' name='username'></p>
 				<p>Password: <input type='password' name='password'>
 				<p><input type='submit' name='submit' value='login'></p>
 			</form>";
+*/
+			include("login.php");
+
 		}
 	}
 	exit;
@@ -130,6 +133,8 @@ function invite($db){
 				UPDATE user SET invites='$invite' WHERE id='$id';
 				COMMIT;")
 			){
+				$subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+				mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
 				header("Refresh: 0; /invite?reason=success");
 			} else {
 				header("Refresh: 0; /invite?reason=database");
diff --git a/www/login.php b/www/login.php
index e9c839b..e65cfef 100644
--- a/www/login.php
+++ b/www/login.php
@@ -2,7 +2,7 @@
 	
 	<div class="login-area">
 		<h1 class="login-area"> Log in </h1>
-		<form id="login-form">
+		<form id="login-form" method='post' action='/login'>
 			<input type="text" placeholder="username" name="username" id="username-input" class="login-input">
 			<input type="password" placeholder="password" name="password" id="password-input" class="login-input">
 			
diff --git a/www/upload.php b/www/upload.php
new file mode 100644
index 0000000..cd8c3af
--- /dev/null
+++ b/www/upload.php
@@ -0,0 +1,57 @@
+<?
+
+function error($reason){
+	echo "Failure! <br>";
+	echo $reason;
+	exit;
+}
+
+function upload($db){
+
+	if(!$_SESSION["login"]){
+		error("Operation not permitted.");
+		exit;
+	}
+	
+	if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){
+		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
+	}
+
+	$parentdir = SQLite3::escapeString("$_POST[pwd]");
+	if(!preg_match("/[0-9]+/", $parentdir)){
+		error("Invalid parent folder.");
+	}
+
+	$ownername = SQLite3::escapeString($_SESSION['username']);
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	$owner = $owner_ar[0];
+
+	$filename = $_FILE['userfile']['name'];
+	$folder = "FILE";
+	$mime = $_FILE['userfile']['type'];
+	$size = $_FILE['userfile']['size'];
+	$share = SQLite3::escapeString('$_POST[share]');
+
+	$uploaddir = "../files/";
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
+		COMMIT;
+	")){
+		$id = SQLite3::lastInsertRowID();
+		if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){
+			if(rename($uploaddir . $filename, $uploaddir . $id)){
+				echo "Success!";
+			} else {
+				echo "Failure!";
+			}
+
+		} else {
+			error("Upload failed");
+			exit;
+		}
+	}
+
+}
-- 
cgit v1.2.3

