From def084a19a19e1d5c77600c0c0967e5a8fed5b93 Mon Sep 17 00:00:00 2001 From: Horus3 Date: Mon, 21 Apr 2014 18:35:43 +0200 Subject: Now you can get a full list of FILES or DIRECTORY from class files. Also changed database layout to log every up- and download. --- www/class.files.php | 216 ++++++++++++++++++++++++++++++++++++++++ www/functions/class_files.php | 174 -------------------------------- www/functions/func_download.php | 5 +- www/functions/func_folder.php | 6 +- www/functions/func_login.php | 2 +- www/functions/func_register.php | 4 +- www/functions/func_upload.php | 4 +- www/include.php | 2 +- www/index.php | 2 +- www/setup.php | 12 +-- 10 files changed, 236 insertions(+), 191 deletions(-) create mode 100644 www/class.files.php delete mode 100644 www/functions/class_files.php (limited to 'www') diff --git a/www/class.files.php b/www/class.files.php new file mode 100644 index 0000000..7ce7d64 --- /dev/null +++ b/www/class.files.php @@ -0,0 +1,216 @@ +file = collect_content($GLOBALS["db"], $_GET["name"], $_GET["folder"]); + } else { + $this->file = $val; + } + + $f = $this->file; + + $DirRes = false; + $FileRes = false; + $DirCnt = 0; + $FileCnt = 0; + + for($i=0; $iDirList = $DirRes; + $this->FileList = $FileRes; + } + function NotFound(){ + if($this->file == FILE_NOT_FOUND){ + return true; + } else { + return false; + } + } + function isEmpty(){ + if($this->file == EMPTY_FOLDER){ + return true; + } else { + return false; + } + } + function isFile(){ + if(check_if_file($GLOBALS["db"], $_GET["name"], $_GET["folder"])){ + return true; + } else { + return false; + } + } + function initFile($val){ + if(!$val){ + return false; + } + $this->file=$val; + } + function getDim(){ + return count($this->file); + } + function getId($val = null){ + $ar = $this->file; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][0]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][1]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][3]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][4]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][5]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][6]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][7]; + } else { + $res; + for($i=0; $ifile; + if($val != null){ + if(!preg_match("/^[0-9]+$/", $val)){ + return false; + } + return $ar[$val][8]; + } else { + $res; + for($i=0; $ifile; + } + function getDirList(){ + return $this->DirList; + } + function getFileList(){ + return $this->FileList; + } + function getDirNum(){ + if(!$this->DirList){ + return false; + } else { + return count($this->DirList); + } + } + function getFileNum(){ + if(!$this->FileList){ + return false; + } else { + return count($this->FileList); + } + } +} diff --git a/www/functions/class_files.php b/www/functions/class_files.php deleted file mode 100644 index 10182a9..0000000 --- a/www/functions/class_files.php +++ /dev/null @@ -1,174 +0,0 @@ -file = collect_content($GLOBALS["db"], $_GET["name"], $_GET["folder"]); - } else { - $this->file = $val; - } - } - function NotFound(){ - if($this->file == FILE_NOT_FOUND){ - return true; - } else { - return false; - } - } - function isEmpty(){ - if($this->file == EMPTY_FOLDER){ - return true; - } else { - return false; - } - } - function isFile(){ - if(check_if_file($GLOBALS["db"], $_GET["name"], $_GET["folder"])){ - return true; - } else { - return false; - } - } - function initFile($val){ - if(!$val){ - return false; - } - $this->file=$val; - } - function getDim(){ - return count($this->file); - } - function getId($val = null){ - $ar = $this->file; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][0]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][1]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][3]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][4]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][5]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][6]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][7]; - } else { - $res; - for($i=0; $ifile; - if($val != null){ - if(!preg_match("/^[0-9]+$/", $val)){ - return false; - } - return $ar[$val][8]; - } else { - $res; - for($i=0; $ifile; - } -} diff --git a/www/functions/func_download.php b/www/functions/func_download.php index 26b25b1..576320c 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -103,17 +103,20 @@ function download_file($db, $file_id){ //TODO: buffer output, print if reading == true header("Content-Type: ".$file_mime); - +/* if(!preg_match("/^image\/.+/", $file_mime)){ header("Content-Disposition: attachment; filename=\"".$file_name."\""); } else { header("filename=".$file_name.""); } +*/ + header("filename=".$file_name.""); header("Content-Length: ".$file_size); set_time_limit(0); $uncompressed_file = readgzfile($gzip_file); if($uncompressed_file){ + $db->exec("UPDATE files SET lastseen=(SELECT strftime('%s', 'now')) WHERE id=".SQLite3::escapeString($file_id).";"); return true; } else { return false; diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php index 044fd8e..f389227 100644 --- a/www/functions/func_folder.php +++ b/www/functions/func_folder.php @@ -3,7 +3,7 @@ function database_mkdir($db, $file_id, $new_folder_name, $share){ if($db->exec(" BEGIN TRANSACTION; - INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', ''); + INSERT INTO files (id, parent, owner, name, folder, size, share, hash, upload, lastseen) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', '', (SELECT strftime('%s', 'now')), (SELECT strftime('%s', 'now'))); COMMIT; ")){ return true; @@ -78,7 +78,7 @@ function move_folder($old_path, $new_path){ if($db->exec(" BEGIN TRANSACTION; - UPDATE files SET parent=".$new_file_id." WHERE id=".$old_file_id."; + UPDATE files SET parent=".$new_file_id.", lastseen=(SELECT strftime('%s', 'now')) WHERE id=".$old_file_id."; COMMIT; ")){ return MV_FOLDER_SUCCESS; @@ -116,7 +116,7 @@ function rename_folder($path, $new_name){ if($db->exec(" BEGIN TRANSACTION; - UPDATE files SET name='".SQLite3::escapeString($new_name)."' WHERE id=".$file_id."; + UPDATE files SET name='".SQLite3::escapeString($new_name)."', lastseen=(SELECT strftime('%s', 'now')) WHERE id=".$file_id."; COMMIT; ")){ return true; diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 943e20e..6a38c3a 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -25,7 +25,7 @@ function login($db){ if($db->exec(" BEGIN TRANSACTION; - INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) ); + INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now')) ); COMMIT; ")){ diff --git a/www/functions/func_register.php b/www/functions/func_register.php index 90cbd7d..b848866 100755 --- a/www/functions/func_register.php +++ b/www/functions/func_register.php @@ -59,9 +59,9 @@ function register($db){ if($db->exec(" BEGIN TRANSACTION; - UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT datetime()), color_folder='DEFAULT', color_file='DEFAULT' WHERE id=" . $id . "; + UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT strftime('%s', 'now')), color_folder='DEFAULT', color_file='DEFAULT' WHERE id=" . $id . "; INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, ''); - INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT datetime())); + INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')); COMMIT;") ){ diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php index 31fe304..f4f9b82 100755 --- a/www/functions/func_upload.php +++ b/www/functions/func_upload.php @@ -3,7 +3,7 @@ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){ if($db->exec(" BEGIN TRANSACTION; - INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "'); + INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash, upload, lastseen) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "', (SELECT strftime('%s', 'now')), (SELECT strftime('%s', 'now'))); COMMIT; ")){ return true; @@ -15,7 +15,7 @@ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $si function database_upload_update($db, $id, $name, $mime, $size, $share, $filehash){ if($db->exec(" BEGIN TRANSACTION; - UPDATE files SET name='".$name."', mime='".$mime."', size='".$size."', share='".$share."', hash='".$filehash."' WHERE id=".$id."; + UPDATE files SET name='".$name."', mime='".$mime."', size='".$size."', share='".$share."', hash='".$filehash."', lastseen=(SELECT strftime('%s', 'now')) WHERE id=".$id."; COMMIT; ")){ return true; diff --git a/www/include.php b/www/include.php index 11d5451..39926f6 100755 --- a/www/include.php +++ b/www/include.php @@ -14,7 +14,7 @@ require_once("constants.php"); $func_dir = "functions/"; -require_once($func_dir . "class_files.php"); +require_once("class.files.php"); require_once($func_dir . "func_failure.php"); // 404 and other errors require_once($func_dir . "func_interface.php"); // presents the vfs content diff --git a/www/index.php b/www/index.php index 333d02e..713e1f8 100755 --- a/www/index.php +++ b/www/index.php @@ -149,7 +149,7 @@ if(empty($_GET)){ if($f->isFile()){ start_file_download($_GET["name"], $_GET["folder"]); } else { - if($f->notFound()){ + if($f->NotFound()){ $content = get_path_to_wrong_folder($db, $_GET["name"], $_GET["folder"]); print_wrong_folder($content); } elseif ($f->isEmpty()){ diff --git a/www/setup.php b/www/setup.php index 8d56f6e..d26cdda 100755 --- a/www/setup.php +++ b/www/setup.php @@ -52,11 +52,11 @@ if($bool){ if($db->exec(" BEGIN TRANSACTION; - CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT, color_folder TEXT, color_file TEXT); - INSERT INTO user (id, name, senpai, key, status, invites, password, email, register, color_folder, color_file) VALUES (NULL, 'admin', 0, '11111', 1, 5, '" . $hash_password . "', '" . $email . "', (SELECT datetime()), 'DEFAULT', 'DEFAULT' ); - CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, download_link TEXT, FOREIGN KEY(owner) REFERENCES user(id)); - INSERT INTO files (id, parent, owner, name, folder, size, share, hash, download_link) VALUES (NULL, 0, 1, '/', 'DIRECTORY', 0, 'HIDDEN', '', ''); - CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login TEXT, FOREIGN KEY(user) REFERENCES user(id)); + CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register INT, color_folder TEXT, color_file TEXT); + INSERT INTO user (id, name, senpai, key, status, invites, password, email, register, color_folder, color_file) VALUES (NULL, 'admin', 0, '11111', 1, 5, '" . $hash_password . "', '" . $email . "', (SELECT strftime('%s', 'now')), 'DEFAULT', 'DEFAULT' ); + CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, download_link TEXT, upload INT, lastseen INT, FOREIGN KEY(owner) REFERENCES user(id)); + INSERT INTO files (id, parent, owner, name, folder, size, share, hash, download_link, upload, lastseen) VALUES (NULL, 0, 1, '/', 'DIRECTORY', 0, 'HIDDEN', '', '', (SELECT strftime('%s', 'now')), (SELECT strftime('%s', 'now'))); + CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login INT, FOREIGN KEY(user) REFERENCES user(id)); CREATE TABLE IF NOT EXISTS banned_user (id INTEGER PRIMARY KEY, login_attempts INTEGER, ip TEXT, session_id TEXT, time INTEGER, user INTEGER); CREATE TRIGGER IF NOT EXISTS delete_files AFTER DELETE ON user FOR EACH ROW BEGIN DELETE FROM files WHERE owner=OLD.id; END; COMMIT;") @@ -65,9 +65,9 @@ if($bool){ $_SESSION["username"] = "admin"; $_SESSION["userid"] = 1; + include("include.php"); header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/admin"); echo "Success! You will redirected any moment."; - include("include.php"); } else { echo "Failure! :(
"; echo "Your password: ".$hash_password; -- cgit v1.2.3