From fe561fa106699a0a2e8e20633efed855c33f85c6 Mon Sep 17 00:00:00 2001
From: root
Date: Thu, 20 Mar 2014 14:17:13 +0100
Subject: First test for download() and delete().

---
 www/functions/func_delete.php   |  8 ++++----
 www/functions/func_download.php | 17 +++++++++--------
 www/functions/func_login.php    |  2 ++
 www/functions/func_select.php   |  2 +-
 www/include.php                 |  5 +++--
 5 files changed, 19 insertions(+), 15 deletions(-)

(limited to 'www')

diff --git a/www/functions/func_delete.php b/www/functions/func_delete.php
index aaf6e3e..a79cd36 100644
--- a/www/functions/func_delete.php
+++ b/www/functions/func_delete.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-	expected state: broken
+	expected state: tested; but broken
 */
 
 function delete_file($user, $path){
@@ -60,7 +60,7 @@ function delete_file($user, $path){
 		}
 	}
 	
-	for($i=0; $<count($hash_ar); $i++){
+	for($i=0; $i<count($hash_ar); $i++){
 		if(!unlink($uploaddir.$file_hash.".gz")){
 			if(!$file_hash[$i] != ""){
 				return DELETE_FILE_UNLINK;
@@ -89,7 +89,7 @@ function delete_folder($user, $path){
 
 	$folder_id = select_file_id($db, $user, $path);
 
-	$folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id:";");
+	$folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id.";");
 	$folder_owner_ar = $db->fetchArray(SQLITE3_NUM);
 
 	if($folder_owner_ar[0] != $_SESSION["userid"]){
@@ -169,7 +169,7 @@ function delete_user($user, $password, $password_verify){
 		}
 	}
 
-	for($i=0; $<count($hash_ar); $i++){
+	for($i=0; $ii<count($hash_ar); $i++){
 		if(!unlink($uploaddir.$hash_ar[$i].".gz")){
 			if($hash_ar[$i] != ""){
 				return DELETE_USER_FILE_DELETE;
diff --git a/www/functions/func_download.php b/www/functions/func_download.php
index 9b3a489..035e5b4 100644
--- a/www/functions/func_download.php
+++ b/www/functions/func_download.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-	Expected state: broken.
+	Expected state: tested, broken.
 */
 
 function start_file_download($user, $path){
@@ -10,7 +10,7 @@ function start_file_download($user, $path){
 
 	$owner = user_id($db, $user);
 
-	$file_id = select_file_id($db, $owner, $path)
+	$file_id = select_file_id($db, $owner, $path);
 
 /*	$file_id_db = $db->query("SELECT id, owner, share FROM files WHERE parent=" . $folder_id . ");
 	$file_id_ar = $file_id_db->fetchArray(SQLITE3_NUM);
@@ -65,15 +65,16 @@ function download_file($db, $file_id){
 
 	$uploaddir = "../files/";
 	$gzip_file = $uploaddir . $file_hash . ".gz";
-	$fp = gzopen($gzip_file, 'r')
-	$uncompressed_file = gzread($fp, filesize($fp));
 
-	header("Content-Type: ".$file_mime);
-	header("Content-Disposition: attachment; filename=\"".$file_name."\"");
-	if(!readfile($uncompressed_file)){
+	$uncompressed_file = readgzfile($gzip_file);
+
+	if($uncompressed_file){
+		header("Content-Type: ".$file_mime);
+		header("Content-Disposition: attachment; filename=\"".$file_name."\"");
+		return true;
+	} else {
 		return false;
 	}
 
-	return true;
 
 }
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 3074b32..9deb27b 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -9,6 +9,8 @@ function login($db){
 	$pepper = file_get_contents("../database/pepper.txt");
 	$password = $password . $pepper;
 
+	$real_password = "";
+
         $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
         while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
         	foreach($real_password_array as $secondelement){
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index a720feb..c19efe7 100755
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -24,7 +24,7 @@ function select_file_id($db, $owner, $folder_path){
 
 	for($i=0; $i<$length; $i++){
 
-		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
+		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
 
 		$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
 
diff --git a/www/include.php b/www/include.php
index 8bd840b..94eaba9 100755
--- a/www/include.php
+++ b/www/include.php
@@ -15,8 +15,9 @@ require_once($func_dir . "func_user.php");		// gets the userid and account speci
 require_once($func_dir . "func_content.php");		// get the vfs content
 require_once($func_dir . "func_password.php");		// changes the user password
 require_once($func_dir . "func_folder.php");		// creates a new folder
-//require_once($func_dir . "func_delete.php");		// deletes files, folder and user
-//require_once($func_dir . "func_download.php");		// handles the file download
+require_once($func_dir . "func_delete.php");		// deletes files, folder and user
+require_once($func_dir . "func_download.php");		// handles the file download
+require_once($func_dir . "func_upload.php");		// handles the file upload
 
 require_once("login.php");				// prints the login page
 require_once("register.php");				// prints the register page
-- 
cgit v1.2.3