aboutsummaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions')
-rwxr-xr-xwww/functions/func_failure.php13
-rwxr-xr-xwww/functions/func_interface.php27
-rwxr-xr-xwww/functions/func_login.php87
-rw-r--r--www/functions/func_password.php77
-rwxr-xr-xwww/functions/func_register.php61
-rwxr-xr-xwww/functions/func_user.php337
-rwxr-xr-xwww/functions/notused/func_content.php121
-rw-r--r--www/functions/notused/func_delete.php207
-rw-r--r--www/functions/notused/func_download.php123
-rw-r--r--www/functions/notused/func_folder.php162
-rwxr-xr-xwww/functions/notused/func_invite.php62
-rwxr-xr-xwww/functions/notused/func_rewrite.php30
-rwxr-xr-xwww/functions/notused/func_select.php62
-rwxr-xr-xwww/functions/notused/func_upload.php192
14 files changed, 1561 insertions, 0 deletions
diff --git a/www/functions/func_failure.php b/www/functions/func_failure.php
new file mode 100755
index 0000000..e54cfaf
--- /dev/null
+++ b/www/functions/func_failure.php
@@ -0,0 +1,13 @@
+<?php
+/* --PAGE NOT FOUND - 404 -- */
+
+//function get_404($working_path, $wrong_folder){
+// include("httperror.php");
+// exit;
+//}
+
+function failure($reason){
+ echo "A 404 error occurred. <br>";
+ echo $reason;
+ exit;
+}
diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php
new file mode 100755
index 0000000..08b9790
--- /dev/null
+++ b/www/functions/func_interface.php
@@ -0,0 +1,27 @@
+<?php
+
+//function print_invite($var){
+// include("invite.php");
+//}
+
+/*
+function print_recover_password(){
+ echo "
+ <!DOCTYPE html>
+ <html>
+ <body>
+ <form method='POST' action='/password_reset'>
+ <p>E-Mail <input type='text' name='email'></p>
+ </form>
+ </body>
+ ";
+}
+*/
+
+//function print_login($var){
+// echo "Coming soon";
+//}
+
+//function print_index(){
+// echo "Coming soon";
+//}
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
new file mode 100755
index 0000000..3afb3d8
--- /dev/null
+++ b/www/functions/func_login.php
@@ -0,0 +1,87 @@
+<?php
+function login($db){
+
+ /*___Database Query: Login___*/
+ $username = $_POST["username"];
+ $password = $_POST["password"];
+ $safe_username = SQLite3::escapeString("$username");
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $password . $pepper;
+
+ $real_password = "";
+
+ $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+ /*___Login___*/
+ if (!password_verify($password, $real_password)) {
+ return LOGIN_PASSWORD;
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now')));
+ COMMIT;
+ ")){
+
+ $id = user_id($db, $username);
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $username;
+ $_SESSION["userid"] = $id;
+
+ return LOGIN_SUCCESSFULL;
+
+ } else {
+ return LOGIN_DATABASE;
+ }
+}
+
+function logout(){
+
+ if(session_destroy()){
+ return LOGOUT_SUCCESSFULL;
+ } else {
+ return LOGOUT_FAILURE;
+ }
+}
+
+function brutforce_protection($db){
+ $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;
+
+ if($_SESSION["login_attempts"] <= 0){
+ $remote_ip = $_SERVER["REMOTE_ADDR"];
+ $session_id = session_id();
+ $time = $_SERVER["REQUEST_TIME"];
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time.");
+ COMMIT;
+ ")){
+ echo "You are banned. ;_;";
+ }
+ exit;
+ }
+}
+
+function check_if_banned($db){
+
+ $remote_ip = $_SERVER["REMOTE_ADDR"];
+ $session_id = session_id();
+ $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';");
+ $check_ar = $check_db->fetchArray(SQLITE3_NUM);
+
+ $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h
+
+ if($check_ar[0] < $accepted_time){
+ return false; // not longer banned
+ } else {
+ return true; // still banned
+ }
+}
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
new file mode 100644
index 0000000..3ee496b
--- /dev/null
+++ b/www/functions/func_password.php
@@ -0,0 +1,77 @@
+<?php
+
+function change_password($db, $first_password, $second_password){
+ if($_SESSION["login"]){
+ $username = user_id($db, $_SESSION["username"]);
+ } else {
+ $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $username_ar = $username_db->fetchArray(SQLITE3_NUM);
+ $username = $username_ar[0];
+ }
+
+ if($first_password != $second_password || !isset($first_password) || empty($first_password) || $first_password == ""){
+ return PASSWORD_PASSWORD;
+ }
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $first_password . $pepper;
+
+ $hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE user SET password='" . $hash_password . "' WHERE id=" . $username . ";
+ COMMIT;
+ ")){
+ return PASSWORD_SUCCESS;
+ } else {
+ return PASSWORD_DATABASE;
+ }
+}
+
+function recover_password($db){
+ $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
+
+ if($test_email_ar[0] == 1){
+ $password_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($password_array);
+ $password = "";
+
+ for ($i=0;$i<21;$i++){
+ $index = mt_rand(0,$length-1);
+ $password = "$password".$password_array[$index];
+ }
+
+ $var = change_password($db, $password, $password);
+
+ if($var == PASSWORD_SUCCESS){
+
+ $subject = "Your new password is" . $password;
+ if(mail($_POST['email'], "New password", $subject, "From: mail@iamfabulous.de")){
+ return RECOVER_SUCCESS;
+ } else {
+ return RECOVER_EMAIL;
+ }
+ } else {
+ return $var;
+ }
+ } else {
+ return RECOVER_PROHIBITED;
+ }
+}
+
+function validate_password($db, $username, $password){
+ $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'");
+ $res_ar = $res_db->fetchArray(SQLITE3_NUM);
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password .= $pepper;
+
+ if(password_verify($password, $res_ar[0])){
+ return true;
+ } else {
+ return false;
+ }
+}
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
new file mode 100755
index 0000000..3cb79ad
--- /dev/null
+++ b/www/functions/func_register.php
@@ -0,0 +1,61 @@
+<?php
+function register($db){
+
+ $name = $_POST["name"];
+ $cleartext_password = $_POST["pswd"];
+ $second_password = $_POST["2ndpswd"];
+ $email = $_POST["email"];
+
+ /* checking for empty password etc. */
+
+ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+ return REGISTER_PASSWORD;
+ }
+
+ if(!empty($email)){
+ if(!preg_match("/[^.+@.+]/", $email)){
+ return REGISTER_EMAIL;
+ }
+ } else {
+ $email = "";
+ }
+
+ $safe_name = SQLite3::escapeString("$name");
+ $safe_email = SQLite3::escapeString("$email");
+
+ /*Checks the validation of the registration attempt*/
+
+ $doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
+ $doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);
+
+ if($doubleusername_ar[0] == 1){
+ return REGISTER_USERNAME;
+ }
+
+ /*Generates the encrypted password and the database transaction*/
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $cleartext_password . $pepper;
+
+ $hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO user (id, name, password, email, status, register) VALUES (NULL, '".$safe_name."', '".$hash_password."', '".$safe_email."', 1, (SELECT strftime('%s', 'now')));
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')));
+ COMMIT;")
+ ){
+
+ $userid = user_id($db, $safe_name);
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $name;
+ $_SESSION["userid"] = $userid;
+
+ return REGISTER_SUCCESSFULL;
+
+ } else {
+ return REGISTER_DATABASE;
+ }
+
+}
diff --git a/www/functions/func_user.php b/www/functions/func_user.php
new file mode 100755
index 0000000..d9e202d
--- /dev/null
+++ b/www/functions/func_user.php
@@ -0,0 +1,337 @@
+<?php
+function account($db, $var){
+
+ if(empty($_GET["id"])){
+ $info_db = $db->query("SELECT * FROM user WHERE name='".$_SESSION["username"]."';");
+ $info_ar = $info_db->fetchArray(SQLITE3_NUM);
+
+ $ls_db = $db->query("SELECT login FROM log WHERE user=".$info_ar[0]." ORDER BY id DESC");
+ $last_seen = $ls_db->fetchArray(SQLITE3_NUM);
+ }
+
+ echo "
+ <!doctype html>
+
+ <html>
+ <head>
+ <title>Account :: Junge Gemeinde Adlershof</title>
+ <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
+ <link rel='stylesheet' type='text/css' href='/static/hyperstyle.css' />
+ <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
+ <script>
+ function showChangeUsername(){
+ document.getElementById(\"newUsername\").style.visibility = \"visible\";
+
+ return;
+ }
+
+ function showNewPassword(){
+ document.getElementById(\"newPassword\").style.visibility = \"visible\";
+
+ return;
+ }
+ </script>
+ <style type='text/css'>
+ #newUsername{
+ width: 100%;
+ height: 100%;
+ background: #ecece1;
+ position: fixed;
+ z-index: 99;
+ top: 0px;
+ opacity: 0.85;
+ visibility: hidden;
+ }
+
+ #newUsername-area{
+ height: 190px;
+ width: 400px;
+ position: fixed;
+ top: 50%;
+ margin-top: -100px;
+ padding: 10px;
+ left: 50%;
+ margin-left: -200px;
+ border: 1px solid black;
+ }
+
+ #newPassword{
+ width: 100%;
+ height: 100%;
+ background: #ecece1;
+ position: fixed;
+ z-index: 99;
+ top: 0px;
+ opacity: 0.85;
+ visibility: hidden;
+ }
+
+ #newPassword-area{
+ height: 190px;
+ width: 400px;
+ position: fixed;
+ top: 50%;
+ margin-top: -100px;
+ padding: 10px;
+ left: 50%;
+ margin-left: -200px;
+ border: 1px solid black;
+ }
+
+ #UserData-area{
+ width: 20%;
+ height: 120%;
+ /*opacity: 0.75;*/
+ /*background: white;*/
+
+ }
+
+ </style>
+ </head>
+ ";
+ include("static/head.php");
+// echo "loged in as: " . $_SESSION["username"];
+/*
+ echo "<center>
+
+ <table width='400px' border='1' rules='group'>
+ <thead>
+ <tr>
+ <th>Name</th>
+ <th>E-Mail</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr><td align='center'>".$info_ar[1]."</td><td align='center'>".$info_ar[3]."</td></tr>
+
+ ";
+*/
+
+ switch($var){
+ case("password"):
+ $passage = "<font color='red'>Falsches Passwort.</font><br>";
+ break;
+ case(PASSWORD_SUCCESS):
+ $passage = "<font color='red'>Dein Passwort wurde erfolgreich geändert.</font><br>";
+ break;
+ case(CH_USERNAME_SUCCESS):
+ $passage = "<font color='red'>Erfolg! Ab sofort bist du unter ".$_SESSION["username"]." bekannt.</font><br>";
+ break;
+ case(CH_EMAIL_SUCCESS):
+ $passage = "<font color='red'>Deine E-Mail Adresse wurde erfolgreich geändert.</font><br>";
+ break;
+ case(CH_EMAIL_EXISTS):
+ $passage = "<font color='red'>Diese E-Mail Adresse ist schon in Benutzung.</font><br>";
+ break;
+ case(CH_USERNAME_EXISTS):
+ $passage = "<font color='red'>Dieser Name ist schon in Benutzung.</font><br>";
+ break;
+ default:
+ $passage = "";
+ break;
+ }
+
+ echo "<center>
+
+ <br><br>
+ <div id='content_container' align='center'>
+ <div class='kleineschrift'><div class='ueberschrift'><p>Account Informationen</p></div></div>
+ <br>
+ ".$passage."
+ <br>
+
+ <div id='UserData-area'>
+ <p>Deine Daten: (<a href='#' onclick='showChangeUsername()' style='text-decoration:underline; font-size:15px'>ändern?</a>)</p>
+ <br>
+ <table >
+ <tr><td>
+ Name:
+ </td><td>
+ &#160;
+ </td><td>
+ ".$info_ar[1]."
+ </td><td>
+ <tr><td>
+ E-Mail:
+ </td><td>
+ &#160;
+ </td><td>
+ ".$info_ar[3]."
+ </td></tr>
+ <tr><td>&#160;</td></tr>
+ <tr><td>
+ Registrierungsdatum:
+ </td><td>
+ &#160;
+ </td><td>
+ ".date("j.n.Y / H:i:s", $info_ar[5])."
+ </td><td>
+ </td><td>
+ &#160;
+ </td></tr>
+ <tr><td>
+ Zuletzt gesehen:
+ </td><td>
+ &#160;
+ </td><td>
+ ".date("j.n.Y / H:i:s", $last_seen[0])."
+ </td></tr>
+ </table>
+ <br>
+
+ </div>
+
+ <br>
+ <div style='width:400px'><hr></div>
+ <br>
+ <br>
+ <p>Passwort Verwaltung:</p>
+ <br>
+ <table>
+ <tr><td>
+ <a href='#' onclick='showNewPassword()' style='text-decoration:underline;'>Passwort ändern?</a>
+ </td>
+ <td>
+ &#160;
+ </td>
+ <td>
+ |
+ </td>
+ <td>
+ &#160;
+ </td>
+ <td>
+ <a href='/password_recover' style='text-decoration:underline;'>Passwort vergessen?</a>
+ </td></tr>
+ </table>
+
+
+ <div id='newUsername'>
+ <div id='newUsername-area'>
+ <p>Wechsle deinen Spitznamen oder deine E-Mail Adresse. Bitte bestätige die Änderung mit deinem Passwort.</p>
+ <br>
+ <form method='POST' action='/account/change:user'>
+ <table>
+ <tr><td>
+ Name:
+ </td>
+ <td>
+ <input type='text' name='name' value='".$info_ar[1]."'>
+ </td></tr>
+ <tr><td>
+ E-Mail:
+ </td>
+ <td>
+ <input type='text' name='email' value='".$info_ar[3]."'>
+ </td></tr>
+ <tr><td>
+ Passwort:
+ </td>
+ <td>
+ <input type='password' name='pswd'>
+ </td></tr>
+ <tr><td>
+ </td>
+ <td>
+ <input type='submit' value='ändern'>
+ </td></tr>
+ </table>
+ </form>
+ </div>
+ </div>
+ <br>
+ <div id='newPassword'>
+ <div id='newPassword-area'>
+ <p>Aktualisiere deine Passwort. Bitte bestätige die Änderung mit deinem aktuell gültigen Passwort.
+ <form method='POST' action='/account/change:password'>
+ <table>
+ <tr><td>
+ Neues Passwort:
+ </td>
+ <td>
+ <input type='password' name='pswd'>
+ </td></tr>
+ <tr><td>
+ Neues Passwort wiederholen:
+ </td>
+ <td>
+ <input type='password' name='2ndpswd'>
+ </td></tr>
+ <tr><td>
+ </td>
+ <td>
+ </td></tr>
+ <tr><td>
+ Altes Passwort:
+ </td>
+ <td>
+ <input type='password' name='oldpswd'>
+ </td></tr>
+ <tr><td>
+ </td>
+ <td>
+ <input type='submit' value='ändern'>
+ </td></tr>
+ </table>
+ </form>
+ </div>
+ </div>
+ </div>
+ ";
+ return true;
+}
+
+function user_id($db, $user){
+
+ $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
+ $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+ if(empty($owner_ar[0])){
+ return false;
+ }
+
+ $owner = $owner_ar[0];
+ return $owner;
+}
+
+function change_username($db, $oldname, $newname){
+ $oldname = $db->escapeString($oldname);
+ $newname = $db->escapeString($newname);
+ $check_db = $db->query("SELECT 1 FROM user WHERE name='".$newname."'");
+ $check_ar = $check_db->fetchArray(SQLITE3_NUM);
+
+ if($check_ar[0] == 1){
+ return CH_USERNAME_EXISTS;
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE user SET name='".$newname."'WHERE name='".$oldname."';
+ COMMIT;
+ ")){
+ $_SESSION["username"] = $newname;
+ return CH_USERNAME_SUCCESS;
+ } else {
+ return DATABASE;
+ }
+}
+
+function change_email($db, $name, $email){
+ $res_db = $db->query("SELECT 1, name FROM user WHERE email='".$db->escapeString($email)."'");
+ $res_ar = $res_db->fetchArray(SQLITE3_NUM);
+
+ if($res_ar[0] == 1){
+ if($name != $res_ar[1]){
+ return CH_EMAIL_EXISTS;
+ }
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE user SET email='".$db->escapeString($email)."' WHERE name='".$db->escapeString($name)."';
+ COMMIT;
+ ")){
+ return CH_EMAIL_SUCCESS;
+ } else {
+ return DATABASE;
+ }
+}
diff --git a/www/functions/notused/func_content.php b/www/functions/notused/func_content.php
new file mode 100755
index 0000000..ad0c87e
--- /dev/null
+++ b/www/functions/notused/func_content.php
@@ -0,0 +1,121 @@
+<?php
+
+function collect_content($db,$username, $folder_path){
+ $owner = user_id($db, $username);
+
+ if(!$owner){
+ failure("This user doesn't exist!");
+ }
+
+ $file_id = select_file_id($db, $owner, $folder_path);
+
+ if(!$file_id){
+ return FILE_NOT_FOUND;
+ }
+
+ $content = get_content($db, $file_id, $owner);
+
+ if(!$content){
+ return EMPTY_FOLDER;
+ }
+
+ return $content;
+}
+
+function get_content($db, $file_id, $owner){
+
+ if($_SESSION["login"] && $_SESSION["userid"] == $owner){
+ $share="";
+ } else {
+ $share =" AND share='PUBLIC'";
+ }
+
+ $content_db = $db->query("SELECT * FROM files WHERE parent=" . $file_id . " AND owner=" . $owner . $share . " ORDER BY folder, name;");
+
+ $count=0;
+
+ while($row = $content_db->fetchArray(SQLITE3_NUM)){
+ $content[$count][0] = $row[0];
+ $content[$count][1] = $row[1];
+ $content[$count][2] = $row[2];
+ $content[$count][3] = $row[3];
+ $content[$count][4] = $row[4];
+ $content[$count][5] = $row[5];
+ $content[$count][6] = $row[6];
+ $content[$count][7] = $row[7];
+ $content[$count][8] = $row[8];
+ $count++;
+ }
+
+ if(!empty($content)){
+ return $content; // returns everything listed in the folder which is commited as parameter
+ } else {
+ return false; // empty folder
+ }
+}
+
+function get_path_to_wrong_folder($db, $username, $folder_path){
+
+ $owner = user_id($db, $username);
+
+ if($_SESSION["login"] && $_SESSION["userid"] == $owner){
+ $share = "";
+ } else {
+ $share =" AND share='PUBLIC'";
+ }
+
+ $folder_array_unsafe = explode("/",$folder_path);
+ $length = count($folder_array_unsafe);
+
+ $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND folder='DIRECTORY' " . $share . ";");
+ $root_ar = $root_db->fetchArray(SQLITE3_NUM);
+ $root_id = $root_ar[0];
+
+ if(empty($root_id)){
+ return FOLDER_NOT_PUBLIC;
+ }
+
+ $parentdir = $root_id;
+
+ for($i=0; $i<$length; $i++){
+ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=". $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
+ $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+
+ if($parentdir != $prim_id[1]){
+ $wrong_folder = $folder_array_unsafe[$i];
+ $working_path[0] = $wrong_folder;
+
+ for($j=0; $j<$i; $j++){
+ $working_path[$j] = $folder_array_unsafe[$j];
+ }
+
+ $lwp = count($working_path);
+ $working_path[$lwp] = $wrong_folder;
+
+ if($i == 0){
+ $working_path[0] = ""; // shows just the root slash
+ }
+
+ return $working_path; // returns working path and wrong folder as an array
+ }
+
+ $parentdir = $prim_id[0];
+
+ }
+
+ return false;
+}
+
+function print_wrong_folder($content){
+
+ $length = count($content);
+
+ $wrong_folder = $content[$length-1];
+ $working_path[0] = $wrong_folder; // initialize empty array
+
+ for($i=0; $i<$length-1; $i++){
+ $working_path[$i] = $content[$i];
+ }
+
+ get_404($working_path, $wrong_folder);
+}
diff --git a/www/functions/notused/func_delete.php b/www/functions/notused/func_delete.php
new file mode 100644
index 0000000..6220f8a
--- /dev/null
+++ b/www/functions/notused/func_delete.php
@@ -0,0 +1,207 @@
+<?php
+
+/*
+ expected state: tested?; but broken
+*/
+
+function check_if_deletable($db, $id, $hash){
+ $check_db = $db->query("SELECT hash FROM files WHERE id!=".$id." AND folder='FILE';");
+
+ $count = 0;
+ while($check_ar = $check_db->fetchArray(SQLITE3_NUM)){
+ if($check_ar[0] == $hash){
+ $count = $count +1;
+ break;
+ }
+ }
+
+ if($count == 0){
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function delete_file($user, $path){
+
+ if(!$_SESSION["login"]){
+ return DELETE_FILE_LOGIN;
+ }
+
+ $db = $GLOBALS["db"];
+ $uploaddir = "../files/";
+
+ $file_id = select_file_id($db, $user, $path);
+
+ $file_owner_db = $db->query("SELECT owner FROM files WHERE id=".$file_id.";");
+ $file_owner_ar = $file_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($file_owner_ar[0] != $_SESSION["userid"]){
+ return DELETE_FILE_NOT_OWNER;
+ }
+
+ $check_if_file_db = $db->query("SELECT folder, hash FROM files WHERE id=".$file_id.";");
+ $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM);
+
+ if($check_if_file_ar[0] != "FILE"){
+ return DELETE_FILE_NO_FILE;
+ }
+
+ $file_hash = $check_if_file_ar[1];
+
+ $hash_array_db = $db->query("SELECT hash FROM files WHERE hash='".$file_hash.";'");
+ $count = 0;
+
+ while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){
+ $hash_ar[$count] = $row1[0];
+ $count++;
+ }
+
+ $count = 0;
+
+ for($i=0; $i<count($hash_ar); $i++){
+ $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]. "';");
+ while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){
+ if($row2[1] != $_SESSION["userid"]){
+ $saved_files[$count] = $hash_ar[$i];
+ }
+ $count++;
+ }
+ }
+
+ for($i=0; $i<count($saved_files); $i++){
+ $cur = $saved_files[$i];
+ for($j=0; $j<count($hash_ar); $j++){
+ if($cur == $hash_ar[$j]){
+ $hash_ar[$j] = "";
+ }
+ }
+ }
+
+ for($i=0; $i<count($hash_ar); $i++){
+ if(!$file_hash[$i] != ""){
+ if(!unlink($uploaddir.$file_hash.".gz")){
+ return DELETE_FILE_UNLINK;
+ }
+ }
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ DELETE FROM files WHERE id=".$file_id.";
+ COMMIT;
+ ")){
+ return DELETE_FILE_SUCCESS;
+ } else {
+ return DELETE_FILE_DATABASE;
+ }
+}
+
+function delete_folder($user, $path){
+
+ if(!$_SESSION["login"]){
+ return DELETE_FOLDER_LOGIN;
+ }
+
+ $db = $GLOBALS["db"];
+
+ $folder_id = select_file_id($db, $user, $path);
+
+ $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$folder_id.";");
+ $folder_owner_ar = $db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return DELETE_FOLDER_NOT_OWNER;
+ }
+
+ $folder_content_db = $db->query("SELECT id FROM files WHERE parent=".$folder_id.";");
+ $folder_content_ar = $folder_content_db->fetchArray(SQLITE3_NUM);
+
+ if(empty($folder_content_ar[0])){
+ return DELETE_FOLDER_NOT_EMPTY;
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ DELETE FROM files WHERE id=".$folder_id.";
+ COMMIT;
+ ")){
+ return DELETE_FOLDER_SUCCESS;
+ } else {
+ return DELETE_FOLDER_DATABASE;
+ }
+}
+
+function delete_user($user, $password, $password_verify){
+
+ if(!$_SESSION["login"]){
+ return DELETE_USER_LOGIN;
+ }
+
+ $db = $GLOBALS["db"];
+ $uploaddir = "../files/";
+
+ $owner = user_id($db, $user);
+
+ if(($password != $password_verify ) || $password = ""){
+ return DELETE_USER_EMPTY_PASSWORD;
+ }
+
+ $password_hash_db = $db->query("SELECT password FROM user WHERE id=".$owner.";");
+ $password_hash_ar = $password_hash_db->fetchArray(SQLITE3_NUM);
+
+ $admin_password_hash_db = $db->query("SELECT password FROM user WHERE id=1;");
+ $admin_password_hash_ar = $admin_password_hash_db->fetchArray(SQLITE3_NUM);
+
+ if(!password_verify($password, $password_hash_ar[0]) || !password_verify($password, $admin_password_hash_ar[0])){
+ return DELETE_USER_WRONG_PASSWORD;
+ }
+
+ $hash_array_db = $db->query("SELECT hash FROM files WHERE folder='FILE' AND owner=".$owner.";");
+
+ $count = 0;
+
+ while($row1 = $hash_array_db->fetchArray(SQLITE3_NUM)){
+ $hash_ar[$count] = $row1[0];
+ $count++;
+ }
+
+ $count = 0;
+
+ for($i=0; $i<count($hash_ar); $i++){
+ $file_id_owner_db = $db->query("SELECT id, owner FROM files WHERE folder='FILE' AND hash='".$hash_ar[$i]."';");
+ while($row2 = $file_id_owner->fetchArray(SQLITE3_NUM)){
+ if($row2[1] != $_SESSION["userid"]){
+ $saved_files[$count] = $hash_ar[$i];
+ }
+ $count++;
+ }
+ }
+
+ for($i=0; $i<count($saved_files); $i++){
+ $cur = $saved_files[$i];
+ for($j=0;$j<count($hash_ar); $j++){
+ if($cur == $hash_ar[$j]){
+ $hash_ar[$j] = "";
+ }
+ }
+ }
+
+ for($i=0; $ii<count($hash_ar); $i++){
+ if($hash_ar[$i] != ""){
+ if(!unlink($uploaddir.$hash_ar[$i].".gz")){
+ return DELETE_USER_FILE_DELETE;
+ }
+ }
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ DELETE FROM user WHERE id=".$owner.";
+ COMMIT;
+ ")){
+ return DELETE_USER_SUCCESS;
+ } else {
+ return DELETE_USER_DATABASE;
+ }
+}
diff --git a/www/functions/notused/func_download.php b/www/functions/notused/func_download.php
new file mode 100644
index 0000000..26b25b1
--- /dev/null
+++ b/www/functions/notused/func_download.php
@@ -0,0 +1,123 @@
+<?php
+
+/*
+ Expected state: tested, should work.
+*/
+
+function check_if_file($db, $name, $folder_path){
+
+ $owner = user_id($db, $name);
+
+ $file_id = select_file_id($db, $owner, $folder_path);
+
+ if($file_id){
+ $check_if_file_db = $db->query("SELECT folder FROM files WHERE id=".$file_id.";");
+ $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM);
+
+ if($check_if_file_ar[0] == "FILE"){
+ return true;
+ } else {
+ return false;
+ }
+ } else {
+ //$content = get_path_to_empty_folder($db, $name, $folder_path);
+ //print_empty_folder($content);
+ //get_404("/", "Protected file");
+ return false;
+ }
+}
+
+function start_file_download($user, $path){
+
+ $db = $GLOBALS["db"];
+
+ $owner = user_id($db, $user);
+
+ $file_id = select_file_id($db, $owner, $path);
+
+ $file_db = $db->query("SELECT owner, share FROM files WHERE id=" . $file_id . ";");
+ $file_ar = $file_db->fetchArray(SQLITE3_NUM);
+ $file_owner = $file_ar[0];
+ $share = $file_ar[1];
+
+ if($_SESSION["login"] && ($_SESSION["userid"] == $file_owner)){
+ if(download_file($db, $file_id)){
+ return true;
+ } else {
+ return false;
+ }
+ } else {
+ if($share != "PUBLIC"){
+ return false;
+ }
+
+ if(download_file($db, $file_id)){
+ return true;
+ } else {
+ return false;
+ }
+ }
+}
+
+function check_file_hash($db, $file_id, $download_hash){
+ if(preg_match("/[^0-9]/", $file_id)){
+ return DOWNLOAD_FALSE_ID;
+ }
+
+ $check_hash_db = $db->query("SELECT owner, folder, share, download_link FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
+ $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
+
+ if($check_hash_ar[1] != "FILE"){
+ return DOWNLOAD_NOT_FILE;
+ }
+
+ if($check_hash_ar[2] != "PUBLIC"){
+ if($_SESSION["userid"] != $check_hash_ar[0]){
+ if($check_hash_ar[3] != $download_hash){
+ return DOWNLOAD_PRIVATE_FILE;
+ }
+ }
+ }
+
+ if(!download_file($db, $file_id)){
+ return false;
+ } else {
+ return true;
+ }
+
+}
+
+function download_file($db, $file_id){
+
+ $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
+ $file_ar = $file_db->fetchArray(SQLITE3_NUM);
+
+ $file_name = $file_ar[0];
+ $file_mime = $file_ar[1];
+ $file_size = $file_ar[2];
+ $file_hash = $file_ar[3];
+
+ $uploaddir = "../files/";
+ $gzip_file = $uploaddir . $file_hash . ".gz";
+
+//TODO: buffer output, print if reading == true
+
+ header("Content-Type: ".$file_mime);
+
+ if(!preg_match("/^image\/.+/", $file_mime)){
+ header("Content-Disposition: attachment; filename=\"".$file_name."\"");
+ } else {
+ header("filename=".$file_name."");
+ }
+ header("Content-Length: ".$file_size);
+ set_time_limit(0);
+ $uncompressed_file = readgzfile($gzip_file);
+
+ if($uncompressed_file){
+ return true;
+ } else {
+ return false;
+ }
+
+
+}
diff --git a/www/functions/notused/func_folder.php b/www/functions/notused/func_folder.php
new file mode 100644
index 0000000..044fd8e
--- /dev/null
+++ b/www/functions/notused/func_folder.php
@@ -0,0 +1,162 @@
+<?php
+
+function database_mkdir($db, $file_id, $new_folder_name, $share){
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", '" . SQLite3::escapeString($new_folder_name) . "', 'DIRECTORY', 0, '" . SQLite3::escapeString($share) . "', '');
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function create_folder($path, $new_folder_name, $share){
+
+ $db = $GLOBALS["db"];
+
+ if(!$_SESSION["login"]){
+ return MKDIR_LOGIN;
+ }
+
+ $file_id = select_file_id($db, $_SESSION["userid"], $path);
+
+ $owner_db = $db->query("SELECT owner FROM files WHERE id=" . SQLite3::escapeString($file_id) . ";");
+ $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+
+ if($owner_ar[0] != $_SESSION["userid"]){
+ return MKDIR_OWNER;
+ }
+
+ //TODO: Cut trailing or leading slash
+ //TODO: Maye create two folders instead of returning an error?
+ if(preg_match("/\//", $new_folder_name)){
+ return SLASH_IN_FOLDER_NAME;
+ }
+
+ $dupl_db = $db->query("SELECT parent FROM files WHERE name='" . SQLite3::escapeString($new_folder_name) . "' AND owner=".$_SESSION["userid"].";");
+ while($dupl_ar = $dupl_db->fetchArray(SQLITE3_NUM)){
+ if($dupl_ar[0] == $file_id){
+ return MKDIR_DUPLICATE;
+ }
+ }
+
+ if(database_mkdir($db, $file_id, $new_folder_name, $share)){
+ return MKDIR_SUCCESS;
+ } else {
+ return MKDIR_DATABASE;
+ }
+}
+
+function move_folder($old_path, $new_path){
+
+ if(!$_SESSION["login"]){
+ return NOT_LOGED_IN;
+ }
+
+ $db = $GLOBALS["db"];
+ $old_file_id = select_file_id($db, $_SESSION["userid"], $old_path);
+ $new_file_id = select_file_id($db, $_SESSION["userid"], $new_path);
+
+ $old_folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$old_file_id.";");
+ $old_folder_owner_ar = $old_folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($_SESSION["userid"] != $old_folder_owner_ar[0]){
+ return MV_OLD_FOLDER_NOT_OWNER;
+ }
+
+ if(!$new_file_id){
+ return MV_FOLDER_TARGET_NOT_EXIST;
+ }
+
+ $new_folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$new_file_id.";");
+ $new_folder_owner_ar = $new_folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($_SESSION["userid"] != $new_folder_owner_ar[0]){
+ return MV_NEW_FOLDER_NOT_OWNER; }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE files SET parent=".$new_file_id." WHERE id=".$old_file_id.";
+ COMMIT;
+ ")){
+ return MV_FOLDER_SUCCESS;
+ } else {
+ return MV_FOLDER_DATABASE;
+ }
+}
+
+function rename_folder($path, $new_name){
+ if(!$_SESSION["login"]){
+ return NOT_LOGED_IN;
+ }
+
+ $db = $GLOBALS["db"];
+
+ $file_id = select_file_id($db, $_SESSION["username"], $path);
+
+ $folder_owner_db = $db->query("SELECT owner FROM fiiles where id=".$file_id.";");
+ $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return FOLDER_NOT_OWNER;
+ }
+
+ if(preg_match("/\//", $new_name)){
+ return SLASH_IN_FOLDER_NAME;
+ }
+
+ $dupl_db = $db->query("SELECT parent FROM files WHERE name='" . SQLite3::escapeString($new_name) . "' AND owner=".$_SESSION["userid"].";");
+ while($dupl_ar = $dupl_db->fetchArray(SQLITE3_NUM)){
+ if($dupl_ar[0] == $file_id){
+ return MKDIR_DUPLICATE;
+ }
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE files SET name='".SQLite3::escapeString($new_name)."' WHERE id=".$file_id.";
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return DATABASE;
+ }
+}
+
+function generate_download_link($file_id){
+
+ if(!$_SESSION["login"]){
+ return NOT_LOGED_IN;
+ }
+
+ $db = $GLOBALS["db"];
+
+ $folder_owner_db = $db->query("SELECT owner FROM files where id=".$file_id.";");
+ $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return FOLDER_NOT_OWNER;
+ }
+
+ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($key_array);
+ $key = "";
+
+ for ($i=0;$i<21;$i++){
+ $index = mt_rand(0,$length-1);
+ $key = $key.$key_array[$index];
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE files SET download_link='".$key."' WHERE id=".$file_id.";
+ COMMIT;
+ ")){
+ return $key;
+ } else {
+ return DATABASE;
+ }
+}
diff --git a/www/functions/notused/func_invite.php b/www/functions/notused/func_invite.php
new file mode 100755
index 0000000..d7613d5
--- /dev/null
+++ b/www/functions/notused/func_invite.php
@@ -0,0 +1,62 @@
+<?php
+function invite($db){
+
+ $name=$_SESSION["username"];
+ $safe_name = SQLite3::escapeString("$name");
+
+ $email=$_POST["email"];
+ $safe_email=SQLite3::escapeString("$email");
+
+ $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+ if($invite <= 0){
+ return INVITE_INVITES;
+ }
+
+ $email_db = $db->query("Select 1 FROM user WHERE email='" . $safe_email . "';");
+ $email_ar = $email_db->fetchArray(SQLITE3_NUM);
+
+ if($email_ar[0] == 1){
+ return INVITE_USEREXISTS;
+ }
+
+ /*Generates the invite key => [-_0-9a-zA-Z]{11}*/
+
+ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($key_array);
+ $key = "";
+
+ for ($i=0;$i<11;$i++){
+ $index = mt_rand(0,$length-1);
+ $key = "$key".$key_array[$index];
+ }
+
+ $id_db = $db->query("SELECT id FROM USER WHERE name='" . $safe_name . "';");
+ $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+ $id = $id_ar[0];
+
+ /*Generates the new user and decrease the invites*/
+
+ $invite = $invite-1;
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0);
+ UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "';
+ COMMIT;")
+ ){
+
+ $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is " . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+
+ // Doesn't work with GMX or Web.de atm.
+ mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
+
+ return INVITE_SUCCESSFULL;
+
+ } else {
+ return INVITE_DATABASE;
+ }
+}
diff --git a/www/functions/notused/func_rewrite.php b/www/functions/notused/func_rewrite.php
new file mode 100755
index 0000000..0a123d6
--- /dev/null
+++ b/www/functions/notused/func_rewrite.php
@@ -0,0 +1,30 @@
+<?php
+function rewrite($db){
+
+ /* test if first argument a username or folder */
+
+ $name = user_id($db, $_GET["name"]);
+
+ if($name == ""){
+
+ /* if first argument wasn't valid, rewrite the URL to include the username */
+
+ $folder = $_GET["folder"];
+
+ if(preg_match("/\/$/", $_GET["folder"])){
+ $folder = substr($_GET["folder"], 0, -1);
+ }
+
+ if($_SESSION["login"]){
+ $scheme = $GLOBALS["scheme"];
+ header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/" . $_SESSION['username'] . "/" . $_GET["name"] . "/" . $folder . "");
+ exit;
+ }
+
+ return false;
+
+ } else {
+ return true;
+ }
+}
+
diff --git a/www/functions/notused/func_select.php b/www/functions/notused/func_select.php
new file mode 100755
index 0000000..9f10cd6
--- /dev/null
+++ b/www/functions/notused/func_select.php
@@ -0,0 +1,62 @@
+<?php
+function select_file_id($db, $owner, $folder_path){
+
+ if($_SESSION["login"] && $_SESSION["userid"] == $owner){ // TODO: Check if loged in user really the user who does the query - fix 12.3.14
+ $share=""; // to print all files, even hidden ones
+ } else {
+ $share =" AND share='PUBLIC'"; // just use files with the correct permissions
+ }
+
+ $folder_array_unsafe = explode("/",$folder_path);
+
+ $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . SQLite3::escapeString($owner) . " AND folder='DIRECTORY' " . $share . ";");
+ $root_ar = $root_db->fetchArray(SQLITE3_NUM);
+ $root_id = $root_ar[0];
+ if(empty($root_ar[0])){
+ failure("Seems like the user doesn't want to show his tree: " . $root_id);
+ }
+
+ $tmp_length = count($folder_array_unsafe);
+
+ if(empty($folder_array_unsafe[$tmp_length-1])){
+ $length = $tmp_length-1;
+ } else {
+ $length = $tmp_length;
+ }
+
+ $parentdir = SQLite3::escapeString($root_id);
+
+ if(empty($folder_array_unsafe[0])){
+ return $root_id; // returns the primary key from the root dir
+ }
+
+ for($i=0; $i<$length; $i++){
+
+ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "' COLLATE NOCASE;");
+
+ $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+
+
+ if($parentdir != $prim_id[1]){
+
+/*
+ $wrong_folder = $folder_array_unsafe[$i];
+ $working_path[0] = $wrong_folder;
+
+ for($j=0; $j<$i; $j++){
+ $working_path[$j] = $folder_array_unsafe[$j];
+ }
+
+ get_404($working_path, $wrong_folder);
+*/
+
+ return false;
+ }
+
+
+ $parentdir = $prim_id[0];
+ }
+
+ return $parentdir; // returns the primary key from the last entry in the folder array
+
+}
diff --git a/www/functions/notused/func_upload.php b/www/functions/notused/func_upload.php
new file mode 100755
index 0000000..31fe304
--- /dev/null
+++ b/www/functions/notused/func_upload.php
@@ -0,0 +1,192 @@
+<?php
+
+function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function database_upload_update($db, $id, $name, $mime, $size, $share, $filehash){
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE files SET name='".$name."', mime='".$mime."', size='".$size."', share='".$share."', hash='".$filehash."' WHERE id=".$id.";
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function upload($path){
+
+ $db = $GLOBALS["db"];
+
+ set_time_limit(0);
+
+ if(!$_SESSION["login"]){
+ return UPLOAD_LOGIN;
+ }
+
+ if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
+ return UPLOAD_UPLOAD;
+ }
+
+ $parentdir = select_file_id($db, $_SESSION["userid"], $path);
+
+ $folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";");
+ $folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
+
+ if($folder_owner_ar[0] != $_SESSION["userid"]){
+ return UPLOAD_FOLDER_NOT_OWNER;
+ }
+
+ $owner = $_SESSION["userid"];
+
+ $overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
+ $overall_size = 0;
+ while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
+ $overall_size = $overall_size + $row[0];
+ }
+
+ if($overall_size > 2147483648){ // == 2GB
+ return UPLOAD_QUOTA;
+ }
+
+ $filename = $_FILES['userfile']['name'];
+
+ $folder = "FILE";
+ $mime = $_FILES['userfile']['type'];
+ $size = $_FILES['userfile']['size'];
+
+ if(isset($_POST["share"])){
+ $share = "PUBLIC";
+ } else {
+ $share = "PRIVATE";
+ }
+
+ $uploaddir = "../files/";
+
+ //$filehash = hash_file("md5", $uploaddir . $filename);
+ $filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
+
+ $exists = false;
+ $check_if_filename_already_exists_db = $db->query("SELECT id, name FROM files WHERE parent=".$parentdir." AND folder='FILE'");
+
+ while($row = $check_if_filename_already_exists_db->fetchArray(SQLITE3_NUM)){
+ if($row[1] == $filename){
+ $fileid = $row[0];
+ $exists = true;
+ break;
+ }
+ }
+
+ $hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
+ $hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM);
+
+ /* new file was uploaded */
+ if(empty($hashtest_ar[0])){
+
+ if(!move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
+ return UPLOAD_MOVING;
+ }
+
+ /* checks if filename exists in the same directory */
+ if($exists){
+ $delete_file_db = $db->query("SELECT hash FROM files WHERE name='".$filename."' AND parent='".$parentdir."';");
+ $delete_file_ar = $delete_file_db->fetchArray(SQLITE3_NUM);
+
+ if(check_if_deletable($db, $fileid, $delete_file_ar[0])){
+
+ if(!unlink($uploaddir.$delete_file_ar[0].".gz")){
+ return UPLOAD_FILE_HANDLING;
+ }
+ }
+ if(!database_upload_update($db, $fileid, $filename, $mime, $size, $share, $filehash)){
+ return UPLOAD_DATABASE;
+ }
+ } else {
+ if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+ return UPLOAD_DATABASE;
+ }
+ }
+
+ $gzfile = $uploaddir . $filehash . ".gz";
+ $fp = gzopen($gzfile, 'w9');
+
+ if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ if(!gzclose($fp)){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ if(!unlink($uploaddir . $filename)){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ return UPLOAD_SUCCESS;
+
+ /* new file already exists, only thing is a new entry in the database */
+ } else {
+
+ $dupl_db = $db->query("SELECT parent, mime, size, share, name FROM files WHERE hash='" . $filehash . "';");
+
+ while($row = $dupl_db->fetchArray(SQLITE3_NUM)){
+ if($row[0] == $parentdir){
+ if($mime == $row[1] && $size == $row[2] && $share == $row[3] && $filename == $row[4]){
+ return UPLOAD_DUPLICATE;
+ }
+ }
+ }
+
+ if($exists){
+ $delete_file_db = $db->query("SELECT hash FROM files WHERE name='".$filename."' AND parent='".$parentdir."';");
+ $delete_file_ar = $delete_file_db->fetchArray(SQLITE3_NUM);
+
+ if(check_if_deletable($db, $fileid, $delete_file_ar[0])){
+ if(!unlink($uploaddir.$delete_file_ar[0].".gz")){
+ return UPLOAD_FILE_HANDLING;
+ }
+ }
+ if(!database_upload_update($db, $fileid, $filename, $mime, $size, $share, $filehash)){
+ return UPLOAD_DATABASE;
+ }
+ } else {
+ if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+ return UPLOAD_DATABASE;
+ }
+ }
+
+ if(!unlink($_FILES['userfile']['tmp_name'])){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ return UPLOAD_SUCCESS;
+ }
+}
+
+//not used atm
+
+//function web_upload($db){
+// $url = $_POST["url"];
+// if(!preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
+// echo "no hyperlink";
+// return false;
+// }
+// if(!preg_match("/^[a-zA-Z]+://", $url){
+// $url = "http://".$url;
+// }
+// $file = file_get_contents($url);
+// if(!$file){
+// echo "Couldn't download ".$url;
+// return false;
+// }
+//}