aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoradam <adam@>2021-02-14 11:58:35 +0200
committeradam <adam@>2021-02-14 11:58:35 +0200
commit66040941492d590fd7a93d6c85f5f095335355e8 (patch)
treea06b764d773092926c1231ad07ae271bc5d937f9
parent47a01771243568017a5aedfb948a7fb2bf9543f8 (diff)
downloadfileup-66040941492d590fd7a93d6c85f5f095335355e8.tar.gz
trash
-rw-r--r--php/database.php19
-rw-r--r--php/node.php2
-rw-r--r--php/share.php20
-rw-r--r--sql/fileshare.sql3
4 files changed, 35 insertions, 9 deletions
diff --git a/php/database.php b/php/database.php
index 61ff344..57aac3d 100644
--- a/php/database.php
+++ b/php/database.php
@@ -21,7 +21,7 @@ require_once "node.php";
$this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
}
- /*returns NULL if this isn't a user, otherwise returns the user*/
+ /*returns NULL if this isn't a user, otherwise returns the user in the form of the User class*/
function get_user(string $user)
{
$ret=new User;
@@ -75,7 +75,7 @@ require_once "node.php";
}
}
- /*returns assoc array*/
+ /*returns assoc array , or NULL on error*/
function get_nodes_with_name($name)
{
$statement=$this->pdo->prepare(
@@ -92,7 +92,7 @@ require_once "node.php";
return $statement->fetchAll(PDO::FETCH_ASSOC);
}
- /*returns id*/
+ /*returns id or NULL on error*/
function get_node_with_code($code)
{
$statement=$this->pdo->prepare(
@@ -461,15 +461,22 @@ require_once "node.php";
}
}
- function create_shared_node(string $password,int $node_id)
+ function create_shared_node(string $password,int $node_id,string $users)
{
$code=$this->get_random_node_name("");
- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
- values (:id,:pass,:code)
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code,is_public)
+ values (:id,:pass,:code,:is_public)
");
$prep->bindParam(':id',$node_id);
$prep->bindParam(':pass',$password);
$prep->bindParam(':code',$code);
+ if($users=="")
+ {
+ $prep->bindParam(':is_public',true);
+ }else
+ {
+ $prep->bindParam(':is_public',false);
+ }
if($prep->execute()==false)
{
error_log("could not create shared node in create_shared_node");
diff --git a/php/node.php b/php/node.php
index a67cd38..dfe1297 100644
--- a/php/node.php
+++ b/php/node.php
@@ -97,7 +97,7 @@ require_once "user.php";
{
return NULL;
}
- $shared_node=$database->create_shared_node($password,$node_id);
+ $shared_node=$database->create_shared_node($password,$node_id,$users);
if($shared_node==NULL)
{
return NULL;
diff --git a/php/share.php b/php/share.php
index 8f2aeaf..10f8d25 100644
--- a/php/share.php
+++ b/php/share.php
@@ -5,11 +5,16 @@ require_once "user.php";
session_start();
-$user=$_SESSION['user_object'];
if($_SERVER["REQUEST_METHOD"] == "POST")
{
+ if(!isset($_SESSION['user_object']) || !isset($_POST["folder"]) || !isset($_POST["filename"]) || !isset($_POST["users"]) || !isset($_POST["password"]) || !isset($_POST["premissions"]) )
+ {
+ http_response_code(409);
+ exit(0);
+ }
+ $user=$_SESSION['user_object'];
$path=$_POST["folder"];
/*this could be a directory as well*/
$filename=$_POST["filename"];
@@ -47,8 +52,19 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
exit(0);
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
+ if(!isset($_GET["file"]))
+ {
+ http_response_code(409);
+ exit(0);
+ }
$code=$_GET["file"];
- $password=$_GET["password"];
+ if(isset($_GET["password"]))
+ {
+ $password=$_GET["password"];
+ }else
+ {
+ $password="";
+ }
$shared_node=$database->get_shared_node($code);
if($shared_node==NULL || $shared_node->password!=$password)
diff --git a/sql/fileshare.sql b/sql/fileshare.sql
index 1a0672a..b524a8b 100644
--- a/sql/fileshare.sql
+++ b/sql/fileshare.sql
@@ -62,6 +62,7 @@ create table shared_nodes (
node_id int not null,
passcode varchar(100) default "",
code varchar(100) default "",
+ is_public boolean default false,
foreign key (node_id) references nodes(node_id) on delete cascade
);
@@ -108,3 +109,5 @@ create trigger delete_links
for each row
delete from node_links
where directory_id=old.node_id;
+
+