diff options
author | adam <adam@> | 2021-02-14 12:22:13 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-14 12:22:13 +0200 |
commit | 458078b50b26105b8147b4d492c9d4f2796da4eb (patch) | |
tree | 1c35e21a20825e60332c7fb0a8371d5cf9debe37 /php/share.php | |
parent | a1a2e2e0533a640aeff3448572f8ee6a9862ccc2 (diff) | |
download | fileup-458078b50b26105b8147b4d492c9d4f2796da4eb.tar.gz |
trash code and hacks
Diffstat (limited to 'php/share.php')
-rw-r--r-- | php/share.php | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/php/share.php b/php/share.php index 10f8d25..8cc150a 100644 --- a/php/share.php +++ b/php/share.php @@ -9,8 +9,9 @@ session_start(); if($_SERVER["REQUEST_METHOD"] == "POST") { - if(!isset($_SESSION['user_object']) || !isset($_POST["folder"]) || !isset($_POST["filename"]) || !isset($_POST["users"]) || !isset($_POST["password"]) || !isset($_POST["premissions"]) ) + if(!isset($_SESSION['user_object']) || !isset($_POST["folder"]) || !isset($_POST["filename"]) || !isset($_POST["users"]) || !isset($_POST["password"]) || !isset($_POST["permissions"]) ) { + error_log("things are not set quite right"); http_response_code(409); exit(0); } @@ -22,6 +23,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST") $password=$_POST["password"]; $permissions=$_POST["permissions"]; + if($permissions==1) { $can_read=true; @@ -72,24 +74,49 @@ if($_SERVER["REQUEST_METHOD"] == "POST") http_response_code(409); exit(0); } - $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); - if($permissions["can_view"]==true) + if(isset($_SESSION["user_object"])) { - $node=$database->get_node($shared_node->node_id); - if($node->is_directory) + $user=$_SESSION["user_object"]; + $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); + if($permissions["can_view"]==true) { - /*spooky stuff here*/ - http_response_code(409); - exit(1); + $node=$database->get_node($shared_node->node_id); + if($node->is_directory) + { + /*spooky stuff here*/ + http_response_code(409); + exit(1); + }else + { + header("Content-type: $node->type"); + readfile("$storage_root/$node->code"); + } + } + }else + { + if($shared_node->is_public==true) + { + $node=$database->get_node($shared_node->node_id); + if($node->is_directory) + { + /*spooky stuff here*/ + http_response_code(409); + exit(1); + }else + { + header("Content-type: $node->type"); + readfile("$storage_root/$node->code"); + } }else { - header("Content-type: $node->type"); - readfile("$storage_root/$node->code"); + http_response_code(409); + exit(1); } } + }else { http_response_code(409); |