diff options
author | adam <adam@> | 2021-02-13 23:24:31 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-13 23:24:31 +0200 |
commit | c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (patch) | |
tree | 970b84eb7103248e10d2a713850e0a314d921aa8 /php/share.php | |
parent | 3005c7774d4f32dc857a9b10c4e621f4df2019c4 (diff) | |
download | fileup-c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1.tar.gz |
generates different code links
Diffstat (limited to 'php/share.php')
-rw-r--r-- | php/share.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/php/share.php b/php/share.php index 5c92a76..0853058 100644 --- a/php/share.php +++ b/php/share.php @@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST") } else { -// http_response_code(409); + http_response_code(409); error_log("someone gave wrong premmissions =".$permissions."! This could be an attack"); -// exit(1); + exit(1); } //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); @@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST") }else if($_SERVER["REQUEST_METHOD"]== "GET") { $code=$_GET["file"]; - $file_id=$database->get_node_with_code($code); - if($file_id==NULL) + $password=$_GET["password"]; + + $shared_node=$database->get_shared_node($code); + if($shared_node==NULL || $shared_node->password!=$password) { http_response_code(409); exit(0); } - $permissions=$database->get_permissions($file_id,$user->user_id); + $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); if($permissions["can_view"]==true) { - $node=$database->get_node($file_id); + $node=$database->get_node($shared_node->node_id); if($node->is_directory) { /*spooky stuff here*/ |