aboutsummaryrefslogtreecommitdiffstats
path: root/php/share.php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-13 23:24:31 +0200
committeradam <adam@>2021-02-13 23:24:31 +0200
commitc7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (patch)
tree970b84eb7103248e10d2a713850e0a314d921aa8 /php/share.php
parent3005c7774d4f32dc857a9b10c4e621f4df2019c4 (diff)
downloadfileup-c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1.tar.gz
generates different code links
Diffstat (limited to 'php/share.php')
-rw-r--r--php/share.php14
1 files changed, 8 insertions, 6 deletions
diff --git a/php/share.php b/php/share.php
index 5c92a76..0853058 100644
--- a/php/share.php
+++ b/php/share.php
@@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}
else
{
-// http_response_code(409);
+ http_response_code(409);
error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
-// exit(1);
+ exit(1);
}
//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
@@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
$code=$_GET["file"];
- $file_id=$database->get_node_with_code($code);
- if($file_id==NULL)
+ $password=$_GET["password"];
+
+ $shared_node=$database->get_shared_node($code);
+ if($shared_node==NULL || $shared_node->password!=$password)
{
http_response_code(409);
exit(0);
}
- $permissions=$database->get_permissions($file_id,$user->user_id);
+ $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
if($permissions["can_view"]==true)
{
- $node=$database->get_node($file_id);
+ $node=$database->get_node($shared_node->node_id);
if($node->is_directory)
{
/*spooky stuff here*/