aboutsummaryrefslogtreecommitdiffstats
path: root/php/share.php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-13 22:12:39 +0200
committeradam <adam@>2021-02-13 22:12:39 +0200
commitfc779bb49a74da78689776391f5ea999c0a03f37 (patch)
tree18d12cf3286c4544acdcea4c8f2c31272e862f93 /php/share.php
parentdf1fcd07a15417173404b25b91cb8ac176e421c5 (diff)
downloadfileup-fc779bb49a74da78689776391f5ea999c0a03f37.tar.gz
share is share
Diffstat (limited to 'php/share.php')
-rw-r--r--php/share.php76
1 files changed, 76 insertions, 0 deletions
diff --git a/php/share.php b/php/share.php
new file mode 100644
index 0000000..3122162
--- /dev/null
+++ b/php/share.php
@@ -0,0 +1,76 @@
+<?php
+require_once "configuration.php";
+require_once "database.php";
+require_once "user.php";
+session_start();
+
+$user=$_SESSION['user_object'];
+
+
+if($_SERVER["REQUEST_METHOD"] == "POST")
+{
+ $path=$_POST["folder"];
+ /*this could be a directory as well*/
+ $filename=$_POST["filename"];
+ $users=$_POST["users"];
+ $password=$_POST["password"];
+ $premissions=$_POST["premissions"];
+
+ if($premissions==1)
+ {
+ $can_read=true;
+ $can_write=false;
+ }else if($premissions==3)
+ {
+ $can_read=true;
+ $can_write=true;
+ }
+ else
+ {
+ http_response_code(409);
+ error_log("someone gave wrong premmissions =".$premissions."! This could be an attack");
+ exit(1);
+ }
+
+ $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
+
+ if($share_link==NULL)
+ {
+ http_response_code(409);
+ }
+ echo $share_link;
+ http_response_code(200);
+ exit(0);
+}else if($_SERVER["REQUEST_METHOD"]== "GET")
+{
+ $code=$_GET["code"];
+ $file_id=$database->get_node_with_code($code);
+ if($file_id==NULL)
+ {
+ http_response_code(409);
+ exit(0);
+ }
+ $premissions=$database->get_premissions($file_id,$user->user_id);
+ if($premissions["can_view"]==true)
+ {
+ $node=$database->get_node($file_id);
+ if($node->is_directory)
+ {
+ /*spooky stuff here*/
+ http_response_code(409);
+ exit(1);
+ }else
+ {
+ header("Content-type: $node[type]");
+ readfile("$storage_root/$node[code]");
+ }
+ }
+
+
+
+}else
+{
+ http_response_code(409);
+ exit(0);
+}
+?>