diff options
author | adam <adam@> | 2021-02-13 22:12:39 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-13 22:12:39 +0200 |
commit | fc779bb49a74da78689776391f5ea999c0a03f37 (patch) | |
tree | 18d12cf3286c4544acdcea4c8f2c31272e862f93 /php/share.php | |
parent | df1fcd07a15417173404b25b91cb8ac176e421c5 (diff) | |
download | fileup-fc779bb49a74da78689776391f5ea999c0a03f37.tar.gz |
share is share
Diffstat (limited to 'php/share.php')
-rw-r--r-- | php/share.php | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/php/share.php b/php/share.php new file mode 100644 index 0000000..3122162 --- /dev/null +++ b/php/share.php @@ -0,0 +1,76 @@ +<?php +require_once "configuration.php"; +require_once "database.php"; +require_once "user.php"; +session_start(); + +$user=$_SESSION['user_object']; + + +if($_SERVER["REQUEST_METHOD"] == "POST") +{ + $path=$_POST["folder"]; + /*this could be a directory as well*/ + $filename=$_POST["filename"]; + $users=$_POST["users"]; + $password=$_POST["password"]; + $premissions=$_POST["premissions"]; + + if($premissions==1) + { + $can_read=true; + $can_write=false; + }else if($premissions==3) + { + $can_read=true; + $can_write=true; + } + else + { + http_response_code(409); + error_log("someone gave wrong premmissions =".$premissions."! This could be an attack"); + exit(1); + } + + $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); + + if($share_link==NULL) + { + http_response_code(409); + } + echo $share_link; + http_response_code(200); + exit(0); +}else if($_SERVER["REQUEST_METHOD"]== "GET") +{ + $code=$_GET["code"]; + $file_id=$database->get_node_with_code($code); + if($file_id==NULL) + { + http_response_code(409); + exit(0); + } + $premissions=$database->get_premissions($file_id,$user->user_id); + if($premissions["can_view"]==true) + { + $node=$database->get_node($file_id); + if($node->is_directory) + { + /*spooky stuff here*/ + http_response_code(409); + exit(1); + }else + { + header("Content-type: $node[type]"); + readfile("$storage_root/$node[code]"); + } + } + + + +}else +{ + http_response_code(409); + exit(0); +} +?> |