diff options
author | adam <adam@> | 2021-02-13 23:24:31 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-13 23:24:31 +0200 |
commit | c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (patch) | |
tree | 970b84eb7103248e10d2a713850e0a314d921aa8 /php | |
parent | 3005c7774d4f32dc857a9b10c4e621f4df2019c4 (diff) | |
download | fileup-c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1.tar.gz |
generates different code links
Diffstat (limited to 'php')
-rw-r--r-- | php/database.php | 34 | ||||
-rw-r--r-- | php/node.php | 22 | ||||
-rw-r--r-- | php/share.php | 14 |
3 files changed, 51 insertions, 19 deletions
diff --git a/php/database.php b/php/database.php index 6762a5f..58ca251 100644 --- a/php/database.php +++ b/php/database.php @@ -458,19 +458,25 @@ require_once "node.php"; } } - function create_shared_node(string $password,int $node_id):bool + function create_shared_node(string $password,int $node_id) { - $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode) - values (:id,:pass) + $code=$this->get_random_node_name(""); + $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code) + values (:id,:pass,:code) "); $prep->bindParam(':id',$node_id); $prep->bindParam(':pass',$password); + $prep->bindParam(':code',$code); if($prep->execute()==false) { error_log("could not create shared node in create_shared_node"); - return false; + return NULL; } - return true; + $shared_node=new Shared_Node(); + $shared_node->code=$code; + $shared_node->node_id=$node_id; + $shared_node->password=$password; + return $shared_node; } function get_node(int $node_id) { @@ -588,6 +594,24 @@ require_once "node.php"; return false; } } + function get_shared_node(string $code) + { + $prepare=$this->pdo->prepare(" + select * from shared_nodes where code=:code + "); + $prepare->bindParam(':code',$code); + if($prepare->execute()==false) + { + error_log("sql statement at get_shared_node failed"); + return NULL; + } + $ret=$prepare->fetch(PDO::FETCH_ASSOC); + $nod=new Shared_Node(); + $nod->node_id=$ret["node_id"]; + $nod->password=$ret["passcode"]; + $nod->code=$ret["code"]; + return $nod; + } /*returns false if username is taken, email is not checked here*/ function register_user(string $user,string $password,string $email) : bool diff --git a/php/node.php b/php/node.php index 666d540..c86beae 100644 --- a/php/node.php +++ b/php/node.php @@ -10,6 +10,12 @@ require_once "user.php"; public $type; public $code; } + class Shared_Node + { + public $node_id; + public $code; + public $password; + } /*path is in terms of the simulated filesystem*/ /*returns NULL on error*/ function get_directory(string $abstract_path,User $user) @@ -86,22 +92,22 @@ require_once "user.php"; { return NULL; } - if($database->create_shared_node($password,$node_id)==false) + $shared_node=$database->create_shared_node($password,$node_id); + if($shared_node==NULL) { return NULL; } - $code=$database->get_code_of_node($node_id); - if($code==NULL) - { - return NULL; - } + if($can_read) + $database->give_view_access($node_id,$user->user_id); + if($can_write) + $database->give_edit_access($node_id,$user->user_id); if($use_https) { - return "https://".$domain_name."/php/share.php?file=".$code; + return "https://".$domain_name."/php/share.php?file=".$shared_node->code; }else { - return "http://".$domain_name."/php/share.php?file=".$code; + return "http://".$domain_name."/php/share.php?file=".$shared_node->code; } } diff --git a/php/share.php b/php/share.php index 5c92a76..0853058 100644 --- a/php/share.php +++ b/php/share.php @@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST") } else { -// http_response_code(409); + http_response_code(409); error_log("someone gave wrong premmissions =".$permissions."! This could be an attack"); -// exit(1); + exit(1); } //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); @@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST") }else if($_SERVER["REQUEST_METHOD"]== "GET") { $code=$_GET["file"]; - $file_id=$database->get_node_with_code($code); - if($file_id==NULL) + $password=$_GET["password"]; + + $shared_node=$database->get_shared_node($code); + if($shared_node==NULL || $shared_node->password!=$password) { http_response_code(409); exit(0); } - $permissions=$database->get_permissions($file_id,$user->user_id); + $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); if($permissions["can_view"]==true) { - $node=$database->get_node($file_id); + $node=$database->get_node($shared_node->node_id); if($node->is_directory) { /*spooky stuff here*/ |