aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-13 23:24:31 +0200
committeradam <adam@>2021-02-13 23:24:31 +0200
commitc7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (patch)
tree970b84eb7103248e10d2a713850e0a314d921aa8 /php
parent3005c7774d4f32dc857a9b10c4e621f4df2019c4 (diff)
downloadfileup-c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1.tar.gz
generates different code links
Diffstat (limited to 'php')
-rw-r--r--php/database.php34
-rw-r--r--php/node.php22
-rw-r--r--php/share.php14
3 files changed, 51 insertions, 19 deletions
diff --git a/php/database.php b/php/database.php
index 6762a5f..58ca251 100644
--- a/php/database.php
+++ b/php/database.php
@@ -458,19 +458,25 @@ require_once "node.php";
}
}
- function create_shared_node(string $password,int $node_id):bool
+ function create_shared_node(string $password,int $node_id)
{
- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
- values (:id,:pass)
+ $code=$this->get_random_node_name("");
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
+ values (:id,:pass,:code)
");
$prep->bindParam(':id',$node_id);
$prep->bindParam(':pass',$password);
+ $prep->bindParam(':code',$code);
if($prep->execute()==false)
{
error_log("could not create shared node in create_shared_node");
- return false;
+ return NULL;
}
- return true;
+ $shared_node=new Shared_Node();
+ $shared_node->code=$code;
+ $shared_node->node_id=$node_id;
+ $shared_node->password=$password;
+ return $shared_node;
}
function get_node(int $node_id)
{
@@ -588,6 +594,24 @@ require_once "node.php";
return false;
}
}
+ function get_shared_node(string $code)
+ {
+ $prepare=$this->pdo->prepare("
+ select * from shared_nodes where code=:code
+ ");
+ $prepare->bindParam(':code',$code);
+ if($prepare->execute()==false)
+ {
+ error_log("sql statement at get_shared_node failed");
+ return NULL;
+ }
+ $ret=$prepare->fetch(PDO::FETCH_ASSOC);
+ $nod=new Shared_Node();
+ $nod->node_id=$ret["node_id"];
+ $nod->password=$ret["passcode"];
+ $nod->code=$ret["code"];
+ return $nod;
+ }
/*returns false if username is taken, email is not checked here*/
function register_user(string $user,string $password,string $email) : bool
diff --git a/php/node.php b/php/node.php
index 666d540..c86beae 100644
--- a/php/node.php
+++ b/php/node.php
@@ -10,6 +10,12 @@ require_once "user.php";
public $type;
public $code;
}
+ class Shared_Node
+ {
+ public $node_id;
+ public $code;
+ public $password;
+ }
/*path is in terms of the simulated filesystem*/
/*returns NULL on error*/
function get_directory(string $abstract_path,User $user)
@@ -86,22 +92,22 @@ require_once "user.php";
{
return NULL;
}
- if($database->create_shared_node($password,$node_id)==false)
+ $shared_node=$database->create_shared_node($password,$node_id);
+ if($shared_node==NULL)
{
return NULL;
}
- $code=$database->get_code_of_node($node_id);
- if($code==NULL)
- {
- return NULL;
- }
+ if($can_read)
+ $database->give_view_access($node_id,$user->user_id);
+ if($can_write)
+ $database->give_edit_access($node_id,$user->user_id);
if($use_https)
{
- return "https://".$domain_name."/php/share.php?file=".$code;
+ return "https://".$domain_name."/php/share.php?file=".$shared_node->code;
}else
{
- return "http://".$domain_name."/php/share.php?file=".$code;
+ return "http://".$domain_name."/php/share.php?file=".$shared_node->code;
}
}
diff --git a/php/share.php b/php/share.php
index 5c92a76..0853058 100644
--- a/php/share.php
+++ b/php/share.php
@@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}
else
{
-// http_response_code(409);
+ http_response_code(409);
error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
-// exit(1);
+ exit(1);
}
//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
@@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
$code=$_GET["file"];
- $file_id=$database->get_node_with_code($code);
- if($file_id==NULL)
+ $password=$_GET["password"];
+
+ $shared_node=$database->get_shared_node($code);
+ if($shared_node==NULL || $shared_node->password!=$password)
{
http_response_code(409);
exit(0);
}
- $permissions=$database->get_permissions($file_id,$user->user_id);
+ $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
if($permissions["can_view"]==true)
{
- $node=$database->get_node($file_id);
+ $node=$database->get_node($shared_node->node_id);
if($node->is_directory)
{
/*spooky stuff here*/