aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-13 22:12:39 +0200
committeradam <adam@>2021-02-13 22:12:39 +0200
commitfc779bb49a74da78689776391f5ea999c0a03f37 (patch)
tree18d12cf3286c4544acdcea4c8f2c31272e862f93 /php
parentdf1fcd07a15417173404b25b91cb8ac176e421c5 (diff)
downloadfileup-fc779bb49a74da78689776391f5ea999c0a03f37.tar.gz
share is share
Diffstat (limited to 'php')
-rw-r--r--php/.configuration.php.swpbin12288 -> 0 bytes
-rw-r--r--php/configuration.php27
-rw-r--r--php/database.php55
-rw-r--r--php/node.php43
-rw-r--r--php/readfile.php1
-rw-r--r--php/share.php76
6 files changed, 178 insertions, 24 deletions
diff --git a/php/.configuration.php.swp b/php/.configuration.php.swp
deleted file mode 100644
index 56c6cfb..0000000
--- a/php/.configuration.php.swp
+++ /dev/null
Binary files differ
diff --git a/php/configuration.php b/php/configuration.php
index 09d1a06..236db70 100644
--- a/php/configuration.php
+++ b/php/configuration.php
@@ -1,24 +1,25 @@
<?php
/*should be placed outside of document root*/
-$domain_name="localhost";
+$use_https=true;
if (file_exists("/home/alex")) {
- $database_name="alex";
- $database_username="alex";
- $database_password="lol";
- $database_location="127.0.0.1";
+ $domain_name="localhost";
+ $database_name="alex";
+ $database_username="alex";
+ $database_password="lol";
+ $database_location="127.0.0.1";
- $storage_root = "/home/alex/fileup_storage";
+ $storage_root = "/home/alex/fileup_storage";
}
else {
-
-$database_name="fileup_testing";
-$database_username="outsider";
-$database_password="parola123";
-$database_location="localhost";
-/*storage root must be in the webroot*/
-$storage_root = "/srv/apache/testing/project/files/";
+ $domain_name="testing";
+ $database_name="fileup_testing";
+ $database_username="outsider";
+ $database_password="parola123";
+ $database_location="localhost";
+ /*storage root must be in the webroot*/
+ $storage_root = "/srv/apache/testing/project/files/";
}
/*if we save deleted files just in case of an error*/
diff --git a/php/database.php b/php/database.php
index c7851c5..b95b2a6 100644
--- a/php/database.php
+++ b/php/database.php
@@ -84,15 +84,15 @@ require_once "node.php";
where name=:name"
);
$statement->bindParam(':name',$name);
- if($statement->execute()==NULL)
+ if($statement->execute()==false)
{
error_log("there was a problem with the sql statement at get_nodes_with_name");
- return [];
+ return NULL;
}
return $statement->fetchAll(PDO::FETCH_ASSOC);
}
- /*returns assoc array*/
+ /*returns id*/
function get_node_with_code($code)
{
$statement=$this->pdo->prepare(
@@ -101,12 +101,13 @@ require_once "node.php";
where code=:code"
);
$statement->bindParam(':code',$code);
- if($statement->execute()==NULL)
+ if($statement->execute()==false)
{
error_log("there was a problem with the sql statement at get_nodes_with_code");
- return [];
+ return NULL;
}
- return $statement->fetch(PDO::FETCH_ASSOC);
+ $ret= $statement->fetch(PDO::FETCH_ASSOC);
+ return $ret["id"];
}
/* I think this only makes sense if node is a dir*/
/* returns assoc array of nodes*/
@@ -347,7 +348,7 @@ require_once "node.php";
/*give premissions*/
$id=$this->get_node_with_code($code_name);
- if(count($id)!=1)
+ if($id!=NULL)
{
error_log("created a dangling directory but couldn't find it afterward. Fatal error!");
exit(1);
@@ -451,6 +452,40 @@ require_once "node.php";
}
}
+ function create_shared_node(string $password,int $node_id):bool
+ {
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
+ values (:id,:pass)
+ ");
+ $prep->bindParam(':id',$node_id);
+ $prep->bindParam(':pass',$password);
+ if($prep->execute()==false)
+ {
+ error_log("could not create shared node in create_shared_node");
+ return false;
+ }
+ return true;
+ }
+ function get_node(int $node_id)
+ {
+ $prep=$this->pdo->prepare("select * from nodes where node_id=:id");
+ $prep->bindParam(':id',$node_id);
+ if($prep->execute()==false)
+ {
+ error_log("sql statement at get_node failed");
+ return NULL;
+ }
+ $nod=$prep->fetch(PDO::FETCH_ASSOC);
+ $ret=new Node();
+ $ret->node_id=$nod["node_id"];
+ $ret->is_directory=$nod["is_directory"];
+ $ret->relative_path=$nod["relative_path"];
+ $ret->type=$nod["type"];
+ $ret->code=$nod["code"];
+
+ return $ret;
+
+ }
/*returns the file name as it must be in the filesystem relative to the storage root*/
function create_file_node(string $filename,string $note,int $dir_id,string $mimetype,User $user): string
{
@@ -470,9 +505,9 @@ require_once "node.php";
{
error_log("could not exedude dir sql statement in create_file_node");
return "error";
- }
+ }
- $dir=$dir_prep->fetch(PDO::FETCH_ASSOC);
+ $dir=$dir_prep->fetch(PDO::FETCH_ASSOC);
if($dir == false)
{
error_log("create_file_node dir isnt a directory");
@@ -514,7 +549,7 @@ require_once "node.php";
/*not so quiet error*/
return "error";
}
- $new_id=$this->get_node_with_code($code)["id"];
+ $new_id=$this->get_node_with_code($code);
/*link the node to the directory*/
$this->link_nodes($dir_id,$new_id,$filename,$note);
/*give premissions to the creator*/
diff --git a/php/node.php b/php/node.php
index 1336a5f..383cc97 100644
--- a/php/node.php
+++ b/php/node.php
@@ -2,7 +2,16 @@
require_once "database.php";
require_once "user.php";
+ class Node
+ {
+ public $node_id;
+ public $is_directory;
+ public $relative_path;
+ public $type;
+ public $code;
+ }
/*path is in terms of the simulated filesystem*/
+ /*returns NULL on error*/
function get_directory(string $abstract_path,User $user)
{
@@ -61,5 +70,39 @@ require_once "user.php";
$parent_dir_id=get_directory($abstract_path,$user);
$database->unlink_nodes($parent_dir_id,$filename);
}
+ function create_share_link(string $abstract_path,string $filename,string $password,User $user,bool $can_read,bool $can_write)
+ {
+ global $database;
+ global $domain_name;
+ global $use_https;
+
+ $dir_id=get_directory($abstract_path,$user);
+ if($dir_id==NULL)
+ {
+ return NULL;
+ }
+ $node_id=get_node_id($filename,$dir_id);
+ if($node_id==NULL)
+ {
+ return NULL;
+ }
+ if($database->create_shared_node($password,$node_id)==false)
+ {
+ return NULL;
+ }
+
+ $code=$database->get_code_of_node($node_id);
+ if($code==NULL)
+ {
+ return NULL;
+ }
+ if($use_https)
+ {
+ return "https://".$domain_name."/share?file=".$code;
+ }else
+ {
+ return "http://".$domain_name."/share?file=".$code;
+ }
+ }
?>
diff --git a/php/readfile.php b/php/readfile.php
index 459232e..9c30ee5 100644
--- a/php/readfile.php
+++ b/php/readfile.php
@@ -40,5 +40,4 @@ if (!$file_node) {
}
header("Content-type: $file_node[mimetype]");
-
readfile("$storage_root/$file_node[code]");
diff --git a/php/share.php b/php/share.php
new file mode 100644
index 0000000..3122162
--- /dev/null
+++ b/php/share.php
@@ -0,0 +1,76 @@
+<?php
+require_once "configuration.php";
+require_once "database.php";
+require_once "user.php";
+session_start();
+
+$user=$_SESSION['user_object'];
+
+
+if($_SERVER["REQUEST_METHOD"] == "POST")
+{
+ $path=$_POST["folder"];
+ /*this could be a directory as well*/
+ $filename=$_POST["filename"];
+ $users=$_POST["users"];
+ $password=$_POST["password"];
+ $premissions=$_POST["premissions"];
+
+ if($premissions==1)
+ {
+ $can_read=true;
+ $can_write=false;
+ }else if($premissions==3)
+ {
+ $can_read=true;
+ $can_write=true;
+ }
+ else
+ {
+ http_response_code(409);
+ error_log("someone gave wrong premmissions =".$premissions."! This could be an attack");
+ exit(1);
+ }
+
+ $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
+
+ if($share_link==NULL)
+ {
+ http_response_code(409);
+ }
+ echo $share_link;
+ http_response_code(200);
+ exit(0);
+}else if($_SERVER["REQUEST_METHOD"]== "GET")
+{
+ $code=$_GET["code"];
+ $file_id=$database->get_node_with_code($code);
+ if($file_id==NULL)
+ {
+ http_response_code(409);
+ exit(0);
+ }
+ $premissions=$database->get_premissions($file_id,$user->user_id);
+ if($premissions["can_view"]==true)
+ {
+ $node=$database->get_node($file_id);
+ if($node->is_directory)
+ {
+ /*spooky stuff here*/
+ http_response_code(409);
+ exit(1);
+ }else
+ {
+ header("Content-type: $node[type]");
+ readfile("$storage_root/$node[code]");
+ }
+ }
+
+
+
+}else
+{
+ http_response_code(409);
+ exit(0);
+}
+?>