aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
Diffstat (limited to 'php')
-rw-r--r--php/database.php19
-rw-r--r--php/move.php4
-rw-r--r--php/node.php6
-rw-r--r--php/share.php20
4 files changed, 39 insertions, 10 deletions
diff --git a/php/database.php b/php/database.php
index 61ff344..57aac3d 100644
--- a/php/database.php
+++ b/php/database.php
@@ -21,7 +21,7 @@ require_once "node.php";
$this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
}
- /*returns NULL if this isn't a user, otherwise returns the user*/
+ /*returns NULL if this isn't a user, otherwise returns the user in the form of the User class*/
function get_user(string $user)
{
$ret=new User;
@@ -75,7 +75,7 @@ require_once "node.php";
}
}
- /*returns assoc array*/
+ /*returns assoc array , or NULL on error*/
function get_nodes_with_name($name)
{
$statement=$this->pdo->prepare(
@@ -92,7 +92,7 @@ require_once "node.php";
return $statement->fetchAll(PDO::FETCH_ASSOC);
}
- /*returns id*/
+ /*returns id or NULL on error*/
function get_node_with_code($code)
{
$statement=$this->pdo->prepare(
@@ -461,15 +461,22 @@ require_once "node.php";
}
}
- function create_shared_node(string $password,int $node_id)
+ function create_shared_node(string $password,int $node_id,string $users)
{
$code=$this->get_random_node_name("");
- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
- values (:id,:pass,:code)
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code,is_public)
+ values (:id,:pass,:code,:is_public)
");
$prep->bindParam(':id',$node_id);
$prep->bindParam(':pass',$password);
$prep->bindParam(':code',$code);
+ if($users=="")
+ {
+ $prep->bindParam(':is_public',true);
+ }else
+ {
+ $prep->bindParam(':is_public',false);
+ }
if($prep->execute()==false)
{
error_log("could not create shared node in create_shared_node");
diff --git a/php/move.php b/php/move.php
index 945c697..d1bbbfc 100644
--- a/php/move.php
+++ b/php/move.php
@@ -26,7 +26,9 @@ $homedir = $user->home_directory;
$old_dir = get_directory($old_folder, $user);
$new_dir = get_directory($new_folder, $user);
-if (!$old_dir || !$new_dir) {
+$trash_dir = get_directory("/trash",$user);
+$share_dir = get_directory("/share",$user);
+if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) {
error_log("invalid src/dst dir");
http_response_code(409);
exit(0);
diff --git a/php/node.php b/php/node.php
index 0593211..dfe1297 100644
--- a/php/node.php
+++ b/php/node.php
@@ -74,6 +74,10 @@ require_once "user.php";
{
global $database;
$parent_dir_id=get_directory($abstract_path,$user);
+ if($parent_dir_id==$user->home_directory && ($filename=="share" || $filename=="trash"))
+ {
+ return ;
+ }
$database->unlink_nodes($parent_dir_id,$filename);
}
function create_share_link(string $abstract_path,string $filename,string $password,
@@ -93,7 +97,7 @@ require_once "user.php";
{
return NULL;
}
- $shared_node=$database->create_shared_node($password,$node_id);
+ $shared_node=$database->create_shared_node($password,$node_id,$users);
if($shared_node==NULL)
{
return NULL;
diff --git a/php/share.php b/php/share.php
index 8f2aeaf..10f8d25 100644
--- a/php/share.php
+++ b/php/share.php
@@ -5,11 +5,16 @@ require_once "user.php";
session_start();
-$user=$_SESSION['user_object'];
if($_SERVER["REQUEST_METHOD"] == "POST")
{
+ if(!isset($_SESSION['user_object']) || !isset($_POST["folder"]) || !isset($_POST["filename"]) || !isset($_POST["users"]) || !isset($_POST["password"]) || !isset($_POST["premissions"]) )
+ {
+ http_response_code(409);
+ exit(0);
+ }
+ $user=$_SESSION['user_object'];
$path=$_POST["folder"];
/*this could be a directory as well*/
$filename=$_POST["filename"];
@@ -47,8 +52,19 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
exit(0);
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
+ if(!isset($_GET["file"]))
+ {
+ http_response_code(409);
+ exit(0);
+ }
$code=$_GET["file"];
- $password=$_GET["password"];
+ if(isset($_GET["password"]))
+ {
+ $password=$_GET["password"];
+ }else
+ {
+ $password="";
+ }
$shared_node=$database->get_shared_node($code);
if($shared_node==NULL || $shared_node->password!=$password)