diff options
Diffstat (limited to 'php')
-rw-r--r-- | php/.configuration.php.swp | bin | 12288 -> 0 bytes | |||
-rw-r--r-- | php/configuration.php | 27 | ||||
-rw-r--r-- | php/database.php | 55 | ||||
-rw-r--r-- | php/node.php | 43 | ||||
-rw-r--r-- | php/readfile.php | 1 | ||||
-rw-r--r-- | php/share.php | 76 |
6 files changed, 178 insertions, 24 deletions
diff --git a/php/.configuration.php.swp b/php/.configuration.php.swp Binary files differdeleted file mode 100644 index 56c6cfb..0000000 --- a/php/.configuration.php.swp +++ /dev/null diff --git a/php/configuration.php b/php/configuration.php index 09d1a06..236db70 100644 --- a/php/configuration.php +++ b/php/configuration.php @@ -1,24 +1,25 @@ <?php /*should be placed outside of document root*/ -$domain_name="localhost"; +$use_https=true; if (file_exists("/home/alex")) { - $database_name="alex"; - $database_username="alex"; - $database_password="lol"; - $database_location="127.0.0.1"; + $domain_name="localhost"; + $database_name="alex"; + $database_username="alex"; + $database_password="lol"; + $database_location="127.0.0.1"; - $storage_root = "/home/alex/fileup_storage"; + $storage_root = "/home/alex/fileup_storage"; } else { - -$database_name="fileup_testing"; -$database_username="outsider"; -$database_password="parola123"; -$database_location="localhost"; -/*storage root must be in the webroot*/ -$storage_root = "/srv/apache/testing/project/files/"; + $domain_name="testing"; + $database_name="fileup_testing"; + $database_username="outsider"; + $database_password="parola123"; + $database_location="localhost"; + /*storage root must be in the webroot*/ + $storage_root = "/srv/apache/testing/project/files/"; } /*if we save deleted files just in case of an error*/ diff --git a/php/database.php b/php/database.php index c7851c5..b95b2a6 100644 --- a/php/database.php +++ b/php/database.php @@ -84,15 +84,15 @@ require_once "node.php"; where name=:name" ); $statement->bindParam(':name',$name); - if($statement->execute()==NULL) + if($statement->execute()==false) { error_log("there was a problem with the sql statement at get_nodes_with_name"); - return []; + return NULL; } return $statement->fetchAll(PDO::FETCH_ASSOC); } - /*returns assoc array*/ + /*returns id*/ function get_node_with_code($code) { $statement=$this->pdo->prepare( @@ -101,12 +101,13 @@ require_once "node.php"; where code=:code" ); $statement->bindParam(':code',$code); - if($statement->execute()==NULL) + if($statement->execute()==false) { error_log("there was a problem with the sql statement at get_nodes_with_code"); - return []; + return NULL; } - return $statement->fetch(PDO::FETCH_ASSOC); + $ret= $statement->fetch(PDO::FETCH_ASSOC); + return $ret["id"]; } /* I think this only makes sense if node is a dir*/ /* returns assoc array of nodes*/ @@ -347,7 +348,7 @@ require_once "node.php"; /*give premissions*/ $id=$this->get_node_with_code($code_name); - if(count($id)!=1) + if($id!=NULL) { error_log("created a dangling directory but couldn't find it afterward. Fatal error!"); exit(1); @@ -451,6 +452,40 @@ require_once "node.php"; } } + function create_shared_node(string $password,int $node_id):bool + { + $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode) + values (:id,:pass) + "); + $prep->bindParam(':id',$node_id); + $prep->bindParam(':pass',$password); + if($prep->execute()==false) + { + error_log("could not create shared node in create_shared_node"); + return false; + } + return true; + } + function get_node(int $node_id) + { + $prep=$this->pdo->prepare("select * from nodes where node_id=:id"); + $prep->bindParam(':id',$node_id); + if($prep->execute()==false) + { + error_log("sql statement at get_node failed"); + return NULL; + } + $nod=$prep->fetch(PDO::FETCH_ASSOC); + $ret=new Node(); + $ret->node_id=$nod["node_id"]; + $ret->is_directory=$nod["is_directory"]; + $ret->relative_path=$nod["relative_path"]; + $ret->type=$nod["type"]; + $ret->code=$nod["code"]; + + return $ret; + + } /*returns the file name as it must be in the filesystem relative to the storage root*/ function create_file_node(string $filename,string $note,int $dir_id,string $mimetype,User $user): string { @@ -470,9 +505,9 @@ require_once "node.php"; { error_log("could not exedude dir sql statement in create_file_node"); return "error"; - } + } - $dir=$dir_prep->fetch(PDO::FETCH_ASSOC); + $dir=$dir_prep->fetch(PDO::FETCH_ASSOC); if($dir == false) { error_log("create_file_node dir isnt a directory"); @@ -514,7 +549,7 @@ require_once "node.php"; /*not so quiet error*/ return "error"; } - $new_id=$this->get_node_with_code($code)["id"]; + $new_id=$this->get_node_with_code($code); /*link the node to the directory*/ $this->link_nodes($dir_id,$new_id,$filename,$note); /*give premissions to the creator*/ diff --git a/php/node.php b/php/node.php index 1336a5f..383cc97 100644 --- a/php/node.php +++ b/php/node.php @@ -2,7 +2,16 @@ require_once "database.php"; require_once "user.php"; + class Node + { + public $node_id; + public $is_directory; + public $relative_path; + public $type; + public $code; + } /*path is in terms of the simulated filesystem*/ + /*returns NULL on error*/ function get_directory(string $abstract_path,User $user) { @@ -61,5 +70,39 @@ require_once "user.php"; $parent_dir_id=get_directory($abstract_path,$user); $database->unlink_nodes($parent_dir_id,$filename); } + function create_share_link(string $abstract_path,string $filename,string $password,User $user,bool $can_read,bool $can_write) + { + global $database; + global $domain_name; + global $use_https; + + $dir_id=get_directory($abstract_path,$user); + if($dir_id==NULL) + { + return NULL; + } + $node_id=get_node_id($filename,$dir_id); + if($node_id==NULL) + { + return NULL; + } + if($database->create_shared_node($password,$node_id)==false) + { + return NULL; + } + + $code=$database->get_code_of_node($node_id); + if($code==NULL) + { + return NULL; + } + if($use_https) + { + return "https://".$domain_name."/share?file=".$code; + }else + { + return "http://".$domain_name."/share?file=".$code; + } + } ?> diff --git a/php/readfile.php b/php/readfile.php index 459232e..9c30ee5 100644 --- a/php/readfile.php +++ b/php/readfile.php @@ -40,5 +40,4 @@ if (!$file_node) { } header("Content-type: $file_node[mimetype]"); - readfile("$storage_root/$file_node[code]"); diff --git a/php/share.php b/php/share.php new file mode 100644 index 0000000..3122162 --- /dev/null +++ b/php/share.php @@ -0,0 +1,76 @@ +<?php +require_once "configuration.php"; +require_once "database.php"; +require_once "user.php"; +session_start(); + +$user=$_SESSION['user_object']; + + +if($_SERVER["REQUEST_METHOD"] == "POST") +{ + $path=$_POST["folder"]; + /*this could be a directory as well*/ + $filename=$_POST["filename"]; + $users=$_POST["users"]; + $password=$_POST["password"]; + $premissions=$_POST["premissions"]; + + if($premissions==1) + { + $can_read=true; + $can_write=false; + }else if($premissions==3) + { + $can_read=true; + $can_write=true; + } + else + { + http_response_code(409); + error_log("someone gave wrong premmissions =".$premissions."! This could be an attack"); + exit(1); + } + + $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); + + if($share_link==NULL) + { + http_response_code(409); + } + echo $share_link; + http_response_code(200); + exit(0); +}else if($_SERVER["REQUEST_METHOD"]== "GET") +{ + $code=$_GET["code"]; + $file_id=$database->get_node_with_code($code); + if($file_id==NULL) + { + http_response_code(409); + exit(0); + } + $premissions=$database->get_premissions($file_id,$user->user_id); + if($premissions["can_view"]==true) + { + $node=$database->get_node($file_id); + if($node->is_directory) + { + /*spooky stuff here*/ + http_response_code(409); + exit(1); + }else + { + header("Content-type: $node[type]"); + readfile("$storage_root/$node[code]"); + } + } + + + +}else +{ + http_response_code(409); + exit(0); +} +?> |