From c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 Mon Sep 17 00:00:00 2001 From: adam Date: Sat, 13 Feb 2021 23:24:31 +0200 Subject: generates different code links --- php/share.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'php/share.php') diff --git a/php/share.php b/php/share.php index 5c92a76..0853058 100644 --- a/php/share.php +++ b/php/share.php @@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST") } else { -// http_response_code(409); + http_response_code(409); error_log("someone gave wrong premmissions =".$permissions."! This could be an attack"); -// exit(1); + exit(1); } //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); @@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST") }else if($_SERVER["REQUEST_METHOD"]== "GET") { $code=$_GET["file"]; - $file_id=$database->get_node_with_code($code); - if($file_id==NULL) + $password=$_GET["password"]; + + $shared_node=$database->get_shared_node($code); + if($shared_node==NULL || $shared_node->password!=$password) { http_response_code(409); exit(0); } - $permissions=$database->get_permissions($file_id,$user->user_id); + $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); if($permissions["can_view"]==true) { - $node=$database->get_node($file_id); + $node=$database->get_node($shared_node->node_id); if($node->is_directory) { /*spooky stuff here*/ -- cgit v1.2.3