From c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 Mon Sep 17 00:00:00 2001
From: adam <adam@>
Date: Sat, 13 Feb 2021 23:24:31 +0200
Subject: generates different code links

---
 php/database.php | 34 +++++++++++++++++++++++++++++-----
 php/node.php     | 22 ++++++++++++++--------
 php/share.php    | 14 ++++++++------
 3 files changed, 51 insertions(+), 19 deletions(-)

(limited to 'php')

diff --git a/php/database.php b/php/database.php
index 6762a5f..58ca251 100644
--- a/php/database.php
+++ b/php/database.php
@@ -458,19 +458,25 @@ require_once "node.php";
 			}
 
 		}
-		function create_shared_node(string $password,int $node_id):bool
+		function create_shared_node(string $password,int $node_id)
 		{
-			$prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
-							values (:id,:pass)
+			$code=$this->get_random_node_name("");
+			$prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
+							values (:id,:pass,:code)
 						");
 			$prep->bindParam(':id',$node_id);
 			$prep->bindParam(':pass',$password);
+			$prep->bindParam(':code',$code);
 			if($prep->execute()==false)
 			{
 				error_log("could not create shared node in create_shared_node");
-				return false;
+				return NULL;
 			}
-			return true;
+			$shared_node=new Shared_Node();
+			$shared_node->code=$code;
+			$shared_node->node_id=$node_id;
+			$shared_node->password=$password;
+			return $shared_node;
 		}
 		function get_node(int $node_id)
 		{
@@ -588,6 +594,24 @@ require_once "node.php";
 				return false;
 			}
 		}
+		function get_shared_node(string $code)
+		{
+			$prepare=$this->pdo->prepare("
+							select * from shared_nodes where code=:code	
+					");
+			$prepare->bindParam(':code',$code);
+			if($prepare->execute()==false)
+			{
+				error_log("sql statement at get_shared_node failed");
+				return NULL;
+			}
+			$ret=$prepare->fetch(PDO::FETCH_ASSOC);
+			$nod=new Shared_Node();
+			$nod->node_id=$ret["node_id"];
+			$nod->password=$ret["passcode"];
+			$nod->code=$ret["code"];
+			return $nod;
+		}
 
 		/*returns false if username is taken, email is not checked here*/
 		function register_user(string $user,string $password,string $email) : bool
diff --git a/php/node.php b/php/node.php
index 666d540..c86beae 100644
--- a/php/node.php
+++ b/php/node.php
@@ -10,6 +10,12 @@ require_once "user.php";
 		public $type;
 		public $code;
 	}
+	class Shared_Node
+	{
+		public $node_id;
+		public $code;
+		public $password;
+	}
 	/*path is in terms of the simulated filesystem*/
 	/*returns NULL on error*/
 	function get_directory(string $abstract_path,User $user)
@@ -86,22 +92,22 @@ require_once "user.php";
 		{
 			return NULL;
 		}
-		if($database->create_shared_node($password,$node_id)==false)
+		$shared_node=$database->create_shared_node($password,$node_id);
+		if($shared_node==NULL)
 		{
 			return NULL;
 		}
 		
-		$code=$database->get_code_of_node($node_id);
-		if($code==NULL)
-		{
-			return NULL;
-		}
+		if($can_read)
+			$database->give_view_access($node_id,$user->user_id);
+		if($can_write)
+			$database->give_edit_access($node_id,$user->user_id);
 		if($use_https)
 		{
-			return "https://".$domain_name."/php/share.php?file=".$code;
+			return "https://".$domain_name."/php/share.php?file=".$shared_node->code;
 		}else
 		{
-			return "http://".$domain_name."/php/share.php?file=".$code;
+			return "http://".$domain_name."/php/share.php?file=".$shared_node->code;
 		}
 	}
 
diff --git a/php/share.php b/php/share.php
index 5c92a76..0853058 100644
--- a/php/share.php
+++ b/php/share.php
@@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
 	}
 	else
 	{
-//		http_response_code(409);
+		http_response_code(409);
 		error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
-//		exit(1);
+		exit(1);
 	}
 
 	//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
@@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
 }else if($_SERVER["REQUEST_METHOD"]== "GET")
 {
 	$code=$_GET["file"];
-	$file_id=$database->get_node_with_code($code);
-	if($file_id==NULL)
+	$password=$_GET["password"];
+
+	$shared_node=$database->get_shared_node($code);
+	if($shared_node==NULL || $shared_node->password!=$password)
 	{
 		http_response_code(409);
 		exit(0);
 	}
-	$permissions=$database->get_permissions($file_id,$user->user_id);
+	$permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
 	if($permissions["can_view"]==true)
 	{
-		$node=$database->get_node($file_id);
+		$node=$database->get_node($shared_node->node_id);
 		if($node->is_directory)
 		{
 			/*spooky stuff here*/
-- 
cgit v1.2.3