F diff --git a/file_type_recogniser.php b/file_type_recogniser.php deleted file mode 100644 --- a/file_type_recogniser.php +++ /dev/null- <?php-- function file_type($path_to_file) {- $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE);- return $file_type_database->file($path_to_file);- }--- function file_extension($path_to_file) {- #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php- if(defined("FILEINFO_EXTENSION"))- {- $file_type_database = new finfo(FILEINFO_EXTENSION);- return "." . $file_type_database->file($path_to_file);- }else- {- $result=file_type($path_to_file);-- $optimus_prime = array(- 'text/plain'=>'.txt',- 'text/html'=>'.html',- 'text/php'=>'.php',- 'text/css'=>'.css',- 'application/javascript'=>'.js',- 'application/json'=>'.json',- 'application/xml'=>'.xml',- 'application/x-shockwave-flash'=>'.swf',- 'video/x-flv'=>'.flv',- 'image/png'=>'.png',- 'image/jpeg'=>'.jpe',- 'image/jpeg'=>'.jpeg',- 'image/jpeg'=>'.jpg',- 'image/gif'=>'.gif',- 'image/bmp'=>'.bmp',- 'image/vnd.microsoft.icon'=>'.ico',- 'image/tiff'=>'.tiff',- 'image/tiff'=>'.tif',- 'image/svg+xml'=>'.svg',- 'image/svg+xml'=>'.svgz',- 'application/zip'=>'.zip',- 'application/x-rar-compressed'=>'.rar',- 'application/x-msdownload'=>'.exe',- 'application/x-msdownload'=>'.msi',- 'application/vnd.ms-cab-compressed'=>'.cab',- 'audio/mpeg'=>'.mp3',- 'video/quicktime'=>'.qt',- 'video/quicktime'=>'.mov',- 'application/pdf'=>'.pdf',- 'image/vnd.adobe.photoshop'=>'.psd',- 'application/postscript'=>'.ai',- 'application/postscript'=>'.eps',- 'application/postscript'=>'.ps',- 'application/msword'=>'.doc',- 'application/rtf'=>'.rtf',- 'application/vnd.ms-excel'=>'.xls',- 'application/vnd.ms-powerpoint'=>'.ppt',- 'application/vnd.oasis.opendocument.text'=>'.odt',- 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods'- );-- if(!array_key_exists($result,$optimus_prime))- {- return ".dat";- }else- {- return $optimus_prime[$result];- }-- }- }-- function get_icon($path_to_file)- {- $file_ext="svg/icons/".file_extension($path_to_file).".svg";- if(!file_exists($file_ext))- {- return "svg/icons/.dat.svg";- }else- {- return $file_ext;- }- }-- ?>F diff --git a/index.html b/index.html --- a/index.html +++ b/index.html</div><div class="vcenter">- <form action="/register.php">+ <form action="/register.php" method="post"><h2>Get started</h2><div class="content"><p>Username</p><input type="text" id="username" name="username">+ <p>Email address</p>+ <input type="text" id="email" name="email"><p>Password</p><input type="password" id="password" name="password"><p>Repeat Password</p>F diff --git a/php/configuration.php b/php/configuration.php new file mode 100644 --- /dev/null +++ b/php/configuration.php+ <?php+ /*should be placed outside of document root*/++ $domain_name="localhost";++ $database_name="adam";+ $database_username="adam";+ $database_password="asdfd";+ $database_location="127.0.0.1";++++ $password_hash_algo=PASSWORD_BCRYPT;+++ $has_email_verification=false;+ ?>F diff --git a/php/database.php b/php/database.php new file mode 100644 --- /dev/null +++ b/php/database.php+ <?php+ require_once "configuration.php";+ require_once "user.php";+ require_once "misc.php";++ /*handles database stuff*/+ class Database+ {+ private $pdo;+++ public function __construct()+ {+ global $domain_name;+ global $database_name;+ global $database_username;+ global $database_password;+ global $database_location;+ try+ {+ $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);+ }catch(PDOException $e)+ {+ error_log("Could not get database {$database_name} from {$database_location}, {$e} ");+ die("The cow bought the farm");+ }+ }++ /*returns false if this isn't a user, otherwise returns the userid*/+ function get_user(string $user)+ {+ $ret=new User;++ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username");+ $prep->bindParam(':username',$user);++ $prep->execute();++ $hold=$prep->fetch(PDO::FETCH_ASSOC);++ if($hold)+ {+ $ret->user_id=$hold["user_id"];+ $ret->username=$hold["username"];+ $ret->email_address=$hold["email"];+ return $ret;+ }else+ {+ return false;+ }+ }+ /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/+ function authenticate(string $user, string $password)+ {+ $ret=new User;+ global $password_hash_algo;++++ $hashed_pass=password_hash($password,$password_hash_algo);+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password");+ $prep->bindParam(':username',$user);+ $prep->bindParam(':password',$hashed_pass);++ $prep->execute();++ $hold=$prep->fetch(PDO::FETCH_ASSOC);+ if($hold)+ {+ $ret->user_id=hold["user_id"];+ $ret->username=hold["username"];+ $ret->email_address["email"];+ return $ret;+ }else+ {+ return false;+ }+ }+ /*returns false if username is taken, email is not checked here*/+ function register_user(string $user,string $password,string $email) : bool+ {+ $hold=$this->get_user($user);+ global $domain_name;+ global $has_email_verification;+ global $password_hash_algo;+++ if($hold)+ {+ return false;+ }else+ {+ if($has_email_verification)+ {+ generate_email_verification_link();+ }else+ {+ $hashed_pass=password_hash($password,$password_hash_algo);+ $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)");+ $prep->bindParam(':username',$user);+ $prep->bindParam(':password',$hashed_pass);+ $prep->bindParam(':email',$email);+ $prep->execute();+ }+ return true;+ }+ }+ }+++ ?>F diff --git a/php/file_type_recogniser.php b/php/file_type_recogniser.php new file mode 100644 --- /dev/null +++ b/php/file_type_recogniser.php+ <?php++ function file_type($path_to_file) {+ $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE);+ return $file_type_database->file($path_to_file);+ }+++ function file_extension($path_to_file) {+ #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php+ if(defined("FILEINFO_EXTENSION"))+ {+ $file_type_database = new finfo(FILEINFO_EXTENSION);+ return "." . $file_type_database->file($path_to_file);+ }else+ {+ $result=file_type($path_to_file);++ $optimus_prime = array(+ 'text/plain'=>'.txt',+ 'text/html'=>'.html',+ 'text/php'=>'.php',+ 'text/css'=>'.css',+ 'application/javascript'=>'.js',+ 'application/json'=>'.json',+ 'application/xml'=>'.xml',+ 'application/x-shockwave-flash'=>'.swf',+ 'video/x-flv'=>'.flv',+ 'image/png'=>'.png',+ 'image/jpeg'=>'.jpe',+ 'image/jpeg'=>'.jpeg',+ 'image/jpeg'=>'.jpg',+ 'image/gif'=>'.gif',+ 'image/bmp'=>'.bmp',+ 'image/vnd.microsoft.icon'=>'.ico',+ 'image/tiff'=>'.tiff',+ 'image/tiff'=>'.tif',+ 'image/svg+xml'=>'.svg',+ 'image/svg+xml'=>'.svgz',+ 'application/zip'=>'.zip',+ 'application/x-rar-compressed'=>'.rar',+ 'application/x-msdownload'=>'.exe',+ 'application/x-msdownload'=>'.msi',+ 'application/vnd.ms-cab-compressed'=>'.cab',+ 'audio/mpeg'=>'.mp3',+ 'video/quicktime'=>'.qt',+ 'video/quicktime'=>'.mov',+ 'application/pdf'=>'.pdf',+ 'image/vnd.adobe.photoshop'=>'.psd',+ 'application/postscript'=>'.ai',+ 'application/postscript'=>'.eps',+ 'application/postscript'=>'.ps',+ 'application/msword'=>'.doc',+ 'application/rtf'=>'.rtf',+ 'application/vnd.ms-excel'=>'.xls',+ 'application/vnd.ms-powerpoint'=>'.ppt',+ 'application/vnd.oasis.opendocument.text'=>'.odt',+ 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods'+ );++ if(!array_key_exists($result,$optimus_prime))+ {+ return ".dat";+ }else+ {+ return $optimus_prime[$result];+ }++ }+ }++ function get_icon($path_to_file)+ {+ $file_ext="svg/icons/".file_extension($path_to_file).".svg";+ if(!file_exists($file_ext))+ {+ return "svg/icons/.dat.svg";+ }else+ {+ return $file_ext;+ }+ }++ ?>F diff --git a/php/misc.php b/php/misc.php new file mode 100644 --- /dev/null +++ b/php/misc.php+ <?php+ require_once "user.php";++ function validate_credentials(string $username,string $email,string $password,string $password2) : bool+ {+ return true;+ }++ function generate_email_verification_link()+ {+ /*TODO*/+ $url="{$domain_name}/register/"+random_bytes(20);+ mail($email,"Registration at ${domain_name}","Click here to register {$url}.");+ }++++ ?>F diff --git a/php/upload.php b/php/upload.php new file mode 100644 --- /dev/null +++ b/php/upload.php+ <?php++ if (!array_key_exists('uf', $_FILES)) {+ http_response_code(400);+ exit();+ }+++ $file = $_FILES['uf'];+++ if (file['error'] != 0) {+ http_response_code(400);+ exit();+ }++ $m = md5_file($file['tmp_name']);++ copy($file['tmp_name'], "screen/$m.png");++ echo "http://india.fmi.fail/screen/$m.png";++ ?>F diff --git a/php/user.php b/php/user.php new file mode 100644 --- /dev/null +++ b/php/user.php+ <?php+ class User+ {+ /*I don't think we need to abstract these away*/+ public $user_id;+ public $username;+ public $email_address;+ }++ ?>F diff --git a/register.php b/register.php new file mode 100644 --- /dev/null +++ b/register.php+ <?php+ require_once "php/database.php";+ require_once "php/misc.php";++ $username=$_POST["username"];+ $password=$_POST["password"];+ $password2=$_POST["password2"];+ $email=$_POST["email"];++ /*check if we are given shady credentials*/+ if(!validate_credentials($username,$email,$password,$password2))+ {+ error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");+ die();+ }+ $database= new Database;++ if($database->register_user($username,$password,$email))+ {+ echo "registered";+ }else+ {+ echo "didn't register";+ }++ ?>F diff --git a/sql/fileshare.sql b/sql/fileshare.sql --- a/sql/fileshare.sql +++ b/sql/fileshare.sql- drop database fileshare;------ create database fileshare;- use fileshare;-/*base user information*/create table users (- id int not null auto_increment,+ user_id int not null auto_increment,username varchar(50) not null unique,- password varchar(100) not null unique,- primary key (id)+ password varchar(255) not null,+ email varchar(50),+ primary key (user_id));/*table has only one owner and is identifyed by a number*/create table files (- id int not null auto_increment,- owner int default null,- absolutepath varchar(500) not null,+ file_id int not null auto_increment,+ owner_id int default null,+ relative_path varchar(500) not null,type varchar(20) not null default 'data',- primary key (id),- foreign key (owner) references users(id)+ primary key (file_id),+ foreign key (owner_id) references users(user_id));/*the user with userid is given some kind of access to the file with fileid*//*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*//*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/create table access (- fileid int not null,- userid int not null,- canview boolean not null default true,- canremove boolean not null default false,- check (canview=true or canremove=true) ,- foreign key (fileid) references files(id),- foreign key (userid) references users(id)+ file_id int not null,+ user_id int not null,+ can_view boolean not null default true,+ can_remove boolean not null default false,+ check (can_view=true or can_remove=true) ,+ foreign key (file_id) references files(file_id),+ foreign key (user_id) references users(user_id));---- /*basic info for testing purposes*/- insert into users(username,password) values ("root","asdf");- insert into users(username,password) values ("tester","tester");- insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script");- insert into access(fileid,userid,canview,canremove) values(1,2,true,false);- /*I am not sure why this passes ....*/- insert into access(fileid,userid,canview,canremove) values(1,2,false,false);F diff --git a/upload.php b/upload.php deleted file mode 100644 --- a/upload.php +++ /dev/null- <?php-- if (!array_key_exists('uf', $_FILES)) {- http_response_code(400);- exit();- }--- $file = $_FILES['uf'];--- if (file['error'] != 0) {- http_response_code(400);- exit();- }-- $m = md5_file($file['tmp_name']);-- copy($file['tmp_name'], "screen/$m.png");-- echo "http://india.fmi.fail/screen/$m.png";-- ?>