FILEUP



LOG | FILES | OVERVIEW


F diff --git a/file_type_recogniser.php b/file_type_recogniser.php deleted file mode 100644 --- a/file_type_recogniser.php +++ /dev/null
- <?php
-
- function file_type($path_to_file) {
- $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE);
- return $file_type_database->file($path_to_file);
- }
-
-
- function file_extension($path_to_file) {
- #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php
- if(defined("FILEINFO_EXTENSION"))
- {
- $file_type_database = new finfo(FILEINFO_EXTENSION);
- return "." . $file_type_database->file($path_to_file);
- }else
- {
- $result=file_type($path_to_file);
-
- $optimus_prime = array(
- 'text/plain'=>'.txt',
- 'text/html'=>'.html',
- 'text/php'=>'.php',
- 'text/css'=>'.css',
- 'application/javascript'=>'.js',
- 'application/json'=>'.json',
- 'application/xml'=>'.xml',
- 'application/x-shockwave-flash'=>'.swf',
- 'video/x-flv'=>'.flv',
- 'image/png'=>'.png',
- 'image/jpeg'=>'.jpe',
- 'image/jpeg'=>'.jpeg',
- 'image/jpeg'=>'.jpg',
- 'image/gif'=>'.gif',
- 'image/bmp'=>'.bmp',
- 'image/vnd.microsoft.icon'=>'.ico',
- 'image/tiff'=>'.tiff',
- 'image/tiff'=>'.tif',
- 'image/svg+xml'=>'.svg',
- 'image/svg+xml'=>'.svgz',
- 'application/zip'=>'.zip',
- 'application/x-rar-compressed'=>'.rar',
- 'application/x-msdownload'=>'.exe',
- 'application/x-msdownload'=>'.msi',
- 'application/vnd.ms-cab-compressed'=>'.cab',
- 'audio/mpeg'=>'.mp3',
- 'video/quicktime'=>'.qt',
- 'video/quicktime'=>'.mov',
- 'application/pdf'=>'.pdf',
- 'image/vnd.adobe.photoshop'=>'.psd',
- 'application/postscript'=>'.ai',
- 'application/postscript'=>'.eps',
- 'application/postscript'=>'.ps',
- 'application/msword'=>'.doc',
- 'application/rtf'=>'.rtf',
- 'application/vnd.ms-excel'=>'.xls',
- 'application/vnd.ms-powerpoint'=>'.ppt',
- 'application/vnd.oasis.opendocument.text'=>'.odt',
- 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods'
- );
-
- if(!array_key_exists($result,$optimus_prime))
- {
- return ".dat";
- }else
- {
- return $optimus_prime[$result];
- }
-
- }
- }
-
- function get_icon($path_to_file)
- {
- $file_ext="svg/icons/".file_extension($path_to_file).".svg";
- if(!file_exists($file_ext))
- {
- return "svg/icons/.dat.svg";
- }else
- {
- return $file_ext;
- }
- }
-
- ?>
F diff --git a/index.html b/index.html --- a/index.html +++ b/index.html
</div>
<div class="vcenter">
- <form action="/register.php">
+ <form action="/register.php" method="post">
<h2>Get started</h2>
<div class="content">
<p>Username</p>
<input type="text" id="username" name="username">
+ <p>Email address</p>
+ <input type="text" id="email" name="email">
<p>Password</p>
<input type="password" id="password" name="password">
<p>Repeat Password</p>
F diff --git a/php/configuration.php b/php/configuration.php new file mode 100644 --- /dev/null +++ b/php/configuration.php
+ <?php
+ /*should be placed outside of document root*/
+
+ $domain_name="localhost";
+
+ $database_name="adam";
+ $database_username="adam";
+ $database_password="asdfd";
+ $database_location="127.0.0.1";
+
+
+
+ $password_hash_algo=PASSWORD_BCRYPT;
+
+
+ $has_email_verification=false;
+ ?>
F diff --git a/php/database.php b/php/database.php new file mode 100644 --- /dev/null +++ b/php/database.php
+ <?php
+ require_once "configuration.php";
+ require_once "user.php";
+ require_once "misc.php";
+
+ /*handles database stuff*/
+ class Database
+ {
+ private $pdo;
+
+
+ public function __construct()
+ {
+ global $domain_name;
+ global $database_name;
+ global $database_username;
+ global $database_password;
+ global $database_location;
+ try
+ {
+ $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
+ }catch(PDOException $e)
+ {
+ error_log("Could not get database {$database_name} from {$database_location}, {$e} ");
+ die("The cow bought the farm");
+ }
+ }
+
+ /*returns false if this isn't a user, otherwise returns the userid*/
+ function get_user(string $user)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username");
+ $prep->bindParam(':username',$user);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/
+ function authenticate(string $user, string $password)
+ {
+ $ret=new User;
+ global $password_hash_algo;
+
+
+
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+ if($hold)
+ {
+ $ret->user_id=hold["user_id"];
+ $ret->username=hold["username"];
+ $ret->email_address["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if username is taken, email is not checked here*/
+ function register_user(string $user,string $password,string $email) : bool
+ {
+ $hold=$this->get_user($user);
+ global $domain_name;
+ global $has_email_verification;
+ global $password_hash_algo;
+
+
+ if($hold)
+ {
+ return false;
+ }else
+ {
+ if($has_email_verification)
+ {
+ generate_email_verification_link();
+ }else
+ {
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+ $prep->bindParam(':email',$email);
+ $prep->execute();
+ }
+ return true;
+ }
+ }
+ }
+
+
+ ?>
F diff --git a/php/file_type_recogniser.php b/php/file_type_recogniser.php new file mode 100644 --- /dev/null +++ b/php/file_type_recogniser.php
+ <?php
+
+ function file_type($path_to_file) {
+ $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE);
+ return $file_type_database->file($path_to_file);
+ }
+
+
+ function file_extension($path_to_file) {
+ #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php
+ if(defined("FILEINFO_EXTENSION"))
+ {
+ $file_type_database = new finfo(FILEINFO_EXTENSION);
+ return "." . $file_type_database->file($path_to_file);
+ }else
+ {
+ $result=file_type($path_to_file);
+
+ $optimus_prime = array(
+ 'text/plain'=>'.txt',
+ 'text/html'=>'.html',
+ 'text/php'=>'.php',
+ 'text/css'=>'.css',
+ 'application/javascript'=>'.js',
+ 'application/json'=>'.json',
+ 'application/xml'=>'.xml',
+ 'application/x-shockwave-flash'=>'.swf',
+ 'video/x-flv'=>'.flv',
+ 'image/png'=>'.png',
+ 'image/jpeg'=>'.jpe',
+ 'image/jpeg'=>'.jpeg',
+ 'image/jpeg'=>'.jpg',
+ 'image/gif'=>'.gif',
+ 'image/bmp'=>'.bmp',
+ 'image/vnd.microsoft.icon'=>'.ico',
+ 'image/tiff'=>'.tiff',
+ 'image/tiff'=>'.tif',
+ 'image/svg+xml'=>'.svg',
+ 'image/svg+xml'=>'.svgz',
+ 'application/zip'=>'.zip',
+ 'application/x-rar-compressed'=>'.rar',
+ 'application/x-msdownload'=>'.exe',
+ 'application/x-msdownload'=>'.msi',
+ 'application/vnd.ms-cab-compressed'=>'.cab',
+ 'audio/mpeg'=>'.mp3',
+ 'video/quicktime'=>'.qt',
+ 'video/quicktime'=>'.mov',
+ 'application/pdf'=>'.pdf',
+ 'image/vnd.adobe.photoshop'=>'.psd',
+ 'application/postscript'=>'.ai',
+ 'application/postscript'=>'.eps',
+ 'application/postscript'=>'.ps',
+ 'application/msword'=>'.doc',
+ 'application/rtf'=>'.rtf',
+ 'application/vnd.ms-excel'=>'.xls',
+ 'application/vnd.ms-powerpoint'=>'.ppt',
+ 'application/vnd.oasis.opendocument.text'=>'.odt',
+ 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods'
+ );
+
+ if(!array_key_exists($result,$optimus_prime))
+ {
+ return ".dat";
+ }else
+ {
+ return $optimus_prime[$result];
+ }
+
+ }
+ }
+
+ function get_icon($path_to_file)
+ {
+ $file_ext="svg/icons/".file_extension($path_to_file).".svg";
+ if(!file_exists($file_ext))
+ {
+ return "svg/icons/.dat.svg";
+ }else
+ {
+ return $file_ext;
+ }
+ }
+
+ ?>
F diff --git a/php/misc.php b/php/misc.php new file mode 100644 --- /dev/null +++ b/php/misc.php
+ <?php
+ require_once "user.php";
+
+ function validate_credentials(string $username,string $email,string $password,string $password2) : bool
+ {
+ return true;
+ }
+
+ function generate_email_verification_link()
+ {
+ /*TODO*/
+ $url="{$domain_name}/register/"+random_bytes(20);
+ mail($email,"Registration at ${domain_name}","Click here to register {$url}.");
+ }
+
+
+
+ ?>
F diff --git a/php/upload.php b/php/upload.php new file mode 100644 --- /dev/null +++ b/php/upload.php
+ <?php
+
+ if (!array_key_exists('uf', $_FILES)) {
+ http_response_code(400);
+ exit();
+ }
+
+
+ $file = $_FILES['uf'];
+
+
+ if (file['error'] != 0) {
+ http_response_code(400);
+ exit();
+ }
+
+ $m = md5_file($file['tmp_name']);
+
+ copy($file['tmp_name'], "screen/$m.png");
+
+ echo "http://india.fmi.fail/screen/$m.png";
+
+ ?>
F diff --git a/php/user.php b/php/user.php new file mode 100644 --- /dev/null +++ b/php/user.php
+ <?php
+ class User
+ {
+ /*I don't think we need to abstract these away*/
+ public $user_id;
+ public $username;
+ public $email_address;
+ }
+
+ ?>
F diff --git a/register.php b/register.php new file mode 100644 --- /dev/null +++ b/register.php
+ <?php
+ require_once "php/database.php";
+ require_once "php/misc.php";
+
+ $username=$_POST["username"];
+ $password=$_POST["password"];
+ $password2=$_POST["password2"];
+ $email=$_POST["email"];
+
+ /*check if we are given shady credentials*/
+ if(!validate_credentials($username,$email,$password,$password2))
+ {
+ error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");
+ die();
+ }
+ $database= new Database;
+
+ if($database->register_user($username,$password,$email))
+ {
+ echo "registered";
+ }else
+ {
+ echo "didn't register";
+ }
+
+ ?>
F diff --git a/sql/fileshare.sql b/sql/fileshare.sql --- a/sql/fileshare.sql +++ b/sql/fileshare.sql
- drop database fileshare;
-
-
-
-
-
- create database fileshare;
- use fileshare;
-
/*base user information*/
create table users (
- id int not null auto_increment,
+ user_id int not null auto_increment,
username varchar(50) not null unique,
- password varchar(100) not null unique,
- primary key (id)
+ password varchar(255) not null,
+ email varchar(50),
+ primary key (user_id)
);
/*table has only one owner and is identifyed by a number*/
create table files (
- id int not null auto_increment,
- owner int default null,
- absolutepath varchar(500) not null,
+ file_id int not null auto_increment,
+ owner_id int default null,
+ relative_path varchar(500) not null,
type varchar(20) not null default 'data',
- primary key (id),
- foreign key (owner) references users(id)
+ primary key (file_id),
+ foreign key (owner_id) references users(user_id)
);
/*the user with userid is given some kind of access to the file with fileid*/
/*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*/
/*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/
create table access (
- fileid int not null,
- userid int not null,
- canview boolean not null default true,
- canremove boolean not null default false,
- check (canview=true or canremove=true) ,
- foreign key (fileid) references files(id),
- foreign key (userid) references users(id)
+ file_id int not null,
+ user_id int not null,
+ can_view boolean not null default true,
+ can_remove boolean not null default false,
+ check (can_view=true or can_remove=true) ,
+ foreign key (file_id) references files(file_id),
+ foreign key (user_id) references users(user_id)
);
-
-
-
- /*basic info for testing purposes*/
- insert into users(username,password) values ("root","asdf");
- insert into users(username,password) values ("tester","tester");
- insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script");
- insert into access(fileid,userid,canview,canremove) values(1,2,true,false);
- /*I am not sure why this passes ....*/
- insert into access(fileid,userid,canview,canremove) values(1,2,false,false);
F diff --git a/upload.php b/upload.php deleted file mode 100644 --- a/upload.php +++ /dev/null
- <?php
-
- if (!array_key_exists('uf', $_FILES)) {
- http_response_code(400);
- exit();
- }
-
-
- $file = $_FILES['uf'];
-
-
- if (file['error'] != 0) {
- http_response_code(400);
- exit();
- }
-
- $m = md5_file($file['tmp_name']);
-
- copy($file['tmp_name'], "screen/$m.png");
-
- echo "http://india.fmi.fail/screen/$m.png";
-
- ?>