FILEUP



LOG | FILES | OVERVIEW


F diff --git a/php/database.php b/php/database.php --- a/php/database.php +++ b/php/database.php
}
}
- function create_shared_node(string $password,int $node_id):bool
+ function create_shared_node(string $password,int $node_id)
{
- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
- values (:id,:pass)
+ $code=$this->get_random_node_name("");
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
+ values (:id,:pass,:code)
");
$prep->bindParam(':id',$node_id);
$prep->bindParam(':pass',$password);
+ $prep->bindParam(':code',$code);
if($prep->execute()==false)
{
error_log("could not create shared node in create_shared_node");
- return false;
+ return NULL;
}
- return true;
+ $shared_node=new Shared_Node();
+ $shared_node->code=$code;
+ $shared_node->node_id=$node_id;
+ $shared_node->password=$password;
+ return $shared_node;
}
function get_node(int $node_id)
{
return false;
}
}
+ function get_shared_node(string $code)
+ {
+ $prepare=$this->pdo->prepare("
+ select * from shared_nodes where code=:code
+ ");
+ $prepare->bindParam(':code',$code);
+ if($prepare->execute()==false)
+ {
+ error_log("sql statement at get_shared_node failed");
+ return NULL;
+ }
+ $ret=$prepare->fetch(PDO::FETCH_ASSOC);
+ $nod=new Shared_Node();
+ $nod->node_id=$ret["node_id"];
+ $nod->password=$ret["passcode"];
+ $nod->code=$ret["code"];
+ return $nod;
+ }
/*returns false if username is taken, email is not checked here*/
function register_user(string $user,string $password,string $email) : bool
F diff --git a/php/node.php b/php/node.php --- a/php/node.php +++ b/php/node.php
public $type;
public $code;
}
+ class Shared_Node
+ {
+ public $node_id;
+ public $code;
+ public $password;
+ }
/*path is in terms of the simulated filesystem*/
/*returns NULL on error*/
function get_directory(string $abstract_path,User $user)
{
return NULL;
}
- if($database->create_shared_node($password,$node_id)==false)
+ $shared_node=$database->create_shared_node($password,$node_id);
+ if($shared_node==NULL)
{
return NULL;
}
- $code=$database->get_code_of_node($node_id);
- if($code==NULL)
- {
- return NULL;
- }
+ if($can_read)
+ $database->give_view_access($node_id,$user->user_id);
+ if($can_write)
+ $database->give_edit_access($node_id,$user->user_id);
if($use_https)
{
- return "https://".$domain_name."/php/share.php?file=".$code;
+ return "https://".$domain_name."/php/share.php?file=".$shared_node->code;
}else
{
- return "http://".$domain_name."/php/share.php?file=".$code;
+ return "http://".$domain_name."/php/share.php?file=".$shared_node->code;
}
}
F diff --git a/php/share.php b/php/share.php --- a/php/share.php +++ b/php/share.php
}
else
{
- // http_response_code(409);
+ http_response_code(409);
error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
- // exit(1);
+ exit(1);
}
//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
$code=$_GET["file"];
- $file_id=$database->get_node_with_code($code);
- if($file_id==NULL)
+ $password=$_GET["password"];
+
+ $shared_node=$database->get_shared_node($code);
+ if($shared_node==NULL || $shared_node->password!=$password)
{
http_response_code(409);
exit(0);
}
- $permissions=$database->get_permissions($file_id,$user->user_id);
+ $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
if($permissions["can_view"]==true)
{
- $node=$database->get_node($file_id);
+ $node=$database->get_node($shared_node->node_id);
if($node->is_directory)
{
/*spooky stuff here*/
F diff --git a/sql/fileshare.sql b/sql/fileshare.sql --- a/sql/fileshare.sql +++ b/sql/fileshare.sql
create table shared_nodes (
node_id int not null,
passcode varchar(100) default "",
+ code varchar(100) default "",
foreign key (node_id) references nodes(node_id) on delete cascade
);