FILEUP

F diff --git a/php/database.php b/php/database.php
--- a/php/database.php
+++ b/php/database.php
  			}
  
  		}
- 		function create_shared_node(string $password,int $node_id):bool
+ 		function create_shared_node(string $password,int $node_id)
  		{
- 			$prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
- 							values (:id,:pass)
+ 			$code=$this->get_random_node_name("");
+ 			$prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
+ 							values (:id,:pass,:code)
  						");
  			$prep->bindParam(':id',$node_id);
  			$prep->bindParam(':pass',$password);
+ 			$prep->bindParam(':code',$code);
  			if($prep->execute()==false)
  			{
  				error_log("could not create shared node in create_shared_node");
- 				return false;
+ 				return NULL;
  			}
- 			return true;
+ 			$shared_node=new Shared_Node();
+ 			$shared_node->code=$code;
+ 			$shared_node->node_id=$node_id;
+ 			$shared_node->password=$password;
+ 			return $shared_node;
  		}
  		function get_node(int $node_id)
  		{
  				return false;
  			}
  		}
+ 		function get_shared_node(string $code)
+ 		{
+ 			$prepare=$this->pdo->prepare("
+ 							select * from shared_nodes where code=:code	
+ 					");
+ 			$prepare->bindParam(':code',$code);
+ 			if($prepare->execute()==false)
+ 			{
+ 				error_log("sql statement at get_shared_node failed");
+ 				return NULL;
+ 			}
+ 			$ret=$prepare->fetch(PDO::FETCH_ASSOC);
+ 			$nod=new Shared_Node();
+ 			$nod->node_id=$ret["node_id"];
+ 			$nod->password=$ret["passcode"];
+ 			$nod->code=$ret["code"];
+ 			return $nod;
+ 		}
  
  		/*returns false if username is taken, email is not checked here*/
  		function register_user(string $user,string $password,string $email) : bool
F diff --git a/php/node.php b/php/node.php
--- a/php/node.php
+++ b/php/node.php
  		public $type;
  		public $code;
  	}
+ 	class Shared_Node
+ 	{
+ 		public $node_id;
+ 		public $code;
+ 		public $password;
+ 	}
  	/*path is in terms of the simulated filesystem*/
  	/*returns NULL on error*/
  	function get_directory(string $abstract_path,User $user)
  		{
  			return NULL;
  		}
- 		if($database->create_shared_node($password,$node_id)==false)
+ 		$shared_node=$database->create_shared_node($password,$node_id);
+ 		if($shared_node==NULL)
  		{
  			return NULL;
  		}
  		
- 		$code=$database->get_code_of_node($node_id);
- 		if($code==NULL)
- 		{
- 			return NULL;
- 		}
+ 		if($can_read)
+ 			$database->give_view_access($node_id,$user->user_id);
+ 		if($can_write)
+ 			$database->give_edit_access($node_id,$user->user_id);
  		if($use_https)
  		{
- 			return "https://".$domain_name."/php/share.php?file=".$code;
+ 			return "https://".$domain_name."/php/share.php?file=".$shared_node->code;
  		}else
  		{
- 			return "http://".$domain_name."/php/share.php?file=".$code;
+ 			return "http://".$domain_name."/php/share.php?file=".$shared_node->code;
  		}
  	}
  
F diff --git a/php/share.php b/php/share.php
--- a/php/share.php
+++ b/php/share.php
  	}
  	else
  	{
- //		http_response_code(409);
+ 		http_response_code(409);
  		error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
- //		exit(1);
+ 		exit(1);
  	}
  
  	//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
  }else if($_SERVER["REQUEST_METHOD"]== "GET")
  {
  	$code=$_GET["file"];
- 	$file_id=$database->get_node_with_code($code);
- 	if($file_id==NULL)
+ 	$password=$_GET["password"];
+ 
+ 	$shared_node=$database->get_shared_node($code);
+ 	if($shared_node==NULL || $shared_node->password!=$password)
  	{
  		http_response_code(409);
  		exit(0);
  	}
- 	$permissions=$database->get_permissions($file_id,$user->user_id);
+ 	$permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
  	if($permissions["can_view"]==true)
  	{
- 		$node=$database->get_node($file_id);
+ 		$node=$database->get_node($shared_node->node_id);
  		if($node->is_directory)
  		{
  			/*spooky stuff here*/
F diff --git a/sql/fileshare.sql b/sql/fileshare.sql
--- a/sql/fileshare.sql
+++ b/sql/fileshare.sql
  create table shared_nodes (
  	node_id int not null,
  	passcode varchar(100) default "",
+ 	code varchar(100) default "",
  	foreign key (node_id) references nodes(node_id) on delete cascade
  );