FILEUP



LOG | FILES | OVERVIEW


F diff --git a/css/style.css b/css/style.css --- a/css/style.css +++ b/css/style.css
border-color: black;
}
- .foldercontents, .filecontents {
+ .foldercontents, .filecontents, .filecontentsroot {
background: rgba(250, 250, 250, .9);
flex: 1 0 0;
}
- .filecontents {
+ .filecontents, .filecontentsroot {
background: white;
}
F diff --git a/loggedin.js b/loggedin.js --- a/loggedin.js +++ b/loggedin.js
}
}
+ function read_file_contents(text, cb, folder, filename) {
+ var data = new FormData();
+ data.append('folder', folder);
+ data.append('filename', filename);
+
+ let xhr = new XMLHttpRequest();
+ xhr.open('POST', '/php/readfile.php', true);
+
+ if (text) {
+ xhr.onload = function () {
+ cb(e.responseText);
+ };
+ } else {
+ xhr.responseType = 'arraybuffer';
+ xhr.onload = function () {
+ cb(xhr.response);
+ };
+ }
+
+ xhr.send(data);
+ }
+
function openfile_nondir() {
var mimetype = "text/plain";
return wnd;
}
+ function download_file(in_file, filename) {
+
+ if (in_file) {
+ var folder = get_path(focus.pwd.length - 1);
+ filename = focus.pwd[focus.pwd.length - 1];
+ } else {
+ var folder = get_path();
+ }
+
+ read_file_contents(false, (x) => {
+ var blob = new Blob([new Uint8Array(x, 0, x.length)]);
+ var url = URL.createObjectURL(blob);
+ var a = document.createElement('a');
+ a.href = url;
+ a.download = "filename";
+ document.body.appendChild(a);
+ a.click();
+ setTimeout(() => {
+ document.body.removeChild(a);
+ URL.revokeObjectURL(url);
+ });
+ }, folder, filename);
+
+ return;
+ }
+
+
+
+
function delete_window() {
var index = windows.indexOf(focus);
if (index >= 0) {
}
{
- wnd.filecontentsroot = mk(wnd.visuals, 'div');
+ wnd.filecontentsroot = mk(wnd.visuals, 'div', 'filecontentsroot');
var h3 = mk(wnd.filecontentsroot, 'h3');
var download_btn = mk(h3, 'button');
download_btn.innerText = "Download";
- download_btn.onclick = () => { download_file(); }
+ download_btn.onclick = () => { download_file(true); }
mk(h3, 'div', 'separator');
var download_btn = mk(h3, 'button');
download_btn.innerText = "Share";
download_btn.onclick = () => { share(true); }
-
+
mk(h3, 'div', 'separator');
wnd.filecontents = mk(wnd.filecontentsroot, 'div', 'filecontents');
focus.pwd.push(fileview.filename);
openfile(fileview.is_directory);
}],
- ['Open in New Window', () => {alert('not implemented')}],
+ // ['Open in New Window', () => {alert('not implemented')}],
];
if (is_in_trash) {
} else if (!is_trash) {
context_list.push(
['Rename', () => { rename_file(fileview.filename); }],
+ );
+ if (!fileview.is_directory) {
+ context_list.push(
+ ['Share', () => { share(false, fileview.filename); }],
+ ['Download', () => { download_file(false, fileview.filename); }],
+ );
+ }
+ context_list.push(
['Share', () => { share(false, fileview.filename); }],
['Delete', () => { move_to_trash(fileview.filename); }]
);
F diff --git a/php/database.php b/php/database.php --- a/php/database.php +++ b/php/database.php
}
}
- function create_shared_node(string $password,int $node_id)
+ function create_shared_node(string $password,int $node_id):bool
{
- $code=$this->get_random_node_name("");
- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)
- values (:id,:pass,:code)
+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)
+ values (:id,:pass)
");
$prep->bindParam(':id',$node_id);
$prep->bindParam(':pass',$password);
- $prep->bindParam(':code',$code);
if($prep->execute()==false)
{
error_log("could not create shared node in create_shared_node");
- return NULL;
+ return false;
}
- $shared_node=new Shared_Node();
- $shared_node->code=$code;
- $shared_node->node_id=$node_id;
- $shared_node->password=$password;
- return $shared_node;
+ return true;
}
function get_node(int $node_id)
{
return false;
}
}
- function get_shared_node(string $code)
- {
- $prepare=$this->pdo->prepare("
- select * from shared_nodes where code=:code
- ");
- $prepare->bindParam(':code',$code);
- if($prepare->execute()==false)
- {
- error_log("sql statement at get_shared_node failed");
- return NULL;
- }
- $ret=$prepare->fetch(PDO::FETCH_ASSOC);
- $nod=new Shared_Node();
- $nod->node_id=$ret["node_id"];
- $nod->password=$ret["passcode"];
- $nod->code=$ret["code"];
- return $nod;
- }
/*returns false if username is taken, email is not checked here*/
function register_user(string $user,string $password,string $email) : bool
F diff --git a/php/node.php b/php/node.php --- a/php/node.php +++ b/php/node.php
public $type;
public $code;
}
- class Shared_Node
- {
- public $node_id;
- public $code;
- public $password;
- }
/*path is in terms of the simulated filesystem*/
/*returns NULL on error*/
function get_directory(string $abstract_path,User $user)
{
return NULL;
}
- $shared_node=$database->create_shared_node($password,$node_id);
- if($shared_node==NULL)
+ if($database->create_shared_node($password,$node_id)==false)
{
return NULL;
}
- if($can_read)
- $database->give_view_access($node_id,$user->user_id);
- if($can_write)
- $database->give_edit_access($node_id,$user->user_id);
+ $code=$database->get_code_of_node($node_id);
+ if($code==NULL)
+ {
+ return NULL;
+ }
if($use_https)
{
- return "https://".$domain_name."/php/share.php?file=".$shared_node->code;
+ return "https://".$domain_name."/php/share.php?file=".$code;
}else
{
- return "http://".$domain_name."/php/share.php?file=".$shared_node->code;
+ return "http://".$domain_name."/php/share.php?file=".$code;
}
}
F diff --git a/php/share.php b/php/share.php --- a/php/share.php +++ b/php/share.php
}
else
{
- http_response_code(409);
+ // http_response_code(409);
error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
- exit(1);
+ // exit(1);
}
- $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
- //$share_link=create_share_link($path,$filename,$password,$user,true,true);
+ //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
+ $share_link=create_share_link($path,$filename,$password,$user,true,true);
if($share_link==NULL)
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
$code=$_GET["file"];
- $password=$_GET["password"];
-
- $shared_node=$database->get_shared_node($code);
- if($shared_node==NULL || $shared_node->password!=$password)
+ $file_id=$database->get_node_with_code($code);
+ if($file_id==NULL)
{
http_response_code(409);
exit(0);
}
- $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
+ $permissions=$database->get_permissions($file_id,$user->user_id);
if($permissions["can_view"]==true)
{
- $node=$database->get_node($shared_node->node_id);
+ $node=$database->get_node($file_id);
if($node->is_directory)
{
/*spooky stuff here*/
F diff --git a/sql/fileshare.sql b/sql/fileshare.sql --- a/sql/fileshare.sql +++ b/sql/fileshare.sql
create table shared_nodes (
node_id int not null,
passcode varchar(100) default "",
- code varchar(100) default "",
foreign key (node_id) references nodes(node_id) on delete cascade
);