F diff --git a/css/style.css b/css/style.css --- a/css/style.css +++ b/css/style.cssborder-color: black;}- .foldercontents, .filecontents {+ .foldercontents, .filecontents, .filecontentsroot {background: rgba(250, 250, 250, .9);flex: 1 0 0;}- .filecontents {+ .filecontents, .filecontentsroot {background: white;}F diff --git a/loggedin.js b/loggedin.js --- a/loggedin.js +++ b/loggedin.js}}+ function read_file_contents(text, cb, folder, filename) {+ var data = new FormData();+ data.append('folder', folder);+ data.append('filename', filename);++ let xhr = new XMLHttpRequest();+ xhr.open('POST', '/php/readfile.php', true);++ if (text) {+ xhr.onload = function () {+ cb(e.responseText);+ };+ } else {+ xhr.responseType = 'arraybuffer';+ xhr.onload = function () {+ cb(xhr.response);+ };+ }++ xhr.send(data);+ }+function openfile_nondir() {var mimetype = "text/plain";return wnd;}+ function download_file(in_file, filename) {++ if (in_file) {+ var folder = get_path(focus.pwd.length - 1);+ filename = focus.pwd[focus.pwd.length - 1];+ } else {+ var folder = get_path();+ }++ read_file_contents(false, (x) => {+ var blob = new Blob([new Uint8Array(x, 0, x.length)]);+ var url = URL.createObjectURL(blob);+ var a = document.createElement('a');+ a.href = url;+ a.download = "filename";+ document.body.appendChild(a);+ a.click();+ setTimeout(() => {+ document.body.removeChild(a);+ URL.revokeObjectURL(url);+ });+ }, folder, filename);++ return;+ }++++function delete_window() {var index = windows.indexOf(focus);if (index >= 0) {}{- wnd.filecontentsroot = mk(wnd.visuals, 'div');+ wnd.filecontentsroot = mk(wnd.visuals, 'div', 'filecontentsroot');var h3 = mk(wnd.filecontentsroot, 'h3');var download_btn = mk(h3, 'button');download_btn.innerText = "Download";- download_btn.onclick = () => { download_file(); }+ download_btn.onclick = () => { download_file(true); }mk(h3, 'div', 'separator');var download_btn = mk(h3, 'button');download_btn.innerText = "Share";download_btn.onclick = () => { share(true); }-+mk(h3, 'div', 'separator');wnd.filecontents = mk(wnd.filecontentsroot, 'div', 'filecontents');focus.pwd.push(fileview.filename);openfile(fileview.is_directory);}],- ['Open in New Window', () => {alert('not implemented')}],+ // ['Open in New Window', () => {alert('not implemented')}],];if (is_in_trash) {} else if (!is_trash) {context_list.push(['Rename', () => { rename_file(fileview.filename); }],+ );+ if (!fileview.is_directory) {+ context_list.push(+ ['Share', () => { share(false, fileview.filename); }],+ ['Download', () => { download_file(false, fileview.filename); }],+ );+ }+ context_list.push(['Share', () => { share(false, fileview.filename); }],['Delete', () => { move_to_trash(fileview.filename); }]);F diff --git a/php/database.php b/php/database.php --- a/php/database.php +++ b/php/database.php}}- function create_shared_node(string $password,int $node_id)+ function create_shared_node(string $password,int $node_id):bool{- $code=$this->get_random_node_name("");- $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode,code)- values (:id,:pass,:code)+ $prep=$this->pdo->prepare("insert into shared_nodes(node_id,passcode)+ values (:id,:pass)");$prep->bindParam(':id',$node_id);$prep->bindParam(':pass',$password);- $prep->bindParam(':code',$code);if($prep->execute()==false){error_log("could not create shared node in create_shared_node");- return NULL;+ return false;}- $shared_node=new Shared_Node();- $shared_node->code=$code;- $shared_node->node_id=$node_id;- $shared_node->password=$password;- return $shared_node;+ return true;}function get_node(int $node_id){return false;}}- function get_shared_node(string $code)- {- $prepare=$this->pdo->prepare("- select * from shared_nodes where code=:code- ");- $prepare->bindParam(':code',$code);- if($prepare->execute()==false)- {- error_log("sql statement at get_shared_node failed");- return NULL;- }- $ret=$prepare->fetch(PDO::FETCH_ASSOC);- $nod=new Shared_Node();- $nod->node_id=$ret["node_id"];- $nod->password=$ret["passcode"];- $nod->code=$ret["code"];- return $nod;- }/*returns false if username is taken, email is not checked here*/function register_user(string $user,string $password,string $email) : boolF diff --git a/php/node.php b/php/node.php --- a/php/node.php +++ b/php/node.phppublic $type;public $code;}- class Shared_Node- {- public $node_id;- public $code;- public $password;- }/*path is in terms of the simulated filesystem*//*returns NULL on error*/function get_directory(string $abstract_path,User $user){return NULL;}- $shared_node=$database->create_shared_node($password,$node_id);- if($shared_node==NULL)+ if($database->create_shared_node($password,$node_id)==false){return NULL;}- if($can_read)- $database->give_view_access($node_id,$user->user_id);- if($can_write)- $database->give_edit_access($node_id,$user->user_id);+ $code=$database->get_code_of_node($node_id);+ if($code==NULL)+ {+ return NULL;+ }if($use_https){- return "https://".$domain_name."/php/share.php?file=".$shared_node->code;+ return "https://".$domain_name."/php/share.php?file=".$code;}else{- return "http://".$domain_name."/php/share.php?file=".$shared_node->code;+ return "http://".$domain_name."/php/share.php?file=".$code;}}F diff --git a/php/share.php b/php/share.php --- a/php/share.php +++ b/php/share.php}else{- http_response_code(409);+ // http_response_code(409);error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");- exit(1);+ // exit(1);}- $share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);- //$share_link=create_share_link($path,$filename,$password,$user,true,true);+ //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);+ $share_link=create_share_link($path,$filename,$password,$user,true,true);if($share_link==NULL)}else if($_SERVER["REQUEST_METHOD"]== "GET"){$code=$_GET["file"];- $password=$_GET["password"];-- $shared_node=$database->get_shared_node($code);- if($shared_node==NULL || $shared_node->password!=$password)+ $file_id=$database->get_node_with_code($code);+ if($file_id==NULL){http_response_code(409);exit(0);}- $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);+ $permissions=$database->get_permissions($file_id,$user->user_id);if($permissions["can_view"]==true){- $node=$database->get_node($shared_node->node_id);+ $node=$database->get_node($file_id);if($node->is_directory){/*spooky stuff here*/F diff --git a/sql/fileshare.sql b/sql/fileshare.sql --- a/sql/fileshare.sql +++ b/sql/fileshare.sqlcreate table shared_nodes (node_id int not null,passcode varchar(100) default "",- code varchar(100) default "",foreign key (node_id) references nodes(node_id) on delete cascade);