FILEUP



LOG | FILES | OVERVIEW


<?php
require_once "configuration.php";
require_once "database.php";
require_once "user.php";

session_start();



if($_SERVER["REQUEST_METHOD"] == "POST")
{
	if(!isset($_SESSION['user_object']) || !isset($_POST["folder"]) || !isset($_POST["filename"]) || !isset($_POST["users"]) || !isset($_POST["password"]) || !isset($_POST["permissions"]) )
	{
		error_log("things are not set quite right");
		http_response_code(409);
		exit(0);
	}
	$user=$_SESSION['user_object'];
	$path=$_POST["folder"];
	/*this could be a directory as well*/
	$filename=$_POST["filename"];
	$users=$_POST["users"];
	$password=$_POST["password"];
	$permissions=$_POST["permissions"];


	if($permissions==1)
	{
		$can_read=true;
		$can_write=false;
	}else if($permissions==3)
	{
		$can_read=true;
		$can_write=true;
	}
	else
	{
		http_response_code(409);
		error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
		exit(1);
	}

	error_log("someone is sharing ".$filename." with ".$users);
	$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write,$users);
	//$share_link=create_share_link($path,$filename,$password,$user,true,true);


	if($share_link==NULL)
	{
		http_response_code(409);
	}
	echo $share_link;
	http_response_code(200);
	exit(0);
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
	if(!isset($_GET["file"]))
	{
		http_response_code(409);
		exit(0);
	}
	$code=$_GET["file"];
	if(isset($_GET["password"]))
	{
		$password=$_GET["password"];
	}else
	{
		$password="";
	}

	$shared_node=$database->get_shared_node($code);
	if($shared_node==NULL)
	{
		http_response_code(409);
		exit(0);
	}
    if ($shared_node->password!=$password) {
        if ($password == "") 
        {
            require_once("../share_frontend.php");
            exit(0);
        }else 
        {
            echo "Invalid password";
		    http_response_code(409);
		    exit(0);
        }
    }
	if(isset($_SESSION["user_object"]))
	{
		$user=$_SESSION["user_object"];
		$permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
		if($permissions["can_view"]==true)
		{
			$node=$database->get_node($shared_node->node_id);
			if($node->is_directory)
			{
				/*spooky stuff here*/
				http_response_code(409);
				exit(1);
			}else
			{
				header("Content-type: $node->type");
				readfile("$storage_root/$node->code");
			}
		}
	}else
	{
		if($shared_node->is_public==true)
		{
			$node=$database->get_node($shared_node->node_id);
			if($node->is_directory)
			{
				/*spooky stuff here*/
				http_response_code(409);
				exit(1);
			}else
			{
				header("Content-type: $node->type");
				readfile("$storage_root/$node->code");
			}
		}else
		{
			http_response_code(409);
			exit(1);
		}
	}




}else
{
	http_response_code(409);
	exit(0);
}
?>