diff options
-rw-r--r-- | application/controllers/file.php | 26 | ||||
-rw-r--r-- | application/models/file_mod.php | 29 | ||||
-rw-r--r-- | application/models/muser.php | 12 |
3 files changed, 59 insertions, 8 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index cb10e9e2f..152e6a011 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -210,8 +210,6 @@ class File extends CI_Controller { // Handle pastes function do_paste() { - $this->muser->require_access(); - $content = $this->input->post("content"); $filesize = strlen($content); $filename = "stdin"; @@ -243,14 +241,12 @@ class File extends CI_Controller { file_put_contents($file, $content); chmod($file, 0600); $this->file_mod->add_file($hash, $id, $filename); - $this->file_mod->show_url($id, $extension); + $this->file_mod->show_url($id, false); } // Handles uploaded files function do_upload() { - $this->muser->require_access(); - $extension = $this->input->post('extension'); if(!isset($_FILES['file']) || $_FILES['file']['error'] !== 0) { $this->output->set_status_header(400); @@ -307,6 +303,26 @@ class File extends CI_Controller { $this->file_mod->show_url($id, $extension); } + function claim_id() + { + $this->muser->require_access(); + + $last_upload = $this->session->userdata("last_upload"); + $id = $last_upload["id"]; + + $filedata = $this->file_mod->get_filedata($id); + + if ($filedata["owner"] != 0) { + show_error("Someone already owns '$id', can't reassign."); + } + + $this->file_mod->adopt($id); + + $this->session->unset_userdata("last_upload"); + + $this->file_mod->show_url($id, $last_upload["mode"]); + } + /* Functions below this comment can only be run via the CLI * `php index.php file <function name>` */ diff --git a/application/models/file_mod.php b/application/models/file_mod.php index 26d384fa9..e65529971 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -83,8 +83,6 @@ class File_mod extends CI_Model { // TODO: Should only update not insert; see new_id() function add_file($hash, $id, $filename) { - $this->muser->require_access(); - $userid = $this->muser->get_userid(); $mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash))); @@ -95,10 +93,31 @@ class File_mod extends CI_Model { array($hash, $id, $filename, $userid, time(), $mimetype, $filesize)); } + function adopt($id) + { + $userid = $this->muser->get_userid(); + + $this->db->query(" + UPDATE files + SET user = ? + WHERE id = ? + ", array($userid, $id)); + } + function show_url($id, $mode) { $redirect = false; + if (!$this->muser->logged_in()) { + // keep the upload but require the user to login + $this->session->set_userdata("last_upload", array( + "id" => $id, + "mode" => $mode + )); + $this->session->set_flashdata("uri", "file/claim_id"); + $this->muser->require_access(); + } + if ($mode) { $this->data['url'] = site_url($id).'/'.$mode; } else { @@ -191,6 +210,12 @@ class File_mod extends CI_Model { return; } + // don't allow unowned files to be downloaded + if ($filedata["user"] == 0) { + $this->non_existent(); + return; + } + // MODIFIED SINCE SUPPORT -- START // helps to keep traffic low when reloading $etag = strtolower($filedata["hash"]."-".$filedata["date"]); diff --git a/application/models/muser.php b/application/models/muser.php index 532fdeb1a..169182c46 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -47,11 +47,19 @@ class Muser extends CI_Model { function get_username() { + if (!$this->logged_in()) { + return ""; + } + return $this->session->userdata('username'); } function get_userid() { + if (!$this->logged_in()) { + return 0; + } + $query = $this->db->query(" SELECT id FROM users @@ -69,7 +77,9 @@ class Muser extends CI_Model { echo "FileBin requires you to have an account, please go to the homepage for more information.\n"; exit(); } else { - $this->session->set_flashdata("uri", $this->uri->uri_string()); + if (!$this->session->userdata("flash:new:uri")) { + $this->session->set_flashdata("uri", $this->uri->uri_string()); + } redirect('user/login'); } } |