summaryrefslogtreecommitdiffstats
path: root/application/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'application/controllers')
-rw-r--r--application/controllers/file.php57
-rw-r--r--application/controllers/user.php74
2 files changed, 113 insertions, 18 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index 5fe8a124e..a363edc00 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -24,6 +24,8 @@ class File extends CI_Controller {
mb_internal_encoding('UTF-8');
$this->load->helper(array('form', 'filebin'));
$this->load->model('file_mod');
+ $this->load->model('muser');
+
$this->var->cli_client = false;
$this->file_mod->var->cli_client =& $this->var->cli_client;
$this->var->latest_client = false;
@@ -45,6 +47,17 @@ class File extends CI_Controller {
} else {
$this->var->view_dir = "file";
}
+
+ if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+ if (!$this->muser->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
+ // TODO: better message
+ echo "login failed.\n";
+ exit;
+ }
+ }
+
+ $this->data['username'] = $this->muser->get_username();
+
}
function index()
@@ -87,6 +100,8 @@ class File extends CI_Controller {
function upload_form()
{
+ $this->muser->require_access();
+
$data = array();
$data['title'] = 'Upload';
$data['small_upload_size'] = $this->config->item('small_upload_size');
@@ -94,6 +109,8 @@ class File extends CI_Controller {
$data['upload_max_age'] = $this->config->item('upload_max_age')/60/60/24;
$data['contact_me_url'] = $this->config->item('contact_me_url');
+ $data['username'] = $this->muser->get_username();
+
$this->load->view($this->var->view_dir.'/header', $data);
$this->load->view($this->var->view_dir.'/upload_form', $data);
if ($this->var->cli_client) {
@@ -111,10 +128,12 @@ class File extends CI_Controller {
function upload_history()
{
- $password = $this->file_mod->get_password();
+ $this->muser->require_access();
+
+ $user = $this->muser->get_userid();
$this->load->library("MemcacheLibrary");
- if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$password)) {
+ if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$user)) {
$data = array();
$query = array();
$lengths = array();
@@ -124,14 +143,12 @@ class File extends CI_Controller {
$lengths[$length_key] = 0;
}
- if ($password != "NULL") {
- $query = $this->db->query("
- SELECT ".implode(",", $fields)."
- FROM files
- WHERE password = ?
- ORDER BY date
- ", array($password))->result_array();
- }
+ $query = $this->db->query("
+ SELECT ".implode(",", $fields)."
+ FROM files
+ WHERE user = ?
+ ORDER BY date
+ ", array($user))->result_array();
foreach($query as $key => $item) {
$query[$key]["date"] = date("r", $item["date"]);
@@ -153,7 +170,7 @@ class File extends CI_Controller {
$cached .= $this->load->view($this->var->view_dir.'/header', $data, true);
$cached .= $this->load->view($this->var->view_dir.'/upload_history', $data, true);
$cached .= $this->load->view($this->var->view_dir.'/footer', $data, true);
- $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$password, $cached, 42);
+ $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$user, $cached, 42);
}
echo $cached;
@@ -162,12 +179,18 @@ class File extends CI_Controller {
// Allow users to delete IDs if their password matches the one used when uploading
function delete()
{
+ $this->muser->require_access();
+
$data = array();
$id = $this->uri->segment(3);
- $password = $this->file_mod->get_password();
$data["title"] = "Delete";
$data["id"] = $id;
+ $process = $this->input->post("process");
+ if ($this->var->cli_client) {
+ $process = true;
+ }
+
$data["filedata"] = $this->file_mod->get_filedata($id);
if ($data["filedata"]) {
$data["filedata"]["size"] = filesize($this->file_mod->file($data["filedata"]["hash"]));
@@ -176,18 +199,14 @@ class File extends CI_Controller {
if ($id && !$this->file_mod->id_exists($id)) {
$this->output->set_status_header(404);
$data["msg"] = "Unknown ID.";
- } elseif ($password != "NULL") {
+ } elseif ($process) {
if ($this->file_mod->delete_id($id)) {
$this->load->view($this->var->view_dir.'/header', $data);
$this->load->view($this->var->view_dir.'/deleted', $data);
$this->load->view($this->var->view_dir.'/footer', $data);
return;
} else {
- $data["msg"] = "Deletion failed. Is the password correct?";
- }
- } else {
- if ($this->var->cli_client) {
- $data["msg"] = "No password supplied.";
+ $data["msg"] = "Deletion failed. Do you really own that file?";
}
}
$this->load->view($this->var->view_dir.'/header', $data);
@@ -198,6 +217,8 @@ class File extends CI_Controller {
// Handles uploaded files
function do_upload()
{
+ $this->muser->require_access();
+
$data = array();
if ($this->uri->segment(3)) {
diff --git a/application/controllers/user.php b/application/controllers/user.php
new file mode 100644
index 000000000..4dc92bea2
--- /dev/null
+++ b/application/controllers/user.php
@@ -0,0 +1,74 @@
+<?php
+
+class User extends CI_Controller {
+
+ function __construct()
+ {
+ parent::__construct();
+ $this->load->library('migration');
+ if ( ! $this->migration->current()) {
+ show_error($this->migration->error_string());
+ }
+
+ $this->load->model("muser");
+ $this->data["title"] = "FileBin";
+
+ $this->load->helper('form');
+
+ $this->var->view_dir = "user/";
+ }
+
+ function index()
+ {
+ $this->data["username"] = $this->muser->get_username();
+
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'index', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+
+ function login()
+ {
+ $this->session->keep_flashdata("uri");
+
+ if ($this->input->post('process')) {
+ $username = $this->input->post('username');
+ $password = $this->input->post('password');
+
+ $result = $this->muser->login($username, $password);
+
+ if ($result !== true) {
+ $data['login_error'] = true;
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ } else {
+ $uri = $this->session->flashdata("uri");
+ if ($uri) {
+ redirect($uri);
+ } else {
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login_successful', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+ }
+ } else {
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+ }
+
+ function logout()
+ {
+ $this->muser->logout();
+ redirect('/');
+ }
+
+ function hash_password()
+ {
+ $password = $this->input->post("password");
+ echo "hashing $password: ";
+ echo $this->muser->hash_password($password);
+ }
+}