diff options
Diffstat (limited to 'application/controllers')
-rw-r--r-- | application/controllers/file.php | 57 | ||||
-rw-r--r-- | application/controllers/user.php | 74 |
2 files changed, 113 insertions, 18 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index 5fe8a124e..a363edc00 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -24,6 +24,8 @@ class File extends CI_Controller { mb_internal_encoding('UTF-8'); $this->load->helper(array('form', 'filebin')); $this->load->model('file_mod'); + $this->load->model('muser'); + $this->var->cli_client = false; $this->file_mod->var->cli_client =& $this->var->cli_client; $this->var->latest_client = false; @@ -45,6 +47,17 @@ class File extends CI_Controller { } else { $this->var->view_dir = "file"; } + + if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { + if (!$this->muser->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { + // TODO: better message + echo "login failed.\n"; + exit; + } + } + + $this->data['username'] = $this->muser->get_username(); + } function index() @@ -87,6 +100,8 @@ class File extends CI_Controller { function upload_form() { + $this->muser->require_access(); + $data = array(); $data['title'] = 'Upload'; $data['small_upload_size'] = $this->config->item('small_upload_size'); @@ -94,6 +109,8 @@ class File extends CI_Controller { $data['upload_max_age'] = $this->config->item('upload_max_age')/60/60/24; $data['contact_me_url'] = $this->config->item('contact_me_url'); + $data['username'] = $this->muser->get_username(); + $this->load->view($this->var->view_dir.'/header', $data); $this->load->view($this->var->view_dir.'/upload_form', $data); if ($this->var->cli_client) { @@ -111,10 +128,12 @@ class File extends CI_Controller { function upload_history() { - $password = $this->file_mod->get_password(); + $this->muser->require_access(); + + $user = $this->muser->get_userid(); $this->load->library("MemcacheLibrary"); - if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$password)) { + if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$user)) { $data = array(); $query = array(); $lengths = array(); @@ -124,14 +143,12 @@ class File extends CI_Controller { $lengths[$length_key] = 0; } - if ($password != "NULL") { - $query = $this->db->query(" - SELECT ".implode(",", $fields)." - FROM files - WHERE password = ? - ORDER BY date - ", array($password))->result_array(); - } + $query = $this->db->query(" + SELECT ".implode(",", $fields)." + FROM files + WHERE user = ? + ORDER BY date + ", array($user))->result_array(); foreach($query as $key => $item) { $query[$key]["date"] = date("r", $item["date"]); @@ -153,7 +170,7 @@ class File extends CI_Controller { $cached .= $this->load->view($this->var->view_dir.'/header', $data, true); $cached .= $this->load->view($this->var->view_dir.'/upload_history', $data, true); $cached .= $this->load->view($this->var->view_dir.'/footer', $data, true); - $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$password, $cached, 42); + $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$user, $cached, 42); } echo $cached; @@ -162,12 +179,18 @@ class File extends CI_Controller { // Allow users to delete IDs if their password matches the one used when uploading function delete() { + $this->muser->require_access(); + $data = array(); $id = $this->uri->segment(3); - $password = $this->file_mod->get_password(); $data["title"] = "Delete"; $data["id"] = $id; + $process = $this->input->post("process"); + if ($this->var->cli_client) { + $process = true; + } + $data["filedata"] = $this->file_mod->get_filedata($id); if ($data["filedata"]) { $data["filedata"]["size"] = filesize($this->file_mod->file($data["filedata"]["hash"])); @@ -176,18 +199,14 @@ class File extends CI_Controller { if ($id && !$this->file_mod->id_exists($id)) { $this->output->set_status_header(404); $data["msg"] = "Unknown ID."; - } elseif ($password != "NULL") { + } elseif ($process) { if ($this->file_mod->delete_id($id)) { $this->load->view($this->var->view_dir.'/header', $data); $this->load->view($this->var->view_dir.'/deleted', $data); $this->load->view($this->var->view_dir.'/footer', $data); return; } else { - $data["msg"] = "Deletion failed. Is the password correct?"; - } - } else { - if ($this->var->cli_client) { - $data["msg"] = "No password supplied."; + $data["msg"] = "Deletion failed. Do you really own that file?"; } } $this->load->view($this->var->view_dir.'/header', $data); @@ -198,6 +217,8 @@ class File extends CI_Controller { // Handles uploaded files function do_upload() { + $this->muser->require_access(); + $data = array(); if ($this->uri->segment(3)) { diff --git a/application/controllers/user.php b/application/controllers/user.php new file mode 100644 index 000000000..4dc92bea2 --- /dev/null +++ b/application/controllers/user.php @@ -0,0 +1,74 @@ +<?php + +class User extends CI_Controller { + + function __construct() + { + parent::__construct(); + $this->load->library('migration'); + if ( ! $this->migration->current()) { + show_error($this->migration->error_string()); + } + + $this->load->model("muser"); + $this->data["title"] = "FileBin"; + + $this->load->helper('form'); + + $this->var->view_dir = "user/"; + } + + function index() + { + $this->data["username"] = $this->muser->get_username(); + + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'index', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + + function login() + { + $this->session->keep_flashdata("uri"); + + if ($this->input->post('process')) { + $username = $this->input->post('username'); + $password = $this->input->post('password'); + + $result = $this->muser->login($username, $password); + + if ($result !== true) { + $data['login_error'] = true; + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } else { + $uri = $this->session->flashdata("uri"); + if ($uri) { + redirect($uri); + } else { + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login_successful', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + } + } else { + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + } + + function logout() + { + $this->muser->logout(); + redirect('/'); + } + + function hash_password() + { + $password = $this->input->post("password"); + echo "hashing $password: "; + echo $this->muser->hash_password($password); + } +} |