diff options
Diffstat (limited to 'application/models')
| -rw-r--r-- | application/models/file_mod.php | 38 | ||||
| -rw-r--r-- | application/models/muser.php | 70 |
2 files changed, 81 insertions, 27 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php index 51557396a..08f43853c 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -20,7 +20,7 @@ class File_mod extends CI_Model { { $id = $this->random_id(3,6); - if ($this->id_exists($id) || $id == 'file') { + if ($this->id_exists($id) || $id == 'file' || $id == 'user') { return $this->new_id(); } else { return $id; @@ -74,32 +74,19 @@ class File_mod extends CI_Model { return $this->folder($hash).'/'.$hash; } - function hash_password($password) - { - return sha1($this->config->item('passwordsalt').$password); - } - - // Returns the password submitted by the user - function get_password() - { - $password = $this->input->post('password'); - if ($password !== false && $password !== "") { - return $this->hash_password($password); - } elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') { - return $this->hash_password($_SERVER['PHP_AUTH_PW']); - } - return 'NULL'; - } - // Add a hash to the DB // TODO: Should only update not insert; see new_id() function add_file($hash, $id, $filename) { + $this->muser->require_access(); + + $userid = $this->muser->get_userid(); + $mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash))); $query = $this->db->query(' - INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`) + INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`) VALUES (?, ?, ?, ?, ?, ?)', - array($hash, $id, $filename, $this->get_password(), time(), $mimetype)); + array($hash, $id, $filename, $userid, time(), $mimetype)); } function show_url($id, $mode) @@ -338,12 +325,9 @@ class File_mod extends CI_Model { function delete_id($id) { + $this->muser->require_access(); $filedata = $this->get_filedata($id); - $password = $this->get_password(); - - if ($password == "NULL") { - return false; - } + $userid = $this->muser->get_userid(); if(!$this->id_exists($id)) { return false; @@ -353,9 +337,9 @@ class File_mod extends CI_Model { DELETE FROM `files` WHERE `id` = ? - AND password = ? + AND user = ? LIMIT 1'; - $this->db->query($sql, array($id, $password)); + $this->db->query($sql, array($id, $userid)); if($this->id_exists($id)) { return false; diff --git a/application/models/muser.php b/application/models/muser.php new file mode 100644 index 000000000..0b3d26be7 --- /dev/null +++ b/application/models/muser.php @@ -0,0 +1,70 @@ +<?php + +class Muser extends CI_Model { + function __construct() + { + parent::__construct(); + $this->load->library("session"); + } + + function logged_in() + { + return $this->session->userdata('logged_in') == true; + } + + function login($username, $password) + { + $query = $this->db->query(' + SELECT * + FROM `users` + WHERE `username` = ? + ', array($username))->row_array(); + + if (crypt($password, $query["password"] == $password)) { + $this->session->set_userdata('logged_in', true); + $this->session->set_userdata('username', $username); + return true; + } else { + return false; + } + } + + function logout() + { + $this->session->unset_userdata('logged_in'); + $this->session->unset_userdata('username'); + } + + function get_username() + { + return $this->session->userdata('username'); + } + + function get_userid() + { + $query = $this->db->query(" + SELECT id + FROM users + WHERE username = ? + ", array($this->get_username()))->row_array(); + return $query["id"]; + } + + function require_access() + { + if ($this->logged_in()) { + return true; + } else { + $this->session->set_flashdata("uri", $this->uri->uri_string()); + redirect('user/login'); + } + } + + function hash_password($password) + { + $salt = random_alphanum(22); + return crypt($password, "$2a$10$$salt$"); + } + +} + |