3 files changed, 59 insertions, 8 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index cb10e9e2f..152e6a011 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -210,8 +210,6 @@ class File extends CI_Controller {
 	// Handle pastes
 	function do_paste()
 	{
-		$this->muser->require_access();
-
 		$content = $this->input->post("content");
 		$filesize = strlen($content);
 		$filename = "stdin";
@@ -243,14 +241,12 @@ class File extends CI_Controller {
 		file_put_contents($file, $content);
 		chmod($file, 0600);
 		$this->file_mod->add_file($hash, $id, $filename);
-		$this->file_mod->show_url($id, $extension);
+		$this->file_mod->show_url($id, false);
 	}
 
 	// Handles uploaded files
 	function do_upload()
 	{
-		$this->muser->require_access();
-
 		$extension = $this->input->post('extension');
 		if(!isset($_FILES['file']) || $_FILES['file']['error'] !== 0) {
 			$this->output->set_status_header(400);
@@ -307,6 +303,26 @@ class File extends CI_Controller {
 		$this->file_mod->show_url($id, $extension);
 	}
 
+	function claim_id()
+	{
+		$this->muser->require_access();
+
+		$last_upload = $this->session->userdata("last_upload");
+		$id = $last_upload["id"];
+
+		$filedata = $this->file_mod->get_filedata($id);
+
+		if ($filedata["owner"] != 0) {
+			show_error("Someone already owns '$id', can't reassign.");
+		}
+
+		$this->file_mod->adopt($id);
+
+		$this->session->unset_userdata("last_upload");
+
+		$this->file_mod->show_url($id, $last_upload["mode"]);
+	}
+
 	/* Functions below this comment can only be run via the CLI
 	 * `php index.php file <function name>`
 	 */
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 26d384fa9..e65529971 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -83,8 +83,6 @@ class File_mod extends CI_Model {
 	// TODO: Should only update not insert; see new_id()
 	function add_file($hash, $id, $filename)
 	{
-		$this->muser->require_access();
-
 		$userid = $this->muser->get_userid();
 
 		$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
@@ -95,10 +93,31 @@ class File_mod extends CI_Model {
 			array($hash, $id, $filename, $userid, time(), $mimetype, $filesize));
 	}
 
+	function adopt($id)
+	{
+		$userid = $this->muser->get_userid();
+
+		$this->db->query("
+			UPDATE files
+			SET user = ?
+			WHERE id = ?
+			", array($userid, $id));
+	}
+
 	function show_url($id, $mode)
 	{
 		$redirect = false;
 
+		if (!$this->muser->logged_in()) {
+			// keep the upload but require the user to login
+			$this->session->set_userdata("last_upload", array(
+				"id" => $id,
+				"mode" => $mode
+			));
+			$this->session->set_flashdata("uri", "file/claim_id");
+			$this->muser->require_access();
+		}
+
 		if ($mode) {
 			$this->data['url'] = site_url($id).'/'.$mode;
 		} else {
@@ -191,6 +210,12 @@ class File_mod extends CI_Model {
 			return;
 		}
 
+		// don't allow unowned files to be downloaded
+		if ($filedata["user"] == 0) {
+			$this->non_existent();
+			return;
+		}
+
 		// MODIFIED SINCE SUPPORT -- START
 		// helps to keep traffic low when reloading
 		$etag = strtolower($filedata["hash"]."-".$filedata["date"]);
diff --git a/application/models/muser.php b/application/models/muser.php
index 532fdeb1a..169182c46 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -47,11 +47,19 @@ class Muser extends CI_Model {
 
 	function get_username()
 	{
+		if (!$this->logged_in()) {
+			return "";
+		}
+
 		return $this->session->userdata('username');
 	}
 
 	function get_userid()
 	{
+		if (!$this->logged_in()) {
+			return 0;
+		}
+
 		$query = $this->db->query("
 			SELECT id
 			FROM users
@@ -69,7 +77,9 @@ class Muser extends CI_Model {
 				echo "FileBin requires you to have an account, please go to the homepage for more information.\n";
 				exit();
 			} else {
-				$this->session->set_flashdata("uri", $this->uri->uri_string());
+				if (!$this->session->userdata("flash:new:uri")) {
+					$this->session->set_flashdata("uri", $this->uri->uri_string());
+				}
 				redirect('user/login');
 			}
 		}