public function run()
{
// file id must be defined and valid
if (!isset($this->application->parameters['file'])) {
throw new ApplicationException('File identifier is missing.', 400);
}
$fileId = (int) $this->application->parameters['file'];
if (!ApplicationModel_File::validateId($fileId)) {
throw new ApplicationException('Id of the file is invalid.', 400);
}
// user must be authorized
if (!isset($_SESSION['authorized_user_id'])) {
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /login.php';
$this->application->outputContent = '';
return;
}
// load user's information
$user = new ApplicationModel_User($this->application);
try {
$user->setId($_SESSION['authorized_user_id']);
$user->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load user.', 500);
}
// load file's information
$file = new ApplicationModel_File($this->application);
try {
$file->setId($fileId);
$file->load();
} catch (ApplicationModelException_File $e) {
throw new ApplicationException('File is not found.', 404);
}
// load file owner's information
try {
$owner = new ApplicationModel_User($this->application);
$owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader()));
$owner->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load file\'s owner.', 500);
}
// authorized user must be the owner of the file
if ($user->getId() != $owner->getId()) {
throw new ApplicationException('Cannot delete file which belongs to a different user.', 403);
}
// delete the file from the database and filesystem
unlink($file->getPath());
$file->delete();
// redirect user back to his account
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /account.php';
$this->application->outputContent = '';
}
public function run()
{
// file id must be defined and valid
if (!isset($this->application->parameters['file'])) {
throw new ApplicationException('File identifier is missing.', 400);
}
$fileId = (int) $this->application->parameters['file'];
if (!ApplicationModel_File::validateId($fileId)) {
throw new ApplicationException('Id of the file is invalid.', 400);
}
// user must be authorized
if (!isset($_SESSION['authorized_user_id'])) {
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /login.php';
$this->application->outputContent = '';
return;
}
// load user's information
$user = new ApplicationModel_User($this->application);
try {
$user->setId($_SESSION['authorized_user_id']);
$user->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load user.', 500);
}
// load file's information
$file = new ApplicationModel_File($this->application);
try {
$file->setId($fileId);
$file->load();
} catch (ApplicationModelException_File $e) {
throw new ApplicationException('File is not found.', 404);
}
// load file owner's information
try {
$owner = new ApplicationModel_User($this->application);
$owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader()));
$owner->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load file\'s owner.', 500);
}
// authorized user must be the owner of the file
if ($user->getId() != $owner->getId()) {
throw new ApplicationException('Cannot edit file which belongs to a different user.', 403);
}
// render the html
$view = new ApplicationView($this->application, $this->application->path . '/views/file_edit.php');
$view->user = $user;
$view->file = $file;
$view->allowedExtensions = $this->application->config['file_extensions'];
$view->render();
}
public function run()
{
// file id must be defined and valid
if (!isset($this->application->parameters['file'])) {
throw new ApplicationException('File identifier is missing.', 400);
}
$fileId = (int) $this->application->parameters['file'];
if (!ApplicationModel_File::validateId($fileId)) {
throw new ApplicationException('Id of the file is invalid.', 400);
}
// user must be authorized
if (!isset($_SESSION['authorized_user_id'])) {
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /login.php';
$this->application->outputContent = '';
return;
}
// filename must be present and valid
$name = '';
$nameBad = false;
if (!isset($this->application->parameters['name'])) {
$nameBad = true;
} else {
$name = $this->application->parameters['name'];
if (!ApplicationModel_File::validateName($name)) {
$nameBad = true;
}
}
// description must be valid
$description = '';
$descriptionBad = false;
if (isset($this->application->parameters['description'])) {
$description = $this->application->parameters['description'];
if (!ApplicationModel_File::validateDescription($description)) {
$descriptionBad = true;
}
}
// load user's information
$user = new ApplicationModel_User($this->application);
try {
$user->setId($_SESSION['authorized_user_id']);
$user->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load user.', 500);
}
// load file's information
$file = new ApplicationModel_File($this->application);
try {
$file->setId($fileId);
$file->load();
} catch (ApplicationModelException_File $e) {
throw new ApplicationException('File is not found.', 404);
}
// ignore extension for images
if ($file->getType() == ApplicationModel_File::TYPE_IMAGE) {
$extension = $file->getExtension();
$extensionBad = false;
} else {
$extension = '';
$extensionBad = false;
if (!isset($this->application->parameters['extension'])) {
$extensionBad = true;
} else {
$extension = $this->application->parameters['extension'];
if (!$file->validateExtension($extension)) {
$extensionBad = true;
}
}
}
// load file owner's information
try {
$owner = new ApplicationModel_User($this->application);
$owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader()));
$owner->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load file\'s owner.', 500);
}
// authorized user must be the owner of the file
if ($user->getId() != $owner->getId()) {
throw new ApplicationException('Cannot edit file which belongs to a different user.', 403);
}
// check if everything is fine
$success = !$nameBad && !$extensionBad && !$descriptionBad;
// edit the file
if ($success) {
try {
$file->setName($name);
$file->setExtension($extension);
$file->setDescription($description);
$file->save();
} catch (ApplicationModelException_File $e) {
throw new ApplicationException('Cannot save file\'s information.', 500);
}
// redirect user back to his account
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /account.php';
$this->application->outputContent = '';
return;
}
// render the html with errors
$view = new ApplicationView($this->application, $this->application->path . '/views/file_edit_handler.php');
$view->success = $success;
$view->filenameBad = $nameBad;
$view->extensionBad = $extensionBad;
$view->descriptionBad = $descriptionBad;
$view->user = $user;
$view->file = $file;
$view->name = $name;
$view->extension = $extension;
$view->description = $description;
$view->render();
}
