public function run() { // file id must be defined and valid if (!isset($this->application->parameters['file'])) { throw new ApplicationException('File identifier is missing.', 400); } $fileId = (int) $this->application->parameters['file']; if (!ApplicationModel_File::validateId($fileId)) { throw new ApplicationException('Id of the file is invalid.', 400); } // user must be authorized if (!isset($_SESSION['authorized_user_id'])) { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /login.php'; $this->application->outputContent = ''; return; } // load user's information $user = new ApplicationModel_User($this->application); try { $user->setId($_SESSION['authorized_user_id']); $user->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load user.', 500); } // load file's information $file = new ApplicationModel_File($this->application); try { $file->setId($fileId); $file->load(); } catch (ApplicationModelException_File $e) { throw new ApplicationException('File is not found.', 404); } // load file owner's information try { $owner = new ApplicationModel_User($this->application); $owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader())); $owner->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load file\'s owner.', 500); } // authorized user must be the owner of the file if ($user->getId() != $owner->getId()) { throw new ApplicationException('Cannot delete file which belongs to a different user.', 403); } // delete the file from the database and filesystem unlink($file->getPath()); $file->delete(); // redirect user back to his account $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /account.php'; $this->application->outputContent = ''; }
public function run() { // file id must be defined and valid if (!isset($this->application->parameters['file'])) { throw new ApplicationException('File identifier is missing.', 400); } $fileId = (int) $this->application->parameters['file']; if (!ApplicationModel_File::validateId($fileId)) { throw new ApplicationException('Id of the file is invalid.', 400); } // user must be authorized if (!isset($_SESSION['authorized_user_id'])) { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /login.php'; $this->application->outputContent = ''; return; } // load user's information $user = new ApplicationModel_User($this->application); try { $user->setId($_SESSION['authorized_user_id']); $user->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load user.', 500); } // load file's information $file = new ApplicationModel_File($this->application); try { $file->setId($fileId); $file->load(); } catch (ApplicationModelException_File $e) { throw new ApplicationException('File is not found.', 404); } // load file owner's information try { $owner = new ApplicationModel_User($this->application); $owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader())); $owner->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load file\'s owner.', 500); } // authorized user must be the owner of the file if ($user->getId() != $owner->getId()) { throw new ApplicationException('Cannot edit file which belongs to a different user.', 403); } // render the html $view = new ApplicationView($this->application, $this->application->path . '/views/file_edit.php'); $view->user = $user; $view->file = $file; $view->allowedExtensions = $this->application->config['file_extensions']; $view->render(); }
public function run() { $uuid = ''; if (!isset($this->application->parameters['uuid'])) { $uuid = ''; } else { $uuid = $this->application->parameters['uuid']; } if (empty($uuid) || !ApplicationModel_User::validateUuid($uuid)) { // unvalid uuid throw new ApplicationException('Invalid client uuid.', 400); } $login = ''; $loginBad = false; $passwordBad = false; if (!isset($this->application->parameters['login'])) { $loginBad = true; } else { $login = $this->application->parameters['login']; if (!ApplicationModel_User::validateLogin($login)) { $loginBad = true; } } if (!isset($this->application->parameters['password'])) { $passwordBad = true; } else { $password = $this->application->parameters['password']; if (!ApplicationModel_User::validatePassword($password)) { $passwordBad = true; } } // login must be valid $success = !$loginBad && !$passwordBad; $passwordWrong = false; $registerUser = false; if ($success) { $user = new ApplicationModel_User($this->application); try { // try to load user with selected login $user->setLogin($login); $user->load(); } catch (ApplicationModelException_User $e) { // selected login does not exist - create a new user $registerUser = true; } // register a new user if ($registerUser) { $user->setPasswordHash($user->makePasswordHash($password)); $user->save(); } else { if ($user->makePasswordHash($password) != $user->getPasswordHash()) { $passwordWrong = true; } $success = !$passwordWrong; } } // if everything is ok (user has the correct password, etc)... $attachUser = false; $uuidTaken = false; if ($success) { try { // authorize user $_SESSION['authorized_user_id'] = $user->getId(); $_SESSION['authorized_user_login'] = $user->getLogin(); // attach uuid if we have to if (!empty($uuid)) { $attachUser = true; $user->addUuid($uuid, time()); $user->save(); } } catch (ApplicationModelException_User $e) { if ($e->getCode() == ApplicationModel_User::ERROR_TAKEN_UUID) { $uuidTaken = true; } $success = !$uuidTaken; } } // if we have only authorized the user if ($success && !$registerUser && !$attachUser) { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /account.php'; $this->application->outputContent = ''; } $view = new ApplicationView($this->application, $this->application->path . '/views/user_register_handler.php'); $view->success = $success; $view->registered = $registerUser; $view->uuid = $uuid; $view->uuidTaken = $uuidTaken; $view->login = $login; $view->loginBad = $loginBad; $view->passwordBad = $passwordBad; $view->passwordWrong = $passwordWrong; $view->render(); }
public function run() { // file id must be defined and valid if (!isset($this->application->parameters['file'])) { throw new ApplicationException('File identifier is missing.', 400); } $fileId = (int) $this->application->parameters['file']; if (!ApplicationModel_File::validateId($fileId)) { throw new ApplicationException('Id of the file is invalid.', 400); } // user must be authorized if (!isset($_SESSION['authorized_user_id'])) { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /login.php'; $this->application->outputContent = ''; return; } // filename must be present and valid $name = ''; $nameBad = false; if (!isset($this->application->parameters['name'])) { $nameBad = true; } else { $name = $this->application->parameters['name']; if (!ApplicationModel_File::validateName($name)) { $nameBad = true; } } // description must be valid $description = ''; $descriptionBad = false; if (isset($this->application->parameters['description'])) { $description = $this->application->parameters['description']; if (!ApplicationModel_File::validateDescription($description)) { $descriptionBad = true; } } // load user's information $user = new ApplicationModel_User($this->application); try { $user->setId($_SESSION['authorized_user_id']); $user->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load user.', 500); } // load file's information $file = new ApplicationModel_File($this->application); try { $file->setId($fileId); $file->load(); } catch (ApplicationModelException_File $e) { throw new ApplicationException('File is not found.', 404); } // ignore extension for images if ($file->getType() == ApplicationModel_File::TYPE_IMAGE) { $extension = $file->getExtension(); $extensionBad = false; } else { $extension = ''; $extensionBad = false; if (!isset($this->application->parameters['extension'])) { $extensionBad = true; } else { $extension = $this->application->parameters['extension']; if (!$file->validateExtension($extension)) { $extensionBad = true; } } } // load file owner's information try { $owner = new ApplicationModel_User($this->application); $owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader())); $owner->load(); } catch (ApplicationModelException_User $e) { throw new ApplicationException('Cannot load file\'s owner.', 500); } // authorized user must be the owner of the file if ($user->getId() != $owner->getId()) { throw new ApplicationException('Cannot edit file which belongs to a different user.', 403); } // check if everything is fine $success = !$nameBad && !$extensionBad && !$descriptionBad; // edit the file if ($success) { try { $file->setName($name); $file->setExtension($extension); $file->setDescription($description); $file->save(); } catch (ApplicationModelException_File $e) { throw new ApplicationException('Cannot save file\'s information.', 500); } // redirect user back to his account $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /account.php'; $this->application->outputContent = ''; return; } // render the html with errors $view = new ApplicationView($this->application, $this->application->path . '/views/file_edit_handler.php'); $view->success = $success; $view->filenameBad = $nameBad; $view->extensionBad = $extensionBad; $view->descriptionBad = $descriptionBad; $view->user = $user; $view->file = $file; $view->name = $name; $view->extension = $extension; $view->description = $description; $view->render(); }
public function run() { $success = true; $use_uuid = false; $register_redirect = false; $uuid = ''; $login = ''; $password = ''; if (!isset($this->application->parameters['login'])) { $success = false; } else { $login = $this->application->parameters['login']; if (!ApplicationModel_User::validateLogin($login)) { $success = false; } } if (!isset($this->application->parameters['password'])) { $success = false; } else { $password = $this->application->parameters['password']; } if (!$success) { if (isset($this->application->parameters['uuid'])) { $uuid = $this->application->parameters['uuid']; if (ApplicationModel_User::validateUuid($uuid)) { $use_uuid = true; } } } if ($success) { $user = new ApplicationModel_User($this->application); try { $user->setLogin($login); $user->load(); } catch (ApplicationModelException_User $e) { $success = false; } } if ($use_uuid) { $success = true; $user = new ApplicationModel_User($this->application); try { $user->setUuid($uuid); $user->load(); } catch (ApplicationModelException_User $e) { $success = false; $register_redirect = true; } } if ($success) { if (!$use_uuid && $user->makePasswordHash($password) != $user->getPasswordHash()) { $success = false; } } if ($success) { $_SESSION['authorized_user_id'] = $user->getId(); $_SESSION['authorized_user_login'] = $user->getLogin(); $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /account.php'; $this->application->outputContent = ''; } elseif ($register_redirect) { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /register.php?uuid=' . $uuid; $this->application->outputContent = ''; } else { $this->application->outputHeaders[] = 'HTTP/1.1 302 Found'; $this->application->outputHeaders[] = 'Location: /login.php?unsuccessful&login='******''; } }