foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-10 15:48:27 -05:00
Code Issues Releases Wiki Activity

Fix files not being added to database when uploading by API key

Browse Source
This commit is contained in:
Foltik 2016-08-14 22:36:10 -04:00
parent 98bd5c1fce
commit 3e334aec23
2 changed files with 35 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/nav.swig
View File

@ -6,4 +6,4 @@
<li><a href="/faq.html">FAQ</a></li> <li><a href="/faq.html">FAQ</a></li>
<li><a href="/includes/api.php?do=logout">Logout</a></li> <li><a href="/includes/api.php?do=logout">Logout</a></li>
</ul> </ul>
</nav> </nav>

61
templates/upload.swig
View File

@ -77,6 +77,13 @@ function uploadFile($file)
} }
} }
if ($file->size > {{max_upload_size}} * 1048576) {
throw new Exception(
'File too large',
500
);
}
// Check if a file with the same hash and size (a file which is the same) // Check if a file with the same hash and size (a file which is the same)
// does already exist in the database; if it does, return the proper link // does already exist in the database; if it does, return the proper link
@ -87,7 +94,7 @@ function uploadFile($file)
$q->bindValue(':size', $file->size); $q->bindValue(':size', $file->size);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result['count'] > 0) { if ($result['count'] > 0) {024024024
return array( return array(
'hash' => $file->getSha1(), 'hash' => $file->getSha1(),
'name' => $file->name, 'name' => $file->name,
@ -127,8 +134,14 @@ function uploadFile($file)
$result = $q->fetch(); $result = $q->fetch();
$user = result['user']; $user = result['user'];
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' . $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' .
'expire, delid) VALUES (:hash, :orig, :name, :size, :date, ' . 'expire, delid, user) VALUES (:hash, :orig, :name, :size, :date, ' .
':exp, :del, :user)'); ':exp, :del, :user)'); if (!isset($_POST['apikey']) && isset($_SESSION['user'])) {
$q = $db->prepare('SELECT apikey FROM accounts WHERE user = (:user)');
$q->bindValue(':user', $_SESSION['user']);
$q->execute();
$result = $q->fetch();
$apikey = $result['apikey'];
}
$q->bindValue(':user', $user); $q->bindValue(':user', $user);
} else { } else {
// Otherwise just use session data // Otherwise just use session data
@ -189,33 +202,27 @@ $type = isset($_GET['output']) ? $_GET['output'] : 'json';
$response = new Response($type); $response = new Response($type);
if (isset($_FILES['files'])) { if (isset($_FILES['files'])) {
if (!isset($_POST['apikey']) && isset($_SESSION['user'])) { if (isset($_POST['apikey]) || isset($_SESSION['id'])) {
$q = $db->prepare('SELECT apikey FROM accounts WHERE user = (:user)'); if (isset($_POST['apikey'])) {
$q->bindValue(':user', $_SESSION['user']); $q = $db->prepare('SELECT user FROM accounts WHERE apikey = (:apikey)');
$q->execute(); $q->bindValue(':apikey', $_POST['apikey']);
$result = $q->fetch(); $q->execute();
$apikey = $result['apikey']; if ($q->rowCount() == 0) {
} $response->error(500, 'Invalid API Key');
return;
if (isset($_POST['apikey'])) { }
$q = $db->prepare('SELECT user FROM accounts WHERE apikey = (:apikey)');
$q->bindValue(':apikey', $_POST['apikey']);
$q->execute();
if ($q->rowCount() == 0) {
$response->error(500, 'Invalid API Key');
return;
} }
}
$uploads = refiles($_FILES['files']); $uploads = refiles($_FILES['files']);
try { try {
foreach ($uploads as $upload) { foreach ($uploads as $upload) {
$res[] = uploadFile($upload); $res[] = uploadFile($upload);
} }
$response->send($res); $response->send($res);
} catch (Exception $e) { } catch (Exception $e) {
$response->error($e->getCode(), $e->getMessage()); $response->error($e->getCode(), $e->getMessage());
}
} }
} else { } else {
$response->error(400, 'No input file(s)'); $response->error(400, 'No input file(s)');