setup.php now deletes itself when finished. Some code cleanup
This commit is contained in:
parent
c83f5786a4
commit
4a8d1d1f3a
GPG key ID:
A0CB570AB6629159
11
download.php
11
download.php
|
|
@ -4,26 +4,23 @@ require('config.global.php');
|
|||
require('functions.global.php');
|
||||
require('layout.php');
|
||||
|
||||
$notRealFile = 0;
|
||||
|
||||
|
||||
if (!isset($_GET['id'])) {
|
||||
header('location: index.php'); // user loaded without requesting file by id
|
||||
die();
|
||||
}
|
||||
|
||||
if (!is_numeric($_GET['id'])) {
|
||||
header('location: index.php'); // user requested non-numeric (invalid) file id, damned fuzzers
|
||||
die();
|
||||
}
|
||||
|
||||
$reqFile = $_GET['id'];
|
||||
|
||||
$fetched = contactDB("SELECT * FROM files WHERE fileid='$reqFile';", 1);
|
||||
|
||||
if (count($fetched) == 0) {
|
||||
$notRealFile = 1; // user requested invalid (unmatched) file id, possibly a deleted file
|
||||
}
|
||||
$realFile = (count($fetched) != 0); // Set realFile to true if we found the file id, false if we didn't find it
|
||||
|
||||
if ($notRealFile == 1) {
|
||||
if (!$realFile) {
|
||||
echo deliverTop("SimpleFS - Download");
|
||||
|
||||
echo deliverMiddle("File Not Found", "The file you requested doesn't exist on this server", "");
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ function contactDB($query, $column) {
|
|||
// 1: fileid
|
||||
// 2: filepath
|
||||
// 3: fileowner
|
||||
// 4: filedate
|
||||
// ie, $result = contactDB("SELECT * FROM files WHERE fileowner='admin';", 2);
|
||||
// populates the $result[] array with the file paths to every file owned by the admin user
|
||||
|
||||
|
|
|
|||
16
setup.php
16
setup.php
|
|
@ -6,6 +6,8 @@
|
|||
</head>
|
||||
<body>
|
||||
<?php
|
||||
|
||||
// Check that file uploads are enabled on the server
|
||||
if (ini_get('file_uploads') != 1) {
|
||||
echo '<div align="center"><h1><font color="FF0000">Warning: Your PHP configuration has disabled file uploads</font><h1><h3>Please check your <b><u>php.ini</u></b> for the line:</h3><i>file_uploads = On</i></div><br><br>';
|
||||
}
|
||||
|
|
@ -71,6 +73,7 @@ if ($_POST['formsubmitted'] == "true") {
|
|||
}
|
||||
}
|
||||
|
||||
// TODO: config.global.php should really just be a second SQL table
|
||||
$myfile = fopen("config.global.php", "w") or die("Fatal error: can't open file. Does your webserver have write permissions here?");
|
||||
|
||||
$admhash = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
||||
|
|
@ -85,9 +88,15 @@ if ($_POST['formsubmitted'] == "true") {
|
|||
fwrite($myfile, '$secuser = \''.$_POST['user2'].'\';'.PHP_EOL);
|
||||
fwrite($myfile, '$secpass = \''.$usrhash.'\';'.PHP_EOL);
|
||||
}
|
||||
fwrite($myfile, "?>".PHP_EOL);
|
||||
|
||||
echo '<br>User(s) created. I mean, check config.global.php to make sure, but then delete this file ASAP.';
|
||||
fwrite($myfile, '$deleteafter = -1'.PHP_EOL);
|
||||
|
||||
if (!fwrite($myfile, "?>".PHP_EOL)) {
|
||||
echo '<br><font color="FF0000">Error creating <b>config.global.php</b></font><br>Does the web server have write permissions here?';
|
||||
die();
|
||||
}
|
||||
|
||||
echo '<br>User(s) created.';
|
||||
|
||||
if (file_exists("./filedb.sqlite")) {
|
||||
unlink("./filedb.sqlite");
|
||||
|
|
@ -103,6 +112,9 @@ if ($_POST['formsubmitted'] == "true") {
|
|||
|
||||
echo '<br>Initialized file database';
|
||||
|
||||
// Delete setup.php
|
||||
unlink("./setup.php");
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in a new issue