SaanjhiDrive/share.php at master · ng420/SaanjhiDrive · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php

    //Start session to access session variables.
    session_start();

    //Set variables for performing query.
    $owner = $_SESSION['user'];
    $user_to_share_with = $_POST['user_to_share_with'];
    $directory_path_initial = $_POST['dir_path'];
    $file_name = $_POST['file_name'];

    if($owner==$user_to_share_with)
    {
        echo "You can't share file with yourselves.";
        die();
    }

    //Establish connection.
    $con=mysqli_connect("localhost","root","r00tpass","mysql_db");

    if (mysqli_connect_errno())
    {
        //Unable to establish connection.
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    else
    {

        $query = "SELECT username FROM users";
        $result = mysqli_query($con, $query);

        //Check access to users table.
        if($result)
        {
            $user_present = 0;
            while($row=mysqli_fetch_array($result))
            {
                //Check if user name entered is valid or not.
                if($row['username']==$user_to_share_with)
                {
                    $user_present = 1;
                    break;
                }
                else
                {
                    $user_present = 0 ;
                }

            }

            if($user_present)
            {
                //echo "User present in database.";

                //Process share call.
                $get_file_query = mysqli_query($con, "SELECT * FROM filesystem WHERE file_name = '$file_name' AND owner = '$owner'  AND directory_path = '$directory_path_initial'");

                //Check if query was successful.
                if($get_file_query)
                {
                    $row = mysqli_fetch_array($get_file_query);
                    $n_file_id = $row['file_id'];
                    $n_file_hash = $row['file_hash'];

                    //Insert into desired user database.
                    $share_query = 'INSERT INTO filesystem (file_id, file_name, owner, file_hash, directory_path, isFolder, shared_by)  VALUES '. "('$n_file_id', '$file_name', '$user_to_share_with', '$n_file_hash', '!', '0', '$owner')";

                    $perform_share = mysqli_query ($con, $share_query);

                    //Check if query was successful.
                    if($perform_share)
                    {
                        echo "Shared successfully.";
                        include 'backup_failure.php';
                        write_log($share_query);
                    }
                    else
                    {
                        echo "Unable to share. Try again.";
                    }
                }
                else
                {
                    echo "Unable to perform query.";
                }
                //
            }
            else
            {
                echo "No such user present.";
            }
        }
        else
        {
            echo "Unable to access user records.";
        }
        mysqli_close($con);
    }

?>