This repository has been archived by the owner on May 31, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
share.php
151 lines (135 loc) · 4.65 KB
/
share.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?php
include 'includes/header.php';
require 'includes/config.php';
?>
<body>
<?php
if($_SESSION['status'] == "admin" || $_SESSION['status'] == "user")
{
?>
<div class="container">
<?php
$page='share';
include 'includes/navbar.php';
include 'includes/file-nav.php';
?>
<div class="sub-page-main">
<div class="display-menu">
<!-- Or delete just the button if no buttons on the page -->
<!--<button class="btn-display-menu" type='submit' name='dosmth' ><i class="fas fa-trash-alt"></i> button example</button>-->
</div>
<div class="main">
<?php
echo "Choose a user with who you want to share your files and specify date till when your directory will be available to him!<br>";
$sqlGetUserListWithoutAdmins = "SELECT * FROM Users WHERE status!='admin'";
$resultsGetUserListWithoutAdmins = mysqli_query($conn, $sqlGetUserListWithoutAdmins);
if (mysqli_num_rows($resultsGetUserListWithoutAdmins) > 0)
{
echo "<form method='POST'>";
echo "<select name='user'>";
while($row = mysqli_fetch_assoc($resultsGetUserListWithoutAdmins))
{
if($row['id'] == $_SESSION['id']) // kad nerodytu saves liste
continue;
echo "<option value='".$row['id']."'>".$row['nick']."</option>";
}
echo "</select><br>";
echo "<input name='dateTillWhen' placeholder='Date till when' value='".date('Y-m-d H:i:s', strtotime('+1 hour'))."'></input><br>";
echo "<button class='butonas' name='submitShare'>Share files</button>";
echo "</form>";
if(isset($_POST['submitShare']))
{
$currDate = date('Y-m-d H:i:s');
$tillWhenDate = mysqli_real_escape_string($conn, $_POST['dateTillWhen']);
$fileOwnerId = $_SESSION['id'];
$myId = $_POST['user'];
$canIInsert = true;
// VALIDATION ------ (prevents user from double,triple,... sharing files)
$sqlCheckIfImSharing = "SELECT * FROM SharedFiles WHERE otherId='$myId' AND fileOwnerId='$fileOwnerId' AND tillWhen>'$currDate'";
$resultsCheckIfImSharing = mysqli_query($conn, $sqlCheckIfImSharing);
if (mysqli_num_rows($resultsCheckIfImSharing) > 0)
$canIInsert = false;
// ---------
if($canIInsert)
{
$sqlInsert = "INSERT INTO SharedFiles (whenCreated, tillWhen, fileOwnerId, otherId) VALUES ('$currDate', '$tillWhenDate', '$fileOwnerId', '$myId')";
if(mysqli_query($conn, $sqlInsert))
{
echo "You have succesfully shared your files!<br>";
}
else
{
echo "Error!".mysqli_error($conn);
}
}
else
{
echo "<font color='red'>You are currently sharing your files with this user!</font><br>";
}
}
$currUserId = $_SESSION['id'];
$currDate = date('Y-m-d H:i:s');
$sqlGetUsersWithWhoYouAreSharingFiles = "SELECT nick, tillWhen, SharedFiles.id
FROM SharedFiles
JOIN Users ON Users.id=SharedFiles.otherId
WHERE fileOwnerId='$currUserId' AND
tillWhen>'$currDate'
ORDER BY tillWhen";
$resultsGetUsersWithWhoYouAreSharingFiles = mysqli_query($conn, $sqlGetUsersWithWhoYouAreSharingFiles);
if (mysqli_num_rows($resultsGetUsersWithWhoYouAreSharingFiles) > 0)
{
echo "You are currently sharing files with:<br>";
echo "<form method='POST'>";
echo "<table>";
echo "<tr>";
echo "<th>User</th>";
echo "<th>Till when</th>";
echo "<th>Delete</th>";
echo "</tr>";
while($row = mysqli_fetch_assoc($resultsGetUsersWithWhoYouAreSharingFiles))
{
echo "<tr>";
echo "<td>".$row['nick']."</td>";
echo "<td>".$row['tillWhen']."</td>";
echo "<td><button class='butonas' name='del".$row['id']."'>X</button></td>";
echo "</tr>";
if(isset($_POST['del'.$row['id']]))
{
$rowId = $row['id'];
$sqlDeleteFileShare = "DELETE FROM SharedFiles WHERE id='$rowId'";
if(mysqli_query($conn, $sqlDeleteFileShare))
{
echo "<br>File share was succesfully deleted!<br>";
}
else
{
echo "ERROR".mysqli_error($conn);
}
}
}
echo "</table>";
echo "</form>";
}
else
{
echo "You are not sharing your files with any user!<br>";
}
}
else
{
echo "There are no available users!<br>";
}
?>
</div>
</div>
</div>
<?php
}
else
{
echo '<meta http-equiv="refresh" content="0; url=./errorAuthorization.shtml" />';
echo "You are not authorised to view this page!<br>";
}
?>
</body>
</html>