summaryrefslogtreecommitdiff
path: root/cmd/cmd_todo.c
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/cmd_todo.c')
-rw-r--r--cmd/cmd_todo.c44
1 files changed, 39 insertions, 5 deletions
diff --git a/cmd/cmd_todo.c b/cmd/cmd_todo.c
index e90aeb7..8cd712d 100644
--- a/cmd/cmd_todo.c
+++ b/cmd/cmd_todo.c
@@ -3,14 +3,44 @@
//https://github.com/littlstar/b64.c
//https://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwiMu9_F5ZrXAhVLOMAKHZ6NDQYQFghDMAM&url=https%3A%2F%2Fopensource.apple.com%2Fsource%2FQuickTimeStreamingServer%2FQuickTimeStreamingServer-452%2FCommonUtilitiesLib%2Fbase64.c&usg=AOvVaw3tk0M33ne4ru28Bn_R1KI3
+#define TODO_MAX_PER_USER 64
+
static int add_todo(sqlite3 *db, char *user, char *todo)
{
int rc;
-
char sql_add_table[3*256];
char *b64_user, *b64_todo;
+ sqlite3_stmt *res=NULL;
+
b64_user = b64_encode(user, strlen(user));
b64_todo = b64_encode(todo, strlen(todo));
+
+ //check how many todo stuff is for single user
+ snprintf(sql_add_table, 1024, "SELECT COUNT(*) FROM todo WHERE user='%s';", b64_user, b64_todo);
+ printf("%s\n", sql_add_table);
+ if ((rc = sqlite3_prepare_v2(db, sql_add_table, -1, &res, 0)) != SQLITE_OK)
+ {
+ printf("Cannot prepare statment: %s\n", sqlite3_errmsg(db));
+ free(b64_user);
+ free(b64_todo);
+ return -1;
+ }
+
+ rc = sqlite3_step(res);
+ if (rc == SQLITE_ROW)
+ {
+ int iret = sqlite3_column_int(res, 0);
+ PRINT("%d\n",iret);
+ if (iret >= TODO_MAX_PER_USER)
+ {
+ free(b64_user);
+ free(b64_todo);
+ return -1;
+ }
+ }
+ sqlite3_finalize(res);
+
+ //insert new value
snprintf(sql_add_table, 1024, "INSERT INTO todo(user,todo) VALUES('%s','%s');", b64_user, b64_todo);
printf("%s\n", sql_add_table);
free(b64_user);
@@ -156,14 +186,19 @@ void *cmd_todo(void *data)
//----------------------------------------------------------------------------
//main code
- PRINT("(%s)-(%s)-(%s)-(%s)-(%s)\n", req->method, req->params, req->user, req->mask, req->server);
+ //check if database filesize is not bigger then 1MB, consider it for now as abuse woop woop
+ if (file_size("todo.db")>1024*1024)
+ {
+ printf("File should be limited to just 1MB pal\n");
+ return ret;
+ }
if ((rc = sqlite3_open("todo.db", &db)) != SQLITE_OK)
{
printf("Cannot open todo database: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
- return 1;
+ return ret;
}
//check if table excists
@@ -172,14 +207,13 @@ void *cmd_todo(void *data)
{
printf("Cannot prepare statment: %s\n", sqlite3_errmsg(db));
sqlite3_close(db);
- return 1;
+ return ret;
}
rc = sqlite3_step(res);
if (rc == SQLITE_ROW)
{
int iret = sqlite3_column_int(res, 0);
- //printf("%d\n", iret);
if (iret == 0)
{
table_todo_exists = 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 14:36:18 +0000