Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.

2018-10-11 10:17:41 -04:00 · 2018-10-11 10:17:41 -04:00 · 42a87590ac
parent 84cfb3d9ad
commit 42a87590ac
9 changed files with 603 additions and 466 deletions
--- a/common.php
+++ b/common.php
@ -108,11 +108,6 @@ class Common {
 				exit( $output );
 			break;
 			
-			case( "json" ):
-				
-				exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
-			break;
-			
 			case( "return" ):
 				
 				return( $output );
@ -129,10 +124,45 @@ class Common {
 		if( ! self::check_session() ) {
 			
 			session_destroy();
-			self::return( "Access Denied", "json" );
+			self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
+		}
 	}
 	
+	//////////////////////////////////////////////////////////////////
+	// Check access to a project
+	//////////////////////////////////////////////////////////////////
+	public static function check_project_access( $project_name, $project_path, $action ) {
 		
+		$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
+		$bind = "sss";
+		$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
+		$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
+		
+		if( mysqli_num_rows( $return ) > 0 ) {
+			
+			$return = mysqli_fetch_assoc( $return );
+			
+			try {
+				
+				$users = json_decode( $return["access"] );
+			} catch( exception $e ) {
+				
+				$users = array();
+			}
+			
+			if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
+				
+				$return = true;
+			} else {
+				
+				$return = false;
+			}
+		} else {
+			
+			$return = false;
+		}
+		
+		self::return( $return, $action );
 	}
 	
 	//////////////////////////////////////////////////////////////////
@ -410,26 +440,29 @@ class Common {
 	
 	public static function checkPath( $path ) {
 		
-		if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) {
+		$sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
+		$bind = "s";
+		$bind_variables = array( $path );
+		$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
 		
-			foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) {
+		if( mysqli_num_rows( $result ) > 0 ) {
 			
-				if ( strpos( $path, $data ) === 0) {
+			$result = mysqli_fetch_assoc( $result );
 			
-					return true;
+			try {
+				
+				$users = json_decode( $result["access"] );
+			} catch( exception $e ) {
+				
+				$users = array();
+			}
+			
+			if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
+				
+				return( true );
 			}
 		}
-		} else {
-			
-			foreach( getJSON( 'projects.php' ) as $project => $data ) {
-				
-				if ( strpos( $path, $data['path'] ) === 0 ) {
-					
-					return true;
-				}
-			}
-		}
-		return false;
+		return( false );
 	}
 	
 	
--- a/components/filemanager/class.filemanager.php
+++ b/components/filemanager/class.filemanager.php
@ -406,6 +406,14 @@ class Filemanager extends Common {
 	
 	public function delete( $keep_parent = false ) {
 		
+		if( Common::checkPath( $path ) ) {
+			
+			$this->status = "error";
+			$this->message = "No access.";
+			$this->respond();
+			return;
+		}
+		
 		function rrmdir( $path, $follow, $keep_parent = false ) {
 			
 			if ( is_file( $path ) ) {
--- a/components/project/class.project.php
+++ b/components/project/class.project.php
@ -42,24 +42,85 @@ class Project extends Common {
 	// NEW METHODS
 	//////////////////////////////////////////////////////////////////
 	
-	public function add_project() {
+	public function add_project( $project_name, $project_path, $owner = null ) {
 		
+		if( $owner == null ) {
 			
+			$owner = $_SESSION["user"];
+		} else {
+			
+			$owner = 'nobody';
 		}
 		
-	public function delete_project() {
+		$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
+		$bind = "sss";
+		$bind_variables = array( $project_name, $project_path, $owner );
+		$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
 		
+		return( $return );
+	}
 	
+	public function delete_project( $project_name, $project_path, $owner = null ) {
+		
+		if( $owner == null ) {
+			
+			$owner = $_SESSION["user"];
+		} else {
+			
+			$owner = 'nobody';
+		}
+		
+		$owner = $_SESSION["user"];
+		$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
+		$bind = "sss";
+		$bind_variables = array( $project_name, $project_path, $owner );
+		$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
+		
+		try {
+			
+			$json = json_decode( $return, true );
+			exit( $return );
+		} catch( exception $e ) {
+			
+			exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
+		}
 	}
 	
 	public function get_projects() {
 		
+		$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
+		$bind = "s";
+		$bind_variables = array( $_SESSION["user"] );
+		$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
 		
+		if( mysqli_num_rows( $return ) > 0 ) {
+			
+			$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
+		} else {
+			
+			$return = formatJSEND( "error", "Error fetching projects." );
 		}
 		
-	public function rename_project() {
+		return( $return );
+	}
 	
+	public function rename_project( $old_name, $new_name, $path ) {
 		
+		$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
+		$bind = "sss";
+		$bind_variables = array( $old_name, $path, $_SESSION["user"] );
+		$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
+		
+		if( mysqli_num_rows( $return ) > 0 ) {
+			
+			$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
+			$bind = "ssss";
+			$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
+			$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
+		} else {
+			
+			exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
+		}
 	}
 	
 	//////////////////////////////////////////////////////////////////
@ -234,10 +295,13 @@ class Project extends Common {
 			if ( $data['path'] != $this->path ) {
 				
 				$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
+			} else {
+				
+				$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
 			}
 		}
+		
 		$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
-		$this->rename_project( $data['name'],  );
 		// Response
 		echo formatJSEND("success", null);
 	}
@ -254,14 +318,12 @@ class Project extends Common {
 			if ( $data['path'] != $this->path ) {
 				
 				$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
-			}
-		}
-		// Save array back to JSON
-		$this->delete_project( , );
-		// Response
-		echo formatJSEND( "success", null );
-	}
+			} else {
 				
+				$this->delete_project( $data['name'], $data['path'] );
+			}
+		}
+	}
 	
 	//////////////////////////////////////////////////////////////////
 	// Check Duplicate
@ -287,7 +349,7 @@ class Project extends Common {
 	public function SanitizePath() {
 		
 		$sanitized = str_replace( " ", "_", $this->path );
-		return preg_replace( '/[^\w-]/', '', $sanitized );
+		return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
 	}
 	
 	//////////////////////////////////////////////////////////////////
--- a/components/project/controller.php
+++ b/components/project/controller.php
@ -8,7 +8,7 @@


 require_once('../../common.php');
-    require_once('class.project.php');
+require_once('./class.project.php');

 //////////////////////////////////////////////////////////////////
 // Verify Session or Key
@ -28,6 +28,7 @@ if (isset($_GET['no_return'])) {
 }

 if ($_GET['action']=='get_current') {
+
 if ( ! isset($_SESSION['project'])) {
 // Load default/first project
 if ($no_return) {
@ -50,7 +51,7 @@ if ($_GET['action']=='get_current') {

 if ($_GET['action']=='open') {
 if (!checkPath($_GET['path'])) {
-        die(formatJSEND("error", "No Access"));
+die(formatJSEND("error", "No Access to path " . $_GET['path']));
 }
 $Project->path = $_GET['path'];
 $Project->Open();
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@ -8,12 +8,14 @@


 require_once('../../common.php');
+require_once('./class.project.php');

 //////////////////////////////////////////////////////////////////
 // Verify Session or Key
 //////////////////////////////////////////////////////////////////

 checkSession();
+$Project = new Project;

 switch( $_GET['action'] ) {
 	
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
 	case 'sidelist':
 		
 		// Get projects data
-		$projects = Project::get_projects();
+		$projects = $Project->get_projects();
 		?>
 		<ul>
 			<?php
-			sort( $projects, SORT_NATURAL );
+			//natcasesort( $projects );
 			foreach( $projects as $project => $data ) {
 				
 				if( $_GET['trigger'] == 'true' ) {
@ -53,12 +55,8 @@ switch( $_GET['action'] ) {
 	
 	case 'list':
 		
-	// Get access control data
-	$projects_assigned = false;
-	if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
-	$projects_assigned = getJSON($_SESSION['user'] . '_acl.php');
-	}
-	
+		//Get projects data
+		$projects = $Project->get_projects();
 		?>
 		<label><?php i18n("Project List"); ?></label>
 		<div id="project-list">
@ -73,14 +71,15 @@ switch( $_GET['action'] ) {
 			<div class="project-wrapper">
 				<table width="100%" style="word-wrap: break-word;word-break: break-all;">
 					<?php
-	
-	// Get projects JSON data
-	$projects = getJSON('projects.php');
-	sort($projects);
 					foreach( $projects as $project => $data ) {
+						
 						$show = true;
-	if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; }
+						if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
+							
+							$show = false;
+						}
 						if( $show ) {
+							
 							?>
 							<tr>
 								<td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
@ -88,11 +87,14 @@ switch( $_GET['action'] ) {
 								<td width="250"><?php echo($data['path']);?></td>
 								<?php
 								if( checkAccess() ) {
+									
 									if( $_SESSION['project'] == $data['path'] ) {
+										
 										?>
 										<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
 										<?php
 									} else {
+										
 										?>
 										<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
 										<?php
@ -110,7 +112,6 @@ switch( $_GET['action'] ) {
 		<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
 		<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
 		<?php
-	
 	break;
 	
 	//////////////////////////////////////////////////////////////////////
--- a/components/settings/class.settings.php
+++ b/components/settings/class.settings.php
@ -57,7 +57,7 @@ class Settings {
 		
 		if( $user_setting == null ) {
 			
-			$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;";
+			$sql = "SELECT `value` FROM `options` WHERE `name`=?;";
 			$bind = "s";
 			$bind_variables = array( $option );
 			$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -71,7 +71,7 @@ class Settings {
 			}
 		} else {
 			
-			$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;";
+			$sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
 			$bind = "ss";
 			$bind_variables = array( $option, $this->username );
 			$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -130,7 +130,7 @@ class Settings {
 	
 	public function update_option( $option, $value, $user_setting = null ) {
 		
-		$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );";
+		$query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
 		$bind = "sss";
 		$bind_variables = array(
 			$option,
@ -141,7 +141,7 @@ class Settings {
 		
 		if( $result !== true ) {
 			
-			$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;";
+			$query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
 			$bind = "sss";
 			$bind_variables = array(
 				$value,
--- a/components/update/convert.php
+++ b/components/update/convert.php
@ -6,7 +6,7 @@ error_reporting(E_ALL);

 require_once('../../common.php');
 require_once('../settings/class.settings.php');
-
+require_once('../project/class.project.php');
 checkSession();
 if ( ! checkAccess() ) {
 	echo "Error, you do not have access to update Codiad.";
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
 }

 $user_settings_file = DATA . "/settings.php";
+$projects_file = DATA . "/projects.php";
+$projects_file = DATA . "/users.php";
+
 $system_settings_file = null;
 $Settings = new Settings();
+$Common = new Common();
+$Project = new Project();

 if( file_exists( $user_settings_file ) ) {
 	
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
 		$Settings->username = $user;
 		foreach( $settings as $setting => $value ) {
 			
-			//echo var_dump( $setting, $value );
-			$Settings->add_option( $setting, $value, true );
+			$Settings->update_option( $setting, $value, true );
 		}
 	}
 	unlink( $user_settings_file );
 }
+
+if( file_exists( $projects_file ) ) {
+	
+	$projects = getJSON( 'projects.php' );
+	foreach( $projects as $project => $data ) {
+		
+		$Project->add_project( $data["name"], $data["path"], true );
+	}
+	unlink( $projects_file );
+}
--- a/components/user/class.user.php
+++ b/components/user/class.user.php
@ -6,8 +6,7 @@
 *  [root]/license.txt for more. This information must remain intact.
 */

-class User
-{
+class User {
 	
 	//////////////////////////////////////////////////////////////////
 	// PROPERTIES
@ -32,8 +31,8 @@ class User
 	// Construct
 	//////////////////////////////////////////////////////////////////
 	
-    public function __construct()
-    {
+	public function __construct() {
+		
 		$this->users = getJSON( 'users.php' );
 		$this->actives = getJSON( 'active.php' );
 	}
@ -42,8 +41,7 @@ class User
 	// Authenticate
 	//////////////////////////////////////////////////////////////////
 	
-    public function Authenticate()
-    {
+	public function Authenticate() {
 		
 		if( ! is_dir( SESSIONS_PATH ) ) {
 			
@ -64,8 +62,6 @@ class User
 			try {
 				
 				chown( SESSIONS_PATH, $server_user );
-				echo( formatJSEND("error", "Error, incorrect owner of sessions folder.  The sessions folder owner has been sucessfully changed.  Please log in again." ) );
-				return;
 			} catch( Exception $e ) {
 				
 				echo( formatJSEND("error", "Error, incorrect owner of sessions folder.  Expecting: $server_user, Recieved: " . $sessions_owner ) );
@ -78,8 +74,6 @@ class User
 			try {
 				
 				chmod( SESSIONS_PATH, 00755 );
-				echo( formatJSEND("error", "Error, incorrect permissions on sessions folder.  The sessions folder permissions have been sucessfully changed.  Please log in again." ) );
-				return;
 			} catch( Exception $e ) {
 				
 				echo( formatJSEND("error", "Error, incorrect permissions on sessions folder.  Expecting: 0755, Recieved: " . $sessions_permissions ) );
@ -88,9 +82,11 @@ class User
 		}
 		
 		$pass = false;
+		
 		$this->EncryptPassword();
 		$users = getJSON('users.php');
 		foreach( $users as $user ) {
+			
 			if( $user['username'] == $this->username && $user['password'] == $this->password ) {
 				
 				$pass = true;
@ -101,6 +97,7 @@ class User
 				$_SESSION["login_session"] = true;
 				
 				if($user['project']!='') {
+					
 					$_SESSION['project'] = $user['project'];
 				}
 				
@ -112,6 +109,7 @@ class User
 			
 			echo formatJSEND( "success", array( "username" => $this->username ) );
 		} else {
+			
 			echo formatJSEND( "error", "Incorrect Username or Password" );
 		}
 	}
@ -127,20 +125,15 @@ class User
 	
 	public static function checkDuplicateSessions( $username ) {
 	
-    	//ini_set('display_errors', 1);
-		//ini_set('display_startup_errors', 1);
-		//error_reporting(E_ALL);
 		session_write_close();
 		$all_sessions = array();
 		$sessions = glob( SESSIONS_PATH . "/*" );
 		session_id( SESSION_ID );
-        // session_save_path( SESSIONS_PATH );
 		
 		foreach( $sessions as $session ) {
 			
-        	//echo var_dump( $session ) . "\n\n";
-        	
 			if( strpos( $session, "sess_") == false ) {
+				
 				continue;
 			}
 			
@ -163,8 +156,6 @@ class User
 				}
 			}
 		}
-        //echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
-        
 		session_id( SESSION_ID );
 		session_start();
 	}
@ -173,15 +164,17 @@ class User
 	// Create Account
 	//////////////////////////////////////////////////////////////////
 	
-    public function Create()
-    {
+	public function Create() {
+		
 		$this->EncryptPassword();
 		$pass = $this->checkDuplicate();
 		if( $pass ) {
+			
 			$this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
 			saveJSON( 'users.php', $this->users );
 			echo formatJSEND( "success", array( "username" => $this->username ) );
 		} else {
+			
 			echo formatJSEND( "error", "The Username is Already Taken" );
 		}
 	}
@ -190,12 +183,14 @@ class User
 	// Delete Account
 	//////////////////////////////////////////////////////////////////
 	
-    public function Delete()
-    {
+	public function Delete() {
+		
 		// Remove User
 		$revised_array = array();
 		foreach( $this->users as $user => $data ) {
+			
 			if( $data['username'] != $this->username ) {
+				
 				$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
 			}
 		}
@ -204,7 +199,9 @@ class User
 		
 		// Remove any active files
 		foreach( $this->actives as $active => $data ) {
+			
 			if( $this->username == $data['username'] ) {
+				
 				unset( $this->actives[$active] );
 			}
 		}
@ -212,6 +209,7 @@ class User
 		
 		// Remove access control list (if exists)
 		if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
+			
 			unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
 		}
 		
@ -223,14 +221,17 @@ class User
 	// Change Password
 	//////////////////////////////////////////////////////////////////
 	
-    public function Password()
-    {
+	public function Password() {
+		
 		$this->EncryptPassword();
 		$revised_array = array();
 		foreach( $this->users as $user => $data ) {
+			
 			if( $data['username'] == $this->username ) {
+				
 				$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
 			} else {
+				
 				$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
 			}
 		}
@ -244,15 +245,18 @@ class User
 	// Set Project Access
 	//////////////////////////////////////////////////////////////////
 	
-    public function Project_Access()
-    {
+	public function Project_Access() {
+		
 		// Access set to all projects
 		if( $this->projects == 0 ) {
+			
+			// Access set to restricted list
 			if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
+				
 				unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
 			}
-        // Access set to restricted list
 		} else {
+			
 			// Save array back to JSON
 			saveJSON( $this->username . '_acl.php', $this->projects );
 		}
@ -264,13 +268,16 @@ class User
 	// Set Current Project
 	//////////////////////////////////////////////////////////////////
 	
-    public function Project()
-    {
+	public function Project() {
+		
 		$revised_array = array();
 		foreach( $this->users as $user => $data ) {
+			
 			if( $this->username == $data['username'] ) {
+				
 				$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
 			} else {
+				
 				$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
 			}
 		}
@ -284,11 +291,13 @@ class User
 	// Check Duplicate
 	//////////////////////////////////////////////////////////////////
 	
-    public function CheckDuplicate()
-    {
+	public function CheckDuplicate() {
+		
 		$pass = true;
 		foreach( $this->users as $user => $data ) {
+			
 			if( $data['username'] == $this->username ) {
+				
 				$pass = false;
 			}
 		}
@ -299,11 +308,13 @@ class User
 	// Verify Account Exists
 	//////////////////////////////////////////////////////////////////
 	
-    public function Verify()
-    {
+	public function Verify() {
+			
 		$pass = 'false';
 		foreach( $this->users as $user => $data ) {
+			
 			if( $this->username == $data['username'] ) {
+				
 				$pass = 'true';
 			}
 		}
@ -314,8 +325,8 @@ class User
 	// Encrypt Password
 	//////////////////////////////////////////////////////////////////
 	
-    private function EncryptPassword()
-    {
+	private function EncryptPassword() {
+		
 		$this->password = sha1( md5( $this->password ) );
 	}
 	
@ -323,8 +334,8 @@ class User
 	// Clean username
 	//////////////////////////////////////////////////////////////////
 	
-    public static function CleanUsername($username)
-    {
+	public static function CleanUsername( $username ) {
+		
 		return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
 	}
 }
--- a/index.php
+++ b/index.php
@ -185,6 +185,13 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {

    } else {
 	
+		define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
+		
+		if( ! is_dir( USER_WORKSPACE ) ) {
+			
+			mkdir( USER_WORKSPACE, 0755 );
+		}
+	
    ?>

    <div id="workspace">