From 354e54a0aff6809aab6f197c97489112774df043 Mon Sep 17 00:00:00 2001
From: Aaron van Geffen <aaron@aaronweb.net>
Date: Sun, 1 Mar 2020 17:00:18 +0100
Subject: [PATCH] Limit album/tag downloading on a user basis.

This removes the limit of downloading albums only; tags are fine, too.

Now using UserFacingException for certain exceptions, as these are
displayed to the user.

Removing the inheritance of HTMLController, as we intend to output binary
data only.
---
 controllers/Download.php | 36 ++++++++----------------------------
 1 file changed, 8 insertions(+), 28 deletions(-)

diff --git a/controllers/Download.php b/controllers/Download.php
index b6e2e6c2..b22b92b1 100644
--- a/controllers/Download.php
+++ b/controllers/Download.php
@@ -6,7 +6,7 @@
  * Kabuki CMS (C) 2013-2019, Aaron van Geffen
  *****************************************************************************/
 
-class Download extends HTMLController
+class Download
 {
 	public function __construct()
 	{
@@ -15,38 +15,18 @@ class Download extends HTMLController
 		if (!$user->isLoggedIn())
 			throw new NotAllowedException();
 
-		if(!isset($_GET['tag']))
-			throw new UnexpectedValueException('Must specify an album to download');
+		if (!isset($_GET['tag']))
+			throw new UserFacingException('No album or tag has been specified for download.');
 
 		$tag = (int)$_GET['tag'];
 		$album = Tag::fromId($tag);
 
-		if($album->kind !== 'Album')
-			throw new UnexpectedValueException('Specified tag does not correspond to an album');
+		if (isset($_SESSION['current_export']))
+			throw new UserFacingException('An export of "' . $tag->tag . '" is ongoing. Please try again later.');
 
-		//Yes TOCTOU but it does not need to be perfect.
-		$lock_file = join('/', [sys_get_temp_dir(), 'pics-export.lock']);
-		if(!file_exists($lock_file))
-		{
-			try
-			{
-				$fp = fopen($lock_file, 'x');
-
-				if(!$fp)
-					throw new UnexpectedValueException('Could not open lock-file');
-
-				$this->exportAlbum($album);
-			}
-			finally
-			{
-				fclose($fp);
-				unlink($lock_file);
-			}
-		}
-		else
-			throw new UnexpectedValueException('Another export is busy, please try again later');
-
-		exit();
+		// So far so good?
+		$this->exportAlbum($album);
+		exit;
 	}
 
 	private function exportAlbum($album)