diff --git a/admin.php b/admin.php index 03763ef..61a7b2d 100644 --- a/admin.php +++ b/admin.php @@ -6,7 +6,6 @@ include "core.php"; include "config.php"; -include "create-table.php"; $Action = ""; $Authorized = 0; @@ -47,10 +46,10 @@ if (!$enableAdminKeys || $enableAdminKeys == "false") { } $Database = createTables($sqlDB); -$DatabaseQuery = $Database->query('SELECT * FROM admins'); +$DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) { $Authorized = 1; $Primary = $line['primaryadmin']; break; @@ -179,54 +178,13 @@ if ($Action == "files") { $html .= "\t\t\t\t\t\tKey type\n"; $html .= "\t\t\t\t\t\n"; - $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($Primary != 1) { - break; - } - - // allow filtering if ($line['id'] != $filterID && $filterID != -1) { continue; } - $ID = $line['id']; - $Key = $line['key']; - $NumberOfUploads = $line['numberofuploads']; - $UploadsLeft = ""; - $LastUsed = $line['lastused']; - $Issued = $line['issued']; - $IP = $line['ip']; - $UserAgent = $line['useragent']; - - $keyType = "Administrator"; - $UploadsLeft = "∞"; - - if ($line['primaryadmin'] == 1) { - $keyType = "Primary Administrator"; - } - - $html .= "\t\t\t\t\t\n"; - $html .= "\t\t\t\t\t\t$ID\n"; - $html .= "\t\t\t\t\t\t$Key\n"; - $html .= "\t\t\t\t\t\t$NumberOfUploads\n"; - $html .= "\t\t\t\t\t\t$UploadsLeft\n"; - $html .= "\t\t\t\t\t\t$LastUsed\n"; - $html .= "\t\t\t\t\t\t$Issued\n"; - $html .= "\t\t\t\t\t\t$IP\n"; - $html .= "\t\t\t\t\t\t$UserAgent\n"; - $html .= "\t\t\t\t\t\t$keyType\n"; - - if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed - $html .= "\t\t\t\t\t\tRemove\n"; - } - - $html .= "\t\t\t\t\t\n"; - } - - $DatabaseQuery = $Database->query('SELECT * FROM keys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['id'] != $filterID && $filterID != -1) { + if ($line['keytype'] == 2 && $Primary != 1) { continue; } @@ -246,6 +204,13 @@ if ($Action == "files") { $UploadsLeft = "∞"; $keyType = "Key"; } + if ($line['keytype'] == 2) { + $keyType = "Administrator"; + + if ($line['primaryadmin'] == 1) { + $keyType = "Primary Administrator"; + } + } $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t\t$ID\n"; @@ -257,7 +222,11 @@ if ($Action == "files") { $html .= "\t\t\t\t\t\t$IP\n"; $html .= "\t\t\t\t\t\t$UserAgent\n"; $html .= "\t\t\t\t\t\t$keyType\n"; - $html .= "\t\t\t\t\t\tRemove\n"; + + if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed + $html .= "\t\t\t\t\t\tRemove\n"; + } + $html .= "\t\t\t\t\t\n"; } diff --git a/core.php b/core.php index be8f86e..2b9160f 100644 --- a/core.php +++ b/core.php @@ -4,6 +4,35 @@ * Licensed under the GNU Affero General Public License version 3.0 */ +function createTables($sqlDB) { + $Database = new SQLite3($sqlDB); + + /* keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * keytype (INT) + * primaryadmin (INT) + * numberofuploads (INT) + * uploadsleft (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, keytype INT, primaryadmin INT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* uploads table + * id (INTEGER PRIMARY KEY) + * file (TEXT) + * uploaddate (TEXT) + * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) + * keytype (INT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)"); + + return $Database; +} + function printHeader($html) { include "config.php"; @@ -96,17 +125,18 @@ function printFileUploadForm($html, $Error) { function checkIfAdminExists() { include "config.php"; - include "create-table.php"; $adminExists = 0; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $DatabaseQuery = $Database->query('SELECT * FROM keys'); $adminExists = 0; while ($line = $DatabaseQuery->fetchArray()) { - $adminExists = 1; - break; + if ($line['keytype'] == 2) { + $adminExists = 1; + break; + } } return $adminExists; diff --git a/create-table.php b/create-table.php deleted file mode 100644 index 512c4ea..0000000 --- a/create-table.php +++ /dev/null @@ -1,45 +0,0 @@ -exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - - /* keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * uploadsleft (INT) - * lastused (TEXT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - - /* uploads table - * id (INTEGER PRIMARY KEY) - * file (TEXT) - * uploaddate (TEXT) - * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) - * keytype (INT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)"); - - return $Database; -} -?> diff --git a/create.php b/create.php index dbf2431..b34f87e 100644 --- a/create.php +++ b/create.php @@ -4,31 +4,30 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -include "config.php"; -include "create-table.php"; include "core.php"; +include "config.php"; $Redirect = ""; $uploadsLeft = 1; $AuthorizedCreation = 0; $AdminIsPrimary = 0; -$primary = 0; +$firstKey = 0; +$typeNum = 1; +$numberOfUploads = 0; +$lastUsed = ""; +$Issued = ""; +$ip = ""; +$userAgent = ""; if (isset($_REQUEST['redir'])) { $Redirect = $_REQUEST['redir']; } $Database = createTables($sqlDB); -$DatabaseQuery = $Database->query('SELECT * FROM admins'); +$DatabaseQuery = $Database->query('SELECT * FROM keys'); -$adminExists = 0; -while ($line = $DatabaseQuery->fetchArray()) { - $adminExists = 1; - break; -} - -if ($adminExists != 1) { - $primary = 1; +if (!checkIfAdminExists()) { + $firstKey = 1; } else { if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { header('Location: login.php?redir=admin'); @@ -38,10 +37,10 @@ if ($adminExists != 1) { die(); } - $primary = 0; + $firstKey = 0; } -$DatabaseQuery = $Database->query('SELECT * FROM admins'); +$DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { $AuthorizedCreation = 1; @@ -51,11 +50,12 @@ while ($line = $DatabaseQuery->fetchArray()) { } // not authorized -if ($AuthorizedCreation != 1 && $primary != 1) { +if ($AuthorizedCreation != 1 && $firstKey != 1) { header('Location: /'); die(); } +// data must be specified if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") { $Data = $_REQUEST['data']; } else { @@ -70,6 +70,7 @@ if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") { die(); } +// type must be specified if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") { $Type = $_REQUEST['type']; } else { @@ -84,12 +85,7 @@ if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") { die(); } -if (isset($_REQUEST['uploads']) && $Type == "Temporary") { - $Uploads = $_REQUEST['uploads']; -} else { - $Uploads = 1; -} - +// uploads left must be specified for temp keys if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") { $uploadsLeft = $_REQUEST['uploadsleft']; @@ -108,102 +104,12 @@ if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") { $uploadsLeft = -1; } -if ($Type == "Admin") { - if ($AdminIsPrimary != 1 && $primary != 1) { - if ($Redirect == "admin") { - header("Location: admin.php?action=create&e=denied"); - } else if ($Redirect == "setup") { - header("Location: setup.php?e=denied"); - } else { - header("Location: /"); - } - - die(); - } - - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") { - if ($Redirect == "admin") { - header("Location: admin.php?action=create&e=exists"); - } else if ($Redirect == "setup") { - header("Location: setup.php?e=exists"); - } else { - header("Location: /"); - } - - die(); - } - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '$primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} else if ($Type == "Temporary" || $Type == "Key") { - $DatabaseQuery = $Database->query('SELECT * FROM keys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") { - if ($Redirect == "admin") { - header("Location: admin.php?action=create&e=exists"); - } else if ($Redirect == "setup") { - header("Location: setup.php?e=exists"); - } else { - header("Location: /"); - } - - die(); - } - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO keys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} else { +// only primary admins may create admin keys +if ($AdminIsPrimary != 1 && $firstKey != 1 && $Type == "Admin") { if ($Redirect == "admin") { - header("Location: admin.php?action=create&e=type"); + header("Location: admin.php?action=create&e=denied"); } else if ($Redirect == "setup") { - header("Location: setup.php?e=type"); + header("Location: setup.php?e=denied"); } else { header("Location: /"); } @@ -211,6 +117,35 @@ if ($Type == "Admin") { die(); } +// check if a key by the same name already exists +$DatabaseQuery = $Database->query('SELECT * FROM keys'); +while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=exists"); + } else if ($Redirect == "setup") { + header("Location: setup.php?e=exists"); + } else { + header("Location: /"); + } + + die(); + } +} + +if ($storeAgent || $storeAgent == "true") $userAgent = getUserAgent(); +if ($storeIssued || $storeIssued == "true") $Issued = date($dateFormat); +if ($storeLastUsage || $storeLastUsage == "true") $lastUsed = date($dateFormat); +if ($storeIP || $storeIP == "true") $ip = getIPAddress(); + +if ($Type == "Admin") { + $typeNum = 2; +} else { + $typeNum = 1; +} + +$Database->exec("INSERT INTO keys(key, keytype, primaryadmin, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$typeNum', '$firstKey', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($Redirect == "admin") { header("Location: admin.php?action=keys"); } else { diff --git a/files.php b/files.php index a306c51..6f550e4 100644 --- a/files.php +++ b/files.php @@ -6,7 +6,6 @@ include "config.php"; include "core.php"; -include "create-table.php"; $Error = ""; $html = ""; @@ -45,21 +44,11 @@ if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading = $keyType = "Unknown"; } - if ($keytypeID == 1) { // key? - $UserDatabaseQuery = $Database->query('SELECT * FROM keys'); - while ($uline = $UserDatabaseQuery->fetchArray()) { - if ($uline['id'] == $keyID && $keytypeID == 1 && $_COOKIE[$cookieName] == $uline['key']) { - $CorrectFile = 1; - break; - } - } - } else if ($keytypeID == 2) { // must be a member of the club, then - $UserDatabaseQuery = $Database->query('SELECT * FROM admins'); - while ($uline = $UserDatabaseQuery->fetchArray()) { - if ($uline['id'] == $keyID && $keytypeID == 2 && $_COOKIE[$cookieName] == $uline['key']) { - $CorrectFile = 1; - break; - } + $UserDatabaseQuery = $Database->query('SELECT * FROM keys'); + while ($uline = $UserDatabaseQuery->fetchArray()) { + if ($uline['id'] == $keyID && $_COOKIE[$cookieName] == $uline['key']) { + $CorrectFile = 1; + break; } } diff --git a/login.php b/login.php index 0e15f58..68c3752 100644 --- a/login.php +++ b/login.php @@ -5,7 +5,6 @@ */ include "config.php"; -include "create-table.php"; include "core.php"; $Authorized = 0; @@ -39,9 +38,8 @@ if (isset($_REQUEST['key'])) { // check the validity of the key $Database = createTables($sqlDB); - - // Temporary keys $DatabaseQuery = $Database->query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { $id = $line['id']; @@ -65,38 +63,7 @@ if (isset($_REQUEST['key'])) { } $Authorized = 1; - $KeyType = 1; - - break; - } - } - - // Admin keys - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { - $id = $line['id']; - - // update last usage - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); - } - - // update IP address - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); - } - - // update user agent - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); - } - - $Authorized = 1; - $KeyType = 2; + $KeyType = $line['keytype']; break; } diff --git a/remove-key.php b/remove-key.php index c6792c0..b7b7503 100644 --- a/remove-key.php +++ b/remove-key.php @@ -5,7 +5,7 @@ */ include "config.php"; -include "create-table.php"; +include "core.php"; if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { header('Location: login.php?redir=admin'); @@ -42,10 +42,10 @@ if (isset($_REQUEST['redir'])) { } $Database = createTables($sqlDB); -$DatabaseQuery = $Database->query('SELECT * FROM admins'); +$DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + if ($line['keytype'] == 2 && $line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { $AuthorizedRemoval = 1; $AdminIsPrimary = $line['primaryadmin']; break; @@ -60,26 +60,9 @@ if ($AuthorizedRemoval != 1) { $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($type != 1) break; - if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists - if ($AuthorizedRemoval == 1) { - $Database->exec("DELETE FROM keys WHERE id='$id'"); - $Removed = 1; - } else { - print "You aren't authorized to perform this action."; - die(); - } - - break; - } -} - -$DatabaseQuery = $Database->query('SELECT * FROM admins'); -while ($line = $DatabaseQuery->fetchArray()) { - if ($type != 2) break; if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists - if ($AuthorizedRemoval == 1 && $AdminIsPrimary == 1) { // in order to delete an admin key you must be a primary admin - $Database->exec("DELETE FROM admins WHERE id='$id'"); + if ($AuthorizedRemoval == 1 && (($AdminIsPrimary == 1 && $line['id'] == 2) || $line['id'] != 2)) { + $Database->exec("DELETE FROM keys WHERE id='$id'"); $Removed = 1; } else { print "You aren't authorized to perform this action."; diff --git a/remove.php b/remove.php index 6252c83..863a353 100644 --- a/remove.php +++ b/remove.php @@ -5,7 +5,7 @@ */ include "config.php"; -include "create-table.php"; +include "core.php"; if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { header('Location: login.php'); @@ -56,7 +56,7 @@ while ($line = $DatabaseQuery->fetchArray()) { // check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) { - $keyDatabaseQuery = $Database->query('SELECT * FROM admins'); + $keyDatabaseQuery = $Database->query('SELECT * FROM keys'); // check if the file was uploaded by a primary admin while ($kline = $keyDatabaseQuery->fetchArray()) { @@ -66,7 +66,7 @@ while ($line = $DatabaseQuery->fetchArray()) { } while ($kline = $keyDatabaseQuery->fetchArray()) { - if ($kline['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $kline['key'] != "") { // key = passed key + if ($kline['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file $AuthorizedRemoval = 1; break; diff --git a/upload.php b/upload.php index a4da099..23c98e0 100644 --- a/upload.php +++ b/upload.php @@ -5,7 +5,6 @@ */ include "config.php"; -include "create-table.php"; include "core.php"; $WebInterface = 1; @@ -44,15 +43,14 @@ if (!$publicUploading || $publicUploading == "false") { $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableKeys || $enableKeys == "true")) { - // decrease uploads left if temporary - if ($line['uploadsleft'] != -1) { - $uploadsLeft = $line['uploadsleft'] - 1; - } - $id = $line['id']; $keyID = $id; - $Database->exec("UPDATE keys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + // decrease uploads left if temporary + if ($line['uploadsleft'] != -1) { + $uploadsLeft = $line['uploadsleft'] - 1; + $Database->exec("UPDATE keys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + } if ($storeLastUsage || $storeLastUsage == "true") { $lastUsed = date($dateFormat); @@ -75,42 +73,11 @@ if (!$publicUploading || $publicUploading == "false") { } $Authorized = 1; - $keyType = 1; + $keyType = $line['keytype']; break; } } - // maybe admin? - if ($Authorized != 1) { - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) { - $id = $line['id']; - $keyID = $id; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); - - $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE admins SET numberofuploads='$numberOfUploads' WHERE id='$id'"); - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); - } - - $Authorized = 1; - $keyType = 2; - break; - } - } - } - // Not an authorized key if ($Authorized == 0) { if ($WebInterface == 0) {