diff options
| author | Horus3 | 2014-03-18 00:14:37 +0100 |
|---|---|---|
| committer | Horus3 | 2014-03-18 00:14:37 +0100 |
| commit | faa66b350b7c95701654cae59583761feaeeb3d3 (patch) | |
| tree | deb5b984698b3bfb72edfdf6a9f0f263e63d5cdd /www/createfolder.php | |
| parent | 46786c1703474776d74ba67eb01eb484f3c8b646 (diff) | |
| download | files.iamfabulous.de-faa66b350b7c95701654cae59583761feaeeb3d3.tar.gz | |
func upload()
Diffstat (limited to 'www/createfolder.php')
| -rwxr-xr-x | www/createfolder.php | 96 |
1 files changed, 0 insertions, 96 deletions
diff --git a/www/createfolder.php b/www/createfolder.php deleted file mode 100755 index 563f352..0000000 --- a/www/createfolder.php +++ /dev/null @@ -1,96 +0,0 @@ -<?php - -/* DO NOT TOUCH! This is buggy as hell. */ - -session_start(); - -if(!$_SESSION["login"]){ - header("Refresh: 0; /login"); - exit; -} - -if($_SERVER['REQUEST_METHOD'] == 'POST'){ - - function database_error(){ - echo "Database error!"; - exit; - } - - $folder=$_POST["folder"]; - $name = $_POST["username"]; - $sname = SQLite3::escapeString("$name"); - $public = SQLite3::escapeString("$_POST[public]"); - $pwd_unsafe = $_POST["pwd"]; - $pwd = SQLite3::escapeString("$pwd_unsafe"); - $type = SQLite3::escapeString("$_POST[type]"); - - - if(preg_match("/^\//", $folder)){ - $absolutpath = true; - $k=2; // what the fuck is this? - } else { - $absolutpath = false; - } - - - $folder_array_unsafe = explode("/",$folder); - $length = count($folder_array_unsafe); - - $db = new SQLite3("../database/sqlite.db"); - - $id_db = $db->query("SELECT id FROM user WHERE name='" . $sname . "';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - - if(!preg_match("/[0-9]+/", $id)){ - database_error(); - } - - for($i=0; $i<$length; $i++){ - if(!empty($folder_array_unsafe[$i])){ - $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]"); - if($absolutpath){ - if($db->exec(" - INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $k . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', ''); - ")){ - $primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $folder_array[$i] . "';"); - $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); - $primary_key = $primary_key_ar[0]; - $k=$primary_key; - } else { - database_error(); - } - } else { - $primary_key_db = $db->query("SELECT id FROM files WHERE name='".$pwd."';"); //TODO That doesn't make any sense to me at all! //This makes sense in the context. - $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); - $primary_key = $primary_key_ar[0]; - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $primary_key . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', ''); - COMMIT; - ")){ - $pwd='$folder_array[$i]'; - } else { - database_error(); - } - } - } - - } - - header("Refresh: 0; /" . $name); - -} else { - - echo "Hallo $_SESSION[username]; - <form method='post' action='/createfolder.php'> - <p> Folder: <input type='text' name='folder'></p> - <p> Public? <input type='text' name='public'></p> - <p> pwd: <input type='text' name='pwd'></p> - <input type='hidden' name='username' value='$_SESSION[username]'> - <input type='hidden' name='type' value='DIRECTORY'> - <input type='submit' name='submit' value='create'> - </form>"; - - echo "END"; -} |