more modular for greater flexibility

1 files changed, 21 insertions, 49 deletions

diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index ca3c53f..0659cdb 100644
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -1,25 +1,12 @@
 <?
-function select($db){
-	if($_SESSION["login"]){ 	// TODO: Check if loged in user really the user who does the query
+function select($db, $owner){
+
+	if($_SESSION["login"] && $_SESSION["userid"] == $owner){ 	// TODO: Check if loged in user really the user who does the query - fix 12.3.14
 		$share="";
 	} else {
 		$share ="AND share='PUBLIC'";
 	}
-
-	if(!empty($_GET["name"])){
-	        $user = $_GET["name"];
-	} else {
-	        failure("No user input.");
-	}
-
-	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
-	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
-	if(empty($owner_ar)){
-		failure("This user doesn't exist.");
-	}
-
-	$owner    = $owner_ar[0];
-
+	
 	$folder_array_unsafe = explode("/",$_GET["folder"]);
 	$length = count($folder_array_unsafe);
 
@@ -32,49 +19,34 @@ function select($db){
 	$parentdir = SQLite3::escapeString($root_id);
 	$temp_id = $root_id;
 
+	if(empty($folder_array_unsafe[$i])){
+		
+	}
 	for($i=0; $i<$length; $i++){
 	
-		if(!empty($folder_array_unsafe[$i])){
-			$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
-
-			$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
-			if(empty($prim_id)){
-				failure("Database error.");
-			}
+		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
 
-			if($parentdir != $prim_id[1]){
+		$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+		if(empty($prim_id)){
+			failure("Database error.");
+		}
 
-				$wrong_folder = $folder_array_unsafe[$i];
-				$working_path[0] = $wrong_folder;
+		if($parentdir != $prim_id[1]){
 
-				for($j=0; $j<$i; $j++){
-					$working_path[$j] = $folder_array_unsafe[$j];
-				}
+			$wrong_folder = $folder_array_unsafe[$i];
+			$working_path[0] = $wrong_folder;
 
-				get_404($working_path, $wrong_folder);
-				return false;
+			for($j=0; $j<$i; $j++){
+				$working_path[$j] = $folder_array_unsafe[$j];
 			}
 
-			$parentdir = $prim_id[0];
+			get_404($working_path, $wrong_folder);
+			return false;
 		}
-	}
-
-	$content_db = $db->query("SELECT * FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
 
-	$count=0;
-	while($row = $content_db->fetchArray(SQLITE3_NUM)){
-		$content[$count][0] = $row[0];
-		$content[$count][1] = $row[1];
-		$content[$count][2] = $row[2];
-		$content[$count][3] = $row[3];
-		$content[$count][4] = $row[4];
-		$content[$count][5] = $row[5];
-		$content[$count][6] = $row[6];
-		$content[$count][7] = $row[7];
-		$content[$count][8] = $row[8];
-		$count++;
+		$parentdir = $prim_id[0];
 	}
 
-	return $content;
+	return $parentdir;
 
 }