merged

1 files changed, 55 insertions, 0 deletions

diff --git a/www/select_function.php b/www/select_function.php
new file mode 100644
index 0000000..b83fe04
--- /dev/null
+++ b/www/select_function.php
@@ -0,0 +1,55 @@
+function select($db){
+	if($_SESSION["login"]){
+		$share="";
+	} else {
+		$share ="AND share='PUBLIC'";
+	}
+
+	if(!empty($_GET["name"])){
+	        $user = $_GET["name"];
+	} else {
+	        failure("No user input.");
+	}
+
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
+	if(empty($owner_db)){
+		failure("This user doesn't exist.");
+	}
+
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	$owner    = $owner_ar[0];
+
+	$folder_array_unsafe = explode("/",$_GET["folder"]);
+	$length = count($folder_array_unsafe);
+
+	$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
+	if(empty($root_db)){
+		failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please.");
+	}
+	$root_ar = $root_db->fetchArray(SQLITE3_NUM);
+	$root_id = $root_ar[0];
+	$parentdir = SQLite3::escapeString($root_id);
+	$temp_id = $root_id;
+
+	for($i=0; $i<$length; $i++){
+	
+		if(!empty($folder_array_unsafe[$i])){
+			$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
+			if(empty($parentdir_db)){
+				failure("Database error.");
+			}
+			$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+			if($parentdir != $prim_id[1]){
+				failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]);
+			}
+
+			$parentdir = $prim_id[0];
+		}
+	}
+
+	$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
+	$content_ar = $conten_db->fetchArray(SQLITE3_NUM);
+
+	return $content_ar;
+
+}