diff options
Diffstat (limited to 'tmp')
| -rw-r--r-- | tmp/select.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/tmp/select.php b/tmp/select.php new file mode 100644 index 0000000..ffa12d1 --- /dev/null +++ b/tmp/select.php @@ -0,0 +1,68 @@ +<? + +session_start(); + +if($_SESSION["login"]){ + $share=""; +} else { + $share ="AND share='PUBLIC'"; +} + +$db = new SQLite3("../database/sqlite.db"); + +function failure($reason){ + echo "A 404 error occurred. <br>"; + echo $reason; + exit; +} + +if(!empty($_GET["name"])){ + $user = $_GET["name"]; +} else { + failure("No user input."); +} + +$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); + +if(empty($owner_db)){ + failure("This user doesn't exist."); +} + +$owner_ar = $owner_db->fetchArray(SQLITE3_NUM); +$owner = $owner_ar[0]; + +$folder_array_unsafe = explode("/",$_GET["folder"]); +$length = count($folder_array_unsafe); + + +$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); +if(empty($root_db)){ + failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please."); +} +$root_ar = $root_db->fetchArray(SQLITE3_NUM); +$root_id = $root_ar[0]; +$parentdir = SQLite3::escapeString($root_id); +$temp_id = $root_id; + + +for($i=0; $i<$length; $i++){ + + if(!empty($folder_array_unsafe[$i])){ + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); + if(empty($parentdir_db)){ + failure("Database error."); + } + $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); + if($parentdir != $prim_id[1]){ + failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]); + } + + $parentdir = $prim_id[0]; + echo SQLite3::escapeString($folder_array_unsafe[$i]); + + echo "<br>"; + } +} + +$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";"); +$content_ar = $conten_db->fetchArray(SQLITE3_NUM); |