summaryrefslogtreecommitdiff
path: root/www/createfolder.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/createfolder.php')
-rw-r--r--www/createfolder.php71
1 files changed, 38 insertions, 33 deletions
diff --git a/www/createfolder.php b/www/createfolder.php
index cfcf4b2..b99a033 100644
--- a/www/createfolder.php
+++ b/www/createfolder.php
@@ -10,61 +10,65 @@ if(!$_SESSION["login"]){
if($_SERVER['REQUEST_METHOD'] == 'POST'){
function database_error(){
- echo "Database error!"
+ echo "Database error!";
exit;
}
$folder=$_POST["folder"];
- $name = $_SESSION["username"];
+ $name = $_POST["username"];
$public = SQLite3::escapeString("$_POST[public]");
- $pwd = SQLite3::escapeString("$_POST[pdw]");
+ $pwd_unsafe = $_POST["pwd"];
+ $pwd = SQLite3::escapeString("$pwd_unsafe");
$type = SQLite3::escapeString("$_POST[type]");
- if(preg_match("/^//", $folder)){
+
+ if(preg_match("/^\//", $folder)){
$absolutpath = true;
+ $k=1;
} else {
$absolutpath = false;
}
+
$folder_array_unsafe = explode("/",$folder);
- $length = count($folder);
+ $length = count($folder_array_unsafe);
$db = new SQLite3("../database/sqlite.db");
- $k=1;
-
- for($i=0; $i++; $i<$length){
- $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
- if($absolutpath){
- if(db->exec("
- BEGIN TRANSACTION;
- INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $k, $folder_array[$i], '$type', '$public');
- COMMIT;
- ")){
- $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$folder_array[$i]");
+ for($i=0; $i<$length; $i++){
+ if(!empty($folder_array_unsafe[$i])){
+ $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
+ if($absolutpath){
+ if($db->exec("
+ INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $k, '$folder_array[$i]', '$type', '$public');
+ ")){
+ $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$folder_array[$i]'");
+ $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
+ $primary_key = $primary_key_ar[0];
+ $k=$primary_key;
+ } else {
+ database_error();
+ }
+ } else {
+ $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$pwd'");
$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
$primary_key = $primary_key_ar[0];
- $k=$primary_key;
- } else {
- database_error();
- }
- } else {
- $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$pwd'");
- $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
- $primary_key = $primary_key_ar[0];
- if(db->exec("
- BEGIN TRANSACTION;
- INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public');
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public');
COMMIT;
- ")){
- $pwd='$folder_array[$i]';
- } else {
- database_error();
+ ")){
+ $pwd='$folder_array[$i]';
+ } else {
+ database_error();
+ }
}
}
-
+
}
- echo "END";
+
+ header("Refresh: 0; /$name");
+
} else {
echo "Hallo $name
@@ -72,6 +76,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
<p> Folder: <input type='text' name='folder'></p>
<p> Public? <input type='text' name='public'></p>
<p> pwd: <input type='text' name='pwd'></p>
+ <input type='hidden' name='username' value='$_SESSION[username]'>
<input type='hidden' name='type' value='FOLDER'>
<input type='submit' name='submit' value='invite'>
</form>";