summaryrefslogtreecommitdiff
path: root/www/createfolder.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/createfolder.php')
-rwxr-xr-xwww/createfolder.php96
1 files changed, 0 insertions, 96 deletions
diff --git a/www/createfolder.php b/www/createfolder.php
deleted file mode 100755
index 563f352..0000000
--- a/www/createfolder.php
+++ /dev/null
@@ -1,96 +0,0 @@
-<?php
-
-/* DO NOT TOUCH! This is buggy as hell. */
-
-session_start();
-
-if(!$_SESSION["login"]){
- header("Refresh: 0; /login");
- exit;
-}
-
-if($_SERVER['REQUEST_METHOD'] == 'POST'){
-
- function database_error(){
- echo "Database error!";
- exit;
- }
-
- $folder=$_POST["folder"];
- $name = $_POST["username"];
- $sname = SQLite3::escapeString("$name");
- $public = SQLite3::escapeString("$_POST[public]");
- $pwd_unsafe = $_POST["pwd"];
- $pwd = SQLite3::escapeString("$pwd_unsafe");
- $type = SQLite3::escapeString("$_POST[type]");
-
-
- if(preg_match("/^\//", $folder)){
- $absolutpath = true;
- $k=2; // what the fuck is this?
- } else {
- $absolutpath = false;
- }
-
-
- $folder_array_unsafe = explode("/",$folder);
- $length = count($folder_array_unsafe);
-
- $db = new SQLite3("../database/sqlite.db");
-
- $id_db = $db->query("SELECT id FROM user WHERE name='" . $sname . "';");
- $id_ar = $id_db->fetchArray(SQLITE3_NUM);
- $id = $id_ar[0];
-
- if(!preg_match("/[0-9]+/", $id)){
- database_error();
- }
-
- for($i=0; $i<$length; $i++){
- if(!empty($folder_array_unsafe[$i])){
- $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
- if($absolutpath){
- if($db->exec("
- INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $k . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
- ")){
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $folder_array[$i] . "';");
- $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
- $primary_key = $primary_key_ar[0];
- $k=$primary_key;
- } else {
- database_error();
- }
- } else {
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='".$pwd."';"); //TODO That doesn't make any sense to me at all! //This makes sense in the context.
- $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
- $primary_key = $primary_key_ar[0];
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $primary_key . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
- COMMIT;
- ")){
- $pwd='$folder_array[$i]';
- } else {
- database_error();
- }
- }
- }
-
- }
-
- header("Refresh: 0; /" . $name);
-
-} else {
-
- echo "Hallo $_SESSION[username];
- <form method='post' action='/createfolder.php'>
- <p> Folder: <input type='text' name='folder'></p>
- <p> Public? <input type='text' name='public'></p>
- <p> pwd: <input type='text' name='pwd'></p>
- <input type='hidden' name='username' value='$_SESSION[username]'>
- <input type='hidden' name='type' value='DIRECTORY'>
- <input type='submit' name='submit' value='create'>
- </form>";
-
- echo "END";
-}