summaryrefslogtreecommitdiff
path: root/www/functions/func_select.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_select.php')
-rw-r--r--www/functions/func_select.php70
1 files changed, 21 insertions, 49 deletions
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index ca3c53f..0659cdb 100644
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -1,25 +1,12 @@
<?
-function select($db){
- if($_SESSION["login"]){ // TODO: Check if loged in user really the user who does the query
+function select($db, $owner){
+
+ if($_SESSION["login"] && $_SESSION["userid"] == $owner){ // TODO: Check if loged in user really the user who does the query - fix 12.3.14
$share="";
} else {
$share ="AND share='PUBLIC'";
}
-
- if(!empty($_GET["name"])){
- $user = $_GET["name"];
- } else {
- failure("No user input.");
- }
-
- $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
- $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
- if(empty($owner_ar)){
- failure("This user doesn't exist.");
- }
-
- $owner = $owner_ar[0];
-
+
$folder_array_unsafe = explode("/",$_GET["folder"]);
$length = count($folder_array_unsafe);
@@ -32,49 +19,34 @@ function select($db){
$parentdir = SQLite3::escapeString($root_id);
$temp_id = $root_id;
+ if(empty($folder_array_unsafe[$i])){
+
+ }
for($i=0; $i<$length; $i++){
- if(!empty($folder_array_unsafe[$i])){
- $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
-
- $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
- if(empty($prim_id)){
- failure("Database error.");
- }
+ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
- if($parentdir != $prim_id[1]){
+ $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+ if(empty($prim_id)){
+ failure("Database error.");
+ }
- $wrong_folder = $folder_array_unsafe[$i];
- $working_path[0] = $wrong_folder;
+ if($parentdir != $prim_id[1]){
- for($j=0; $j<$i; $j++){
- $working_path[$j] = $folder_array_unsafe[$j];
- }
+ $wrong_folder = $folder_array_unsafe[$i];
+ $working_path[0] = $wrong_folder;
- get_404($working_path, $wrong_folder);
- return false;
+ for($j=0; $j<$i; $j++){
+ $working_path[$j] = $folder_array_unsafe[$j];
}
- $parentdir = $prim_id[0];
+ get_404($working_path, $wrong_folder);
+ return false;
}
- }
-
- $content_db = $db->query("SELECT * FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
- $count=0;
- while($row = $content_db->fetchArray(SQLITE3_NUM)){
- $content[$count][0] = $row[0];
- $content[$count][1] = $row[1];
- $content[$count][2] = $row[2];
- $content[$count][3] = $row[3];
- $content[$count][4] = $row[4];
- $content[$count][5] = $row[5];
- $content[$count][6] = $row[6];
- $content[$count][7] = $row[7];
- $content[$count][8] = $row[8];
- $count++;
+ $parentdir = $prim_id[0];
}
- return $content;
+ return $parentdir;
}