From 889f10a8bea7105853ca505223dea1a1df07e0b9 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Mon, 17 Mar 2014 18:03:21 +0100
Subject: func mkdir

---
 www/constants.php                |  5 +++++
 www/functions/func_folder.php    | 29 +++++++++++++++++++++++++++++
 www/functions/func_interface.php |  8 ++++----
 www/functions/func_login.php     |  2 +-
 www/functions/func_password.php  |  2 +-
 www/functions/func_register.php  |  2 +-
 www/functions/func_rewrite.php   |  2 +-
 www/functions/func_select.php    | 11 ++++++-----
 www/functions/func_user.php      | 17 ++---------------
 www/include.php                  |  1 +
 www/index.php                    |  2 +-
 11 files changed, 52 insertions(+), 29 deletions(-)
 create mode 100644 www/functions/func_folder.php

diff --git a/www/constants.php b/www/constants.php
index 61f7839..9d3bd7f 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -29,3 +29,8 @@ define("PASSWORD_DATABASE", 20);
 define("RECOVER_SUCCESS", 21);
 define("RECOVER_EMAIL", 22);
 define("RECOVER_PROHIBITED", 23);
+
+define("MKDIR_SUCCESS", 24);
+define("MKDIR_OWNER", 25);
+define("MKDIR_LOGIN", 26);
+define("MKDIR_DATABASE", 27);
diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php
new file mode 100644
index 0000000..8b1ed12
--- /dev/null
+++ b/www/functions/func_folder.php
@@ -0,0 +1,29 @@
+<?php
+
+function mkdir($path, $new_folder_name, $share){
+
+	$db = $GLOBALS["db"];
+
+	if(!$_SESSION["login"]){
+		return MKDIR_LOGIN;
+	}
+
+	$file_id = select_file_id($db, $_SESSION["userid"], $path);
+
+	$owner_db = $db->query("SELECT owner FROM files WHERE id=" . SQLite3::escapeString('$file_id') . ";");
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+
+	if($owner_ar[0] != $_SESSION["userid"]){
+		return MKDIR_OWNER;
+	}
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (Null, " . $file_id . ", " . $_SESSION['userid'] . ", " . SQLite3::escapeString('$new_folder_name') . ", 'DIRECTORY', 0, " . SQLite3::escapeString('$share') . ", '');
+		COMMIT;
+	")){
+		return MKDIR_SUCCESS;
+	} else {
+		return MKDIR_DATABASE;
+	}
+}
diff --git a/www/functions/func_interface.php b/www/functions/func_interface.php
index 05f8f3b..e6aa3f1 100755
--- a/www/functions/func_interface.php
+++ b/www/functions/func_interface.php
@@ -1,14 +1,14 @@
 <?php
 
-function collect_content($db){
-	$owner = user($db, $_GET["name"]);
+function collect_content($db,$username, $folder_path){
+	$owner = user_id($db, $username);
 
 	if(!$owner){
 		failure("This user doesn't exist!");
 	}
 
-	$file_id = select_file_id($db, $owner);
-	
+	$file_id = select_file_id($db, $owner, $folder_path);
+
 	$content = get_content($db, $file_id, $owner);
 
 	if(!$content){
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 8088cd5..3074b32 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -27,7 +27,7 @@ function login($db){
                 COMMIT;
 	")){
 
-		$id = user($db, $username);
+		$id = user_id($db, $username);
 
                 $_SESSION["login"] = true;
                 $_SESSION["username"] = $username;
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
index 486e9ba..40a0212 100644
--- a/www/functions/func_password.php
+++ b/www/functions/func_password.php
@@ -2,7 +2,7 @@
 
 function change_password($db, $first_password, $second_password){
 	if($_SESSION["login"]){
-		$username = user($db, $_SESSION["username"]);
+		$username = user_id($db, $_SESSION["username"]);
 	} else {
 		$username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
 		$username_ar = $username_db->fetchArray(SQLITE3_NUM);
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 026ac3b..be8c197 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -65,7 +65,7 @@ function register($db){
                 COMMIT;")
 	){
 
-		$userid = user($db, $safe_name);
+		$userid = user_id($db, $safe_name);
 
         	$_SESSION["login"] = true;
                 $_SESSION["username"] = $name;
diff --git a/www/functions/func_rewrite.php b/www/functions/func_rewrite.php
index 8e8e45f..48131f8 100755
--- a/www/functions/func_rewrite.php
+++ b/www/functions/func_rewrite.php
@@ -3,7 +3,7 @@ function rewrite($db){
 
         /* test if first argument a username or folder */
 
-	$name = user($db, $_GET["name"]);
+	$name = user_id($db, $_GET["name"]);
 
         if($name == ""){
 	
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index 5181b9a..1599b9b 100755
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -1,5 +1,5 @@
 <?php
-function select_file_id($db, $owner){
+function select_file_id($db, $owner, $folder_path){
 
 	if($_SESSION["login"] && $_SESSION["userid"] == $owner){ 	// TODO: Check if loged in user really the user who does the query - fix 12.3.14
 		$share="";						// to print all files, even hidden ones
@@ -7,7 +7,7 @@ function select_file_id($db, $owner){
 		$share ="AND share='PUBLIC'";				// just use files with the correct permissions
 	}
 
-	$folder_array_unsafe = explode("/",$_GET["folder"]);
+	$folder_array_unsafe = explode("/",$folder_path);
 	$length = count($folder_array_unsafe);
 
 	$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
@@ -23,12 +23,13 @@ function select_file_id($db, $owner){
 	}
 
 	for($i=0; $i<$length; $i++){
-	
+
 		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
 
 		$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
-		if(empty($prim_id)){
-			failure("Database error.");
+
+		if(empty($prim_id[0])){
+			return $parentdir;
 		}
 
 		if($parentdir != $prim_id[1]){
diff --git a/www/functions/func_user.php b/www/functions/func_user.php
index 5ee342f..bc72a93 100755
--- a/www/functions/func_user.php
+++ b/www/functions/func_user.php
@@ -11,27 +11,14 @@ function account($db){
 	return true;
 }
 
-function user($db, $user){
+function user_id($db, $user){
 
 	$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
 	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
-	if(empty($owner_ar)){
+	if(empty($owner_ar[0])){
 		return false;
 	}
 
 	$owner = $owner_ar[0];
 	return $owner;
 }
-
-function user_is_owner($username, $file_id){
-	$db = $GLOBALS["db"];
-
-	$owner_db = $db->query("SELECT owner FROM files WHERE id=". SQLite3::escapeString('$file_id') . ";");
-	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
-
-	if($owner_ar[0] != $username){
-		return false;
-	} else  {
-		return true;
-	}
-}
diff --git a/www/include.php b/www/include.php
index abbe4d9..dc8ca72 100755
--- a/www/include.php
+++ b/www/include.php
@@ -14,6 +14,7 @@ require_once($func_dir . "func_select.php");		// get the primary key from the la
 require_once($func_dir . "func_user.php");		// gets the userid and account specific stuff
 require_once($func_dir . "func_content.php");		// get the vfs content
 require_once($func_dir . "func_password.php");		// changes the user password
+require_once($func_dir . "func_folder.php");		// creates a new folder
 
 require_once("login.php");				// prints the login page
 require_once("register.php");				// prints the register page
diff --git a/www/index.php b/www/index.php
index 56056c5..7af88c6 100755
--- a/www/index.php
+++ b/www/index.php
@@ -93,7 +93,7 @@ if(empty($_GET)){
 	/* shows the user content, main function */
 
 		if(rewrite($db)){
-			$content = collect_content($db);
+			$content = collect_content($db, $_GET["name"], $_GET["folder"]);
 			print_browser($content);
 		}
 	}
-- 
cgit v1.2.3