From d815a43393f56cea3d88cb929a4cdf5147bf781a Mon Sep 17 00:00:00 2001 From: Horus3 Date: Wed, 19 Feb 2014 23:41:03 +0100 Subject: fixed typo --- www/createfolder.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'www') diff --git a/www/createfolder.php b/www/createfolder.php index cf45565..f1bca21 100644 --- a/www/createfolder.php +++ b/www/createfolder.php @@ -16,6 +16,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $folder=$_POST["folder"]; $name = $_POST["username"]; + $sname = SQLite3::escapeString("$name"); $public = SQLite3::escapeString("$_POST[public]"); $pwd_unsafe = $_POST["pwd"]; $pwd = SQLite3::escapeString("$pwd_unsafe"); @@ -35,12 +36,20 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $db = new SQLite3("../database/sqlite.db"); + $id_db = $db->query("SELECT id FROM user WHERE name=$sname;") + $id_ar = $id_db->fetchArray(SQLITE3_NUM); + $id = $id_ar[0]; + + if(!preg_match("/[0-9]+/", $id)){ + database_error(); + } + for($i=0; $i<$length; $i++){ if(!empty($folder_array_unsafe[$i])){ $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]"); if($absolutpath){ if($db->exec(" - INSERT INTO files (id, parent, name, folder, share) VALUES (NULL, $k, '$folder_array[$i]', '$type', '$public'); + INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $k, $id, '$folder_array[$i]', '$type', '$public'); ")){ $primary_key_db = $db->query("SELECT id FROM files WHERE name='$folder_array[$i]'"); $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); @@ -55,7 +64,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $primary_key = $primary_key_ar[0]; if($db->exec(" BEGIN TRANSACTION; - INSERT INTO files (id, parent, name, folder, share) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public'); + INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $primary_key, $id, '$folder_array[$i]', '$type', '$public'); COMMIT; ")){ $pwd='$folder_array[$i]'; -- cgit v1.2.3