query("SELECT folder FROM files WHERE id=".$file_id.";"); $check_if_file_ar = $check_if_file_db->fetchArray(SQLITE3_NUM); if($check_if_file_ar[0] == "FILE"){ return true; } else { return false; } } else { $content = get_path_to_empty_folder($db, $name, $folder_path); print_empty_folder($content); //get_404("/", "Protected file"); exit; return false; } } function start_file_download($user, $path){ $db = $GLOBALS["db"]; $owner = user_id($db, $user); $file_id = select_file_id($db, $owner, $path); $file_db = $db->query("SELECT owner, share FROM files WHERE id=" . $file_id . ";"); $file_ar = $file_db->fetchArray(SQLITE3_NUM); $file_owner = $file_ar[0]; $share = $file_ar[1]; if($_SESSION["login"] && ($_SESSION["userid"] == $file_owner)){ if(download_file($db, $file_id)){ return true; } else { return false; } } else { if($share != "PUBLIC"){ return false; } if(download_file($db, $file_id)){ return true; } else { return false; } } } function check_file_hash($db, $file_id, $download_hash){ $check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM); if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){ return false; } if(!download_file($db, $file_id)){ return false; } else { return true; } } function download_file($db, $file_id){ $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); $file_ar = $file_db->fetchArray(SQLITE3_NUM); $file_name = $file_ar[0]; $file_mime = $file_ar[1]; $file_hash = $file_ar[2]; $uploaddir = "../files/"; $gzip_file = $uploaddir . $file_hash . ".gz"; //TODO: buffer output, print if reading == true header("Content-Type: ".$file_mime); header("Content-Disposition: attachment; filename=\"".$file_name."\""); $uncompressed_file = readgzfile($gzip_file); if($uncompressed_file){ return true; } else { return false; } }