"; echo $reason; exit; } if(!empty($_GET["name"])){ $user = $_GET["name"]; } else { failure("No user input."); } $owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';"); if(empty($owner_db)){ failure("This user doesn't exist."); } $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); $owner = $owner_ar[0]; $folder_array_unsafe = explode("/",$_GET["folder"]); $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); if(empty($root_db)){ failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please."); } $root_ar = $root_db->fetchArray(SQLITE3_NUM); $root_id = $root_ar[0]; $parentdir = SQLite3::escapeString($root_id); $temp_id = $root_id; for($i=0; $i<$length; $i++){ if(!empty($folder_array_unsafe[$i])){ $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); if(empty($parentdir_db)){ failure("Database error."); } $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); if($parentdir != $prim_id[1]){ failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]); } $parentdir = $prim_id[0]; echo SQLite3::escapeString($folder_array_unsafe[$i]); echo "
"; } }