<?

session_start();

$db = new SQLite3("../database/sqlite.db");

function error($reason){
	echo "Failure! <br>";
	echo $reason;
	exit;
}

function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
	if($db->exec("
		BEGIN TRANSACTION;
		INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
		COMMIT;
	")){
		return true;
	} else  {
		return false;
	}
}

function upload($db){

	if(!$_SESSION["login"]){
		error("Operation not permitted.");
		exit;
	}
	
	if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
	}

	$parentdir = SQLite3::escapeString("$_POST[pwd]");
	if(!preg_match("/[0-9]+/", $parentdir)){
		error("Invalid parent folder.");
	}

	$ownername = SQLite3::escapeString($_SESSION['username']);
	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
	$owner = $owner_ar[0];

	$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
	$overall_size = 0;
	$count = 0;
	while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
		$overall_size = $overall_size + $row[$count];
		$count++;
	}

	if($overall_size > 2147483648){		// == 2GB
		error("Quota exceeded");
	}

	$filename = $_FILES['userfile']['name'];
	$folder = "FILE";
	$mime = $_FILES['userfile']['type'];
	$size = $_FILES['userfile']['size'];
	$share = SQLite3::escapeString($_POST['share']);

	$uploaddir = "../files/";

	//$filehash = hash_file("md5", $uploaddir . $filename);
	$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);

	$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
	if(empty($hashtest_db)){

		if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){

			if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
				$gzfile = $uploaddir . $filehash . ".gz";
				$fp = gzopen($gzfile, 'w9');

				if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
					error("Something wrong writh the intern file handling.");
				}

				if(!gzclose($fp)){
					error("Something wrong writh the intern file handling.");
				}

				if(!unlink($uploaddir . $filename)){
					error("Something wrong writh the intern file handling.");
				}

				echo "Success!";

			} else {
				error("Database error.");
			}

		} else {
			error("Moving failed.");
		}
	} else {
		if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){

			if(!unlink($_FILES['userfile']['tmp_name'])){
				error("Something wrong writh the intern file handling.");
			}
			echo "Success!";

		} else {
			error("Database error.");
		}
	}
}

function web_upload($db){
	$url = ; 
	if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
		echo "hyperlink detected";
	} else {
		echo "no hyperlink";
	}
}
upload($db);