<?

function error($reason){
	echo "Failure! <br>";
	echo $reason;
	exit;
}

function upload($db){

	if(!$_SESSION["login"]){
		error("Operation not permitted.");
		exit;
	}
	
	if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){
		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
	}

	$parentdir = SQLite3::escapeString("$_POST[pwd]");
	if(!preg_match("/[0-9]+/", $parentdir)){
		error("Invalid parent folder.");
	}

	$ownername = SQLite3::escapeString($_SESSION['username']);
	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
	$owner = $owner_ar[0];

	$filename = $_FILE['userfile']['name'];
	$folder = "FILE";
	$mime = $_FILE['userfile']['type'];
	$size = $_FILE['userfile']['size'];
	$share = SQLite3::escapeString('$_POST[share]');

	$uploaddir = "../files/";

	if($db->exec("
		BEGIN TRANSACTION;
		INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
		COMMIT;
	")){
		$id = SQLite3::lastInsertRowID();
		if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){
			if(rename($uploaddir . $filename, $uploaddir . $id)){
				echo "Success!";
			} else {
				echo "Failure!";
			}

		} else {
			error("Upload failed");
			exit;
		}
	}

}