<?

session_start();

$db = new SQLite3("../database/sqlite.db");
function error($reason){
	echo "Failure! <br>";
	echo $reason;
	exit;
}

function upload($db){

	if(!$_SESSION["login"]){
		error("Operation not permitted.");
		exit;
	}
	
	if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
	}

	$parentdir = SQLite3::escapeString("$_POST[pwd]");
	if(!preg_match("/[0-9]+/", $parentdir)){
		error("Invalid parent folder.");
	}

	$ownername = SQLite3::escapeString($_SESSION['username']);
	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
	$owner = $owner_ar[0];

	$filename = $_FILES['userfile']['name'];
	$folder = "FILE";
	$mime = $_FILES['userfile']['type'];
	$size = $_FILES['userfile']['size'];
	$share = SQLite3::escapeString('$_POST[share]');

	$uploaddir = "../files/";

	if($db->exec("
		BEGIN TRANSACTION;
		INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
		COMMIT;
	")){
		$id = $db->lastInsertRowID();
		if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){

			$gzfile = $uploaddir . $id;
			$fp = gzopen($gzfile, 'w9');
			gzwrite($fp, file_get_contents($uploaddir . $filename));
			gzclose($fp);

		} else {
			error("Upload failed");
			exit;
		}
	} else{
		error("Database error.");
	}

}

upload($db);