1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
<?php
session_start();
if(!$_SESSION["login"]){
header("Refresh: 0; /login");
exit;
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
function database_error(){
echo "Database error!";
exit;
}
$folder=$_POST["folder"];
$name = $_POST["username"];
$sname = SQLite3::escapeString("$name");
$public = SQLite3::escapeString("$_POST[public]");
$pwd_unsafe = $_POST["pwd"];
$pwd = SQLite3::escapeString("$pwd_unsafe");
$type = SQLite3::escapeString("$_POST[type]");
if(preg_match("/^\//", $folder)){
$absolutpath = true;
$k=1;
} else {
$absolutpath = false;
}
$folder_array_unsafe = explode("/",$folder);
$length = count($folder_array_unsafe);
$db = new SQLite3("../database/sqlite.db");
$id_db = $db->query("SELECT id FROM user WHERE name='$sname';");
$id_ar = $id_db->fetchArray(SQLITE3_NUM);
$id = $id_ar[0];
if(!preg_match("/[0-9]+/", $id)){
database_error();
}
for($i=0; $i<$length; $i++){
if(!empty($folder_array_unsafe[$i])){
$folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
if($absolutpath){
if($db->exec("
INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $k, $id, '$folder_array[$i]', '$type', '$public');
")){
$primary_key_db = $db->query("SELECT id FROM files WHERE name='$folder_array[$i]'");
$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
$primary_key = $primary_key_ar[0];
$k=$primary_key;
} else {
database_error();
}
} else {
$primary_key_db = $db->query("SELECT id FROM files WHERE name='$pwd'");
$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
$primary_key = $primary_key_ar[0];
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $primary_key, $id, '$folder_array[$i]', '$type', '$public');
COMMIT;
")){
$pwd='$folder_array[$i]';
} else {
database_error();
}
}
}
}
header("Refresh: 0; /$name");
} else {
echo "Hallo $_SESSION[username];
<form method='post' action='/createfolder.php'>
<p> Folder: <input type='text' name='folder'></p>
<p> Public? <input type='text' name='public'></p>
<p> pwd: <input type='text' name='pwd'></p>
<input type='hidden' name='username' value='$_SESSION[username]'>
<input type='hidden' name='type' value='DIRECTORY'>
<input type='submit' name='submit' value='create'>
</form>";
echo "END";
}
|
