path: root/www/createfolder.php

<?php

session_start();

if(!$_SESSION["login"]){
	header("Refresh: 0; /login");
	exit;
}

if($_SERVER['REQUEST_METHOD'] == 'POST'){

	function database_error(){
		echo "Database error!"
		exit;
	}

	$folder=$_POST["folder"];
	$name = $_SESSION["username"];
	$public = SQLite3::escapeString("$_POST[public]");
	$pwd = SQLite3::escapeString("$_POST[pdw]");
	$type = SQLite3::escapeString("$_POST[type]");

	if(preg_match("/^//", $folder)){
		$absolutpath = true;
	} else {
		$absolutpath = false;
	}

	$folder_array_unsafe = explode("/",$folder);
	$length = count($folder);

	$db = new SQLite3("../database/sqlite.db");

	$k=1;

	for($i=0; $i++; $i<$length){
		$folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
		if($absolutpath){
			if(db->exec("
				BEGIN TRANSACTION;
				INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $k, $folder_array[$i], '$type', '$public');
				COMMIT;
			")){
				$primary_key_db = $db->query("SELECT id FROM $name WHERE name='$folder_array[$i]");
				$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
				$primary_key = $primary_key_ar[0];
				$k=$primary_key;
			} else {
				database_error();
			}
		} else {
			$primary_key_db = $db->query("SELECT id FROM $name WHERE name='$pwd'");
			$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
			$primary_key = $primary_key_ar[0];
			if(db->exec("
				BEGIN TRANSACTION;
				INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public');
					COMMIT;
			")){
				$pwd='$folder_array[$i]';
			} else {
				database_error();
			}
		}
		
	}
	echo "END";
} else {

	echo "Hallo $name
	<form method='post' action='/createfolder.php'>
		<p> Folder: <input type='text' name='folder'></p>
		<p> Public? <input type='text' name='public'></p>
		<p> pwd: <input type='text' name='pwd'></p>
		<input type='hidden' name='type' value='FOLDER'>
		<input type='submit' name='submit' value='invite'>
	</form>";

	echo "END";
}