path: root/www/select.php

<?

session_start();

if($_SESSION["login"]){
	$share="";
} else  {
	$share ="AND share='PUBLIC'";
}

$db = new SQLite3("../database/sqlite.db");

function failure($reason){
	echo "A 404 error occurred. <br>";
	echo $reason;
	exit;
}

if(!empty($_GET["name"])){
	$user = $_GET["name"];
} else {
	failure("No user input.");
}

$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");

if(empty($owner_db)){
	failure("This user doesn't exist.");
}

$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner    = $owner_ar[0];

$folder_array_unsafe = explode("/",$_GET["folder"]);
$length = count($folder_array_unsafe);


$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
if(empty($root_db)){
	failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please.");
}
$root_ar = $root_db->fetchArray(SQLITE3_NUM);
$root_id = $root_ar[0];
$parentdir = SQLite3::escapeString($root_id);
$temp_id = $root_id;


for($i=0; $i<$length; $i++){

	if(!empty($folder_array_unsafe[$i])){
		$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
		if(empty($parentdir_db)){
			failure("Database error.");
		}
		$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
		if($parentdir != $prim_id[1]){
			failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]);
		}

		$parentdir = $prim_id[0];
		echo SQLite3::escapeString($folder_array_unsafe[$i]);

		echo "<br>";
	}
}

$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
$content_ar = $conten_db->fetchArray(SQLITE3_NUM);