blob: b83fe04e0a6e83e66ce717dc2d37bf27ee94258f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
function select($db){
if($_SESSION["login"]){
$share="";
} else {
$share ="AND share='PUBLIC'";
}
if(!empty($_GET["name"])){
$user = $_GET["name"];
} else {
failure("No user input.");
}
$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
if(empty($owner_db)){
failure("This user doesn't exist.");
}
$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner = $owner_ar[0];
$folder_array_unsafe = explode("/",$_GET["folder"]);
$length = count($folder_array_unsafe);
$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
if(empty($root_db)){
failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please.");
}
$root_ar = $root_db->fetchArray(SQLITE3_NUM);
$root_id = $root_ar[0];
$parentdir = SQLite3::escapeString($root_id);
$temp_id = $root_id;
for($i=0; $i<$length; $i++){
if(!empty($folder_array_unsafe[$i])){
$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
if(empty($parentdir_db)){
failure("Database error.");
}
$prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
if($parentdir != $prim_id[1]){
failure("This folder doesn't exist. Folder: " . $folder_array_unsafe[$i]);
}
$parentdir = $prim_id[0];
}
}
$content_db = $db->query("SELECT id, name, folder FROM files WHERE parent=" . $parentdir . " AND owner=" . $owner . ";");
$content_ar = $conten_db->fetchArray(SQLITE3_NUM);
return $content_ar;
}
|
