function upload_find_subcats(&$array, $id_cat, $user_id)
{
global $Sql;
$result = $Sql->query_while("SELECT id FROM " . DB_TABLE_UPLOAD_CAT . " WHERE id_parent = '" . $id_cat . "' AND user_id = '" . $user_id . "'", __LINE__, __FILE__);
while ($row = $Sql->fetch_assoc($result)) {
$array[] = $row['id'];
upload_find_subcats($array, $row['id'], $user_id);
}
$Sql->query_close($result);
}
} else {
$error = Uploads::Del_file($del_file, AppContext::get_current_user()->get_id());
if (!empty($error)) {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
}
AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $folder . '&' . $popup_noamp, '', '&'));
} elseif (!empty($move_folder) && $to != -1) {
AppContext::get_session()->csrf_get_protect();
//Protection csrf
$folder_owner = PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $move_folder));
if ($folder_owner == AppContext::get_current_user()->get_id()) {
include 'upload_functions.php';
$sub_cats = array();
upload_find_subcats($sub_cats, $move_folder, AppContext::get_current_user()->get_id());
$sub_cats[] = $move_folder;
//Si on ne déplace pas le dossier dans un de ses fils ou dans lui même
if (!in_array($to, $sub_cats)) {
if (AppContext::get_current_user()->get_id() || $to == 0) {
PersistenceContext::get_querier()->update(DB_TABLE_UPLOAD_CAT, array('id_parent' => $to), 'WHERE id = :id', array('id' => $move_folder));
AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $to . '&' . $popup_noamp, '', '&'));
}
} else {
AppContext::get_response()->redirect(HOST . DIR . url('/userr/upload.php?movefd=' . $move_folder . '&f=0&error=folder_contains_folder&' . $popup_noamp, '', '&'));
}
} else {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
} elseif (!empty($move_file) && $to != -1) {
function upload_find_subcats(&$array, $id_cat, $user_id)
{
$result = PersistenceContext::get_querier()->select("SELECT id\n\t\tFROM " . DB_TABLE_UPLOAD_CAT . "\n\t\tWHERE id_parent = :id_parent AND user_id = :user_id", array('id_parent' => $id_cat, 'user_id' => $user_id));
while ($row = $result->fetch()) {
$array[] = $row['id'];
//On rappelle la fonction pour la catégorie fille
upload_find_subcats($array, $row['id'], $user_id);
}
$result->dispose();
}
if ($User->check_level(ADMIN_LEVEL)) {
$Uploads->Del_file($del_file, $User->get_attribute('user_id'), ADMIN_NO_CHECK);
} else {
$error = $Uploads->Del_file($del_file, $User->get_attribute('user_id'));
if (!empty($error)) {
$Errorh->handler('e_auth', E_USER_REDIRECT);
}
}
redirect(HOST . DIR . url('/member/upload.php?f=' . $folder . '&' . $popup_noamp, '', '&'));
} elseif (!empty($move_folder) && $to != -1) {
$Session->csrf_get_protect();
$folder_owner = $Sql->query("SELECT user_id FROM " . DB_TABLE_UPLOAD_CAT . " WHERE id = '" . $move_folder . "'", __LINE__, __FILE__);
if ($folder_owner == $User->get_attribute('user_id')) {
include 'upload_functions.php';
$sub_cats = array();
upload_find_subcats($sub_cats, $move_folder, $User->get_attribute('user_id'));
$sub_cats[] = $move_folder;
if (!in_array($to, $sub_cats)) {
$new_folder_owner = $Sql->query("SELECT user_id FROM " . DB_TABLE_UPLOAD_CAT . " WHERE id = '" . $to . "'", __LINE__, __FILE__);
if ($new_folder_owner == $User->get_attribute('user_id') || $to == 0) {
$Sql->query_inject("UPDATE " . DB_TABLE_UPLOAD_CAT . " SET id_parent = '" . $to . "' WHERE id = '" . $move_folder . "'", __LINE__, __FILE__);
redirect(HOST . DIR . url('/member/upload.php?f=' . $to . '&' . $popup_noamp, '', '&'));
}
} else {
redirect(HOST . DIR . url('/member/upload.php?movefd=' . $move_folder . '&f=0&error=folder_contains_folder&' . $popup_noamp, '', '&'));
}
} else {
$Errorh->handler('e_auth', E_USER_REDIRECT);
}
} elseif (!empty($move_file) && $to != -1) {
$Session->csrf_get_protect();
