BookDepot/ajax/getcontents.php

<?php

require '../header.php';
require '../variables.php';
require '../functions.php';

$validated = require_login(NOREDIRECT);

function sendResponse($data) {
   header('Content-Type: application/json');
   echo json_encode($data);
   exit();
}

$data = array();
$data['validated'] = $validated;
$data['admin'] = $_SESSION['admin'];
$data['bookdir'] = $_SESSION['bookdir'];
$data['bookdirname'] = basename($_SESSION['bookdir']);
$data['kindlemail'] = "";
$cankindle = false;

if ( !$validated ) sendResponse($data);

$searching = false;
$searchfor = "";
if ( isset($_REQUEST['search']) && ($_REQUEST['search'] != "") ) {
   $searching = true;
   $searchfor = strtolower(str_replace(["\"", "'", "/", "\\"], "", $_REQUEST['search']));
   $searchfor = "%{$searchfor}%";
}
$data["searching"] = $searching;

$query = "SELECT email FROM amazon WHERE username=:username";
$sth = $globaldbh->prepare($query);
$sth->bindValue(":username", $_SESSION['username'], PDO::PARAM_STR);
$sth->execute();
if ( $row = $sth->fetch() ) {
   $data['kindlemail'] = $row['email'];
   $cankindle = true;
}

$data['contents'] = array();
$foldermatch = array();

if ( !$searching ) {
   $contents = glob(BOOKDIR . $_SESSION['bookdir'] . "/*");
   if ( $_SESSION['bookdir'] == "/" ) {
      $query = "SELECT DISTINCT(path), '' AS filename FROM books WHERE path <> '/' ORDER BY path";
      $sth = $globaldbh->prepare($query);
   } else {
      $query = "SELECT id, path, filename FROM books WHERE path=:path ORDER BY path, filename";
      $sth = $globaldbh->prepare($query);
      $sth->bindValue(":path", $_SESSION['bookdir'], PDO::PARAM_STR);
   }
   $sth->execute();
   while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
      $item = array();
      if ( $row['filename'] == "" ) {
         $item['folder'] = true;
         $item['fullpath'] = $row['path'];
         $item['displayname'] = htmlspecialchars(basename($row['path']));
      } else {
         $item['folder'] = false;
         $item['fullpath'] = $row['path'] . "/" . $row['filename'];
         $dname = basename($row['filename']);
         if ( (substr($row['path'], 1) == substr($row['filename'], 0, strlen(substr($row['path'], 1)))) && (strpos($row['filename'], " - ") !== false) ) {
            $item['displayname'] = htmlspecialchars(substr(basename($row['filename']), strpos($row['filename'], " - ")+3));
         } else {
            $item['displayname'] = htmlspecialchars(basename($row['filename']));
         }
         $item['id'] = $row['id'];
         if ( $cankindle && (substr($row['filename'], -4) == "epub") ) {
            $item['cankindle'] = true;
         } else {
            $item['cankindle'] = false;
         }
      }
      $data['contents'][] = $item;
   }
} else {
   $query = "SELECT DISTINCT(path) FROM books WHERE LOWER(path) LIKE :searchfor ORDER BY path";
   $sth = $globaldbh->prepare($query);
   $sth->bindValue(":searchfor", $searchfor, PDO::PARAM_STR);
   $sth->execute();
   while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
      if ( $row['path'] == "/" ) continue;
      $item = array();
      $item['folder'] = true;
      $item['fullpath'] = $row['path'];
      $item['displayname'] = htmlspecialchars(basename($row['path']));
      if ( !in_array($row['path'], $foldermatch) ) $foldermatch[] = $row['path'];
      $data['contents'][] = $item;
   }
   $query = "SELECT id, path, filename FROM books WHERE LOWER(filename) LIKE :searchfor ORDER BY path, filename";
   $sth = $globaldbh->prepare($query);
   $sth->bindValue(":searchfor", $searchfor, PDO::PARAM_STR);
   $sth->execute();
   while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
      if ( $row['path'] == "/" ) continue;
      if ( !in_array($row['path'], $foldermatch) ) {
         $foldermatch[] = $row['path'];
         $item = array();
         $item['folder'] = true;
         $item['fullpath'] = $row['path'];
         $item['displayname'] = htmlspecialchars(basename($row['path']));
         $data['contents'][] = $item;
      }
      $item = array();
      $item['folder'] = false;
      $item['fullpath'] = $row['path'] . "/" . $row['filename'];
      $item['displayname'] = htmlspecialchars(basename($row['filename']));
      $item['id'] = $row['id'];
      if ( $cankindle && (substr($row['filename'], -4) == "epub") ) {
         $item['cankindle'] = true;
      } else {
         $item['cankindle'] = false;
      }
      $data['contents'][] = $item;
   }
}

sendResponse($data);

// vim: ts=3 sw=3 et: